Jump to content

Search the Community

Showing results for tags 'click.livesearch'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 2 results

  1. I have removed this infection twice I think with combofix, but I must be wrong because it keeps reappearing. It does nothing to my desktop, and Spybot notifies me each time I start the computer up that it's trying to delete my CMD, taskMGR, drivers, and a few other components. I simply click deny and remember that decision. It is a redirect infection. I have conquered it and been without redirection for the rest of the day, but every time I restart the computer it seems to reinfect my machine. I have scanned multiple times with TDSSkiller, Malewarebytes, and Rougekiller, as well as Combofix only to come up empty handed. There is some pretty important data (pictures etc..) and I don't want to factory reset or have the computer enter a state of nonoperational meltdown during my attempted fixings so I am asking for help. ---------------------------------------------------------------Here is my Hijackthis log and hope someone will be available on the forums to assist me. Thank you.--------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:14:06 AM, on 1/12/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Users\computer\AppData\Local\Akamai\netsession_win.exe C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\computer\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\computer\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [ADA2A0E7261CB6A8553FA5425D18AE06C32E1021._service_run] "C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file) O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file) O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10201 bytes</local> I will be back around 11 to continue this forum* Thank you for the help and patience.
  2. I am having problem removing this click.livesearch malware, whatever you call it. I tried several methods to remove this mentioned in various forums but to no avail. When I google, it keeps redirecting me to other sites via click.livesearch. This problem only effect me when I am using Google on Chrome and Firefox. I've tired on IE and there was not problem. I did not get a chance to try on Bing or Yahoo, but judging from other posts, I would have similar problem. Several time, I thought I had it fix, but only after a few more Google searches, the problem returns. The attached are the latest logs of several software I've tried using. DDS, Malwarebytes, RogueKiller, and TDSSkiller. I know ComboFix might be a solution, but I've read several warnings about using it so I am putting that off until I can get some more experts opinion. I run a 64bit Window 7 operating system with Norton Internet Security as my primary protection. Thank you for reading and helping. I awaits your rescue. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_29 Run by Gary at 22:30:49 on 2012-12-08 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2143 [GMT -5:00] . AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\atieclxx.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\system32\taskhost.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\Dwm.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Gary\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Users\Gary\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_11_4_402_287_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.msn.com uDefault_Page_URL = hxxp://www.msn.com mStart Page = hxxp://www.msn.com mDefault_Page_URL = hxxp://www.msn.com mWinlogon: Userinit = userinit.exe, BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO: Coupon Companion: {11111111-1111-1111-1111-110011441193} - C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [AdobeBridge] <no file> mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{DF8D4ACB-1FC1-40D6-853F-E81F66806F1B} : DHCPNameServer = 192.168.2.1 SSODL: WebCheck - <orphaned> x64-mStart Page = hxxp://www.msn.com x64-mDefault_Page_URL = hxxp://www.msn.com x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab x64-SSODL: WebCheck - <orphaned> Hosts: 0.0.0.0 localhost . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\mq4w4elc.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - ExtSQL: 2012-12-01 01:01; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn FF - ExtSQL: 2012-12-08 20:35; crossriderapp4493@crossrider.com; C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\mq4w4elc.default\extensions\crossriderapp4493@crossrider.com . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-4-27 55280] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys [2012-12-1 451192] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys [2012-12-1 1129120] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-30 1384608] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys [2012-12-1 167072] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121205.001\IDSviA64.sys [2012-12-6 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys [2012-12-1 190072] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys [2012-12-1 405624] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-12-5 235520] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-5 361984] R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2012-12-1 138272] R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2011-5-3 5716848] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-4-14 46136] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-17 93712] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-1 138912] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-4-14 1327520] R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2011-5-3 13312] S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-6 1432400] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-29 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] . =============== File Associations =============== . FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1" ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2012-12-09 02:53:36 208216 ----a-w- C:\Windows\System32\drivers\02956053.sys 2012-12-09 01:35:22 -------- d-----w- C:\Users\Gary\AppData\Local\Coupon Companion 2012-12-09 01:35:21 -------- d-----w- C:\Program Files (x86)\Coupon Companion 2012-12-09 01:27:12 -------- d-----w- C:\Users\Gary\AppData\Local\NPE 2012-12-08 04:06:06 -------- d-----w- C:\Windows\pss 2012-12-05 05:47:43 -------- d-----w- C:\TDSSKiller_Quarantine 2012-12-05 05:19:52 -------- d-----w- C:\Users\Gary\AppData\Roaming\Malwarebytes 2012-12-05 05:19:39 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-05 05:19:39 -------- d-----w- C:\ProgramData\Malwarebytes 2012-12-05 05:19:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-04 02:31:20 7168 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\FB70.tmp 2012-12-04 02:31:20 7168 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\FB5F.tmp 2012-12-03 05:24:04 -------- d-----w- C:\Users\Gary\AppData\Local\SCE 2012-12-03 05:24:04 -------- d-----w- C:\Crash 2012-12-03 05:24:02 -------- d-----w- C:\Users\Gary\AppData\Local\Sony Online Entertainment 2012-12-01 05:58:44 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\srtsp64.sys 2012-12-01 05:58:44 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys 2012-12-01 05:58:44 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys 2012-12-01 05:58:44 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\srtspx64.sys 2012-12-01 05:58:44 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys 2012-12-01 05:58:44 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys 2012-12-01 05:58:44 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys 2012-12-01 05:58:41 -------- d-----w- C:\Windows\System32\drivers\NISx64\1309000.009 2012-12-01 05:55:42 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-12-01 05:55:42 -------- d-----w- C:\Program Files\Symantec 2012-12-01 05:55:42 -------- d-----w- C:\Program Files\Common Files\Symantec Shared 2012-12-01 05:54:07 -------- d-----w- C:\Windows\System32\drivers\NISx64 2012-12-01 05:53:57 -------- d-----w- C:\Program Files (x86)\Norton Internet Security 2012-11-16 01:53:10 -------- d-----w- C:\Users\Gary\AppData\Local\Google 2012-11-16 01:52:50 -------- d-----w- C:\Users\Gary\AppData\Local\Apps 2012-11-16 01:52:49 -------- d-----w- C:\Users\Gary\AppData\Local\Deployment 2012-11-14 20:32:28 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-14 20:32:27 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-14 20:32:27 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-14 20:32:27 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-14 20:06:24 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-14 20:06:24 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-14 20:06:22 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-14 20:06:22 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-14 20:06:20 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-14 20:06:19 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-14 20:06:19 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-11-13 02:15:19 -------- d-----w- C:\Program Files (x86)\Atari 2012-11-13 02:11:50 692224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll 2012-11-13 02:11:50 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll 2012-11-13 02:11:50 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe 2012-11-13 02:11:50 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll 2012-11-13 02:11:50 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll 2012-11-13 02:11:49 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll 2012-11-13 02:11:49 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll 2012-11-10 01:47:14 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-11-10 01:46:30 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-11-10 01:46:30 -------- d-----w- C:\Program Files\iTunes 2012-11-10 01:46:30 -------- d-----w- C:\Program Files\iPod 2012-11-10 01:46:30 -------- d-----w- C:\Program Files (x86)\iTunes . ==================== Find3M ==================== . 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-09 03:03:52 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 03:03:52 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll . ============= FINISH: 22:31:50.89 =============== dds-attach.txt mbam-log-2012-12-08 (23-00-42).txt Rkill.txt RKreport10_S_12082012_02d2304.txt TDSSkiller-report-12-9-2012.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.