Jump to content

Search the Community

Showing results for tags 'pum.userwload'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 25 results

  1. Hello It is my very first time posting in a forum concerning virus and trojan infection, so I have no idea of how does this work. MalwareBytes scan shows me this two virus PUM.UserWLoad and Trojan.Ransom, and they still apear in the scan after reboot. How can I get rid of them? Thank You
  2. Hi, I can't remove PUM.UserWLoad, he reappear after scan. This is log file: Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.09.07.05 Windows 7 Service Pack 1 x86 NTFSInternet Explorer 9.0.8112.16421DStrikT :: DSTRIKTEN [administrator] Protection: Enabled 08.09.2013 21:13:36mbam-log-2013-09-08 (21-13-36).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 217655Time elapsed: 14 minute(s), 44 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 1HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\DStrikT\LOCALS~1\Temp\ccarcuyzq.pif -> No action taken. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  3. Hi! The PC that I'm writing from is connected to two flash drives right now. These are not mine, and they were all individually infected before I connected them all together. Malwarebytes Anti-Malware detected around 8 infected objects on the PC and flash drive 1 put together, and detected around 108 infected objects in flash drive 2. The other threats seem to have been correctly removed, but two are persistent, which are - PUM.UserWLoad and Trojan.Ransom. Here are my details: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.25.2 Run by acer at 20:51:04 on 2013-09-08 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3764.2603 [GMT 6:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k apphost C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Windows\system32\svchost.exe -k ftpsvc C:\Windows\SysWOW64\GCTWiMaxServiceD.exe C:\Windows\system32\inetsrv\inetinfo.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\mqsvc.exe c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Seowon\SW_WiMaxCM.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uWindows: Load = C:\Users\acer\LOCALS~1\Temp\ccqvybas.com mWinlogon: Userinit = userinit.exe, BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [kbdsprt] <no file> uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 180.234.0.193 180.234.0.197 TCP: Interfaces\{1C02D8A9-A24A-474E-BCFF-FF7B87CBE530} : DHCPNameServer = 192.168.3.1 TCP: Interfaces\{A54653D2-FDE4-47A3-9994-DBDE5034D0A3} : DHCPNameServer = 180.234.0.193 180.234.0.197 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-5-12 867712] R2 ftpsvc;Microsoft FTP Service;C:\Windows\System32\svchost.exe -k ftpsvc [2009-7-14 27136] R2 GCTWiMAXService;GCT WiMAX Service;C:\Windows\System32\GCTWiMaxServiceD.exe --> C:\Windows\System32\GCTWiMaxServiceD.exe [?] R2 GdmWmPrt;GCT WiMax Protocol Driver;C:\Windows\System32\drivers\gdmwmprt.sys [2009-8-17 32768] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-8 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-8 701512] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-5-12 158976] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-12 287232] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-8 25928] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 GDMINIT;GCT Initial Device Driver;C:\Windows\System32\drivers\gdminit.sys [2010-6-17 32768] S3 GdmUWm;GCT Mobile WiMAX NIC USB Driver;C:\Windows\System32\drivers\gdmuwm.sys [2009-11-13 111104] S3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-5-12 56344] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WMSVC;Web Management Service;C:\Windows\System32\inetsrv\WMSvc.exe [2009-7-14 10752] . =============== Created Last 30 ================ . 2013-09-08 13:55:30 -------- d-----w- C:\CCE_Quarantine 2013-09-08 09:13:51 -------- d-----r- C:\Program Files (x86)\Skype 2013-09-08 08:05:08 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-09-08 07:42:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-08 07:42:12 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-09-08 05:40:11 -------- d-----w- C:\Users\acer\AppData\Roaming\Malwarebytes 2013-09-08 05:40:07 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-09-08 05:40:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-05 09:02:45 -------- d-----w- C:\TMP . ==================== Find3M ==================== . 2013-09-08 08:05:05 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-09-08 08:05:05 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll . ============= FINISH: 20:51:11.85 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 6/2/2011 4:19:06 PM System Uptime: 9/8/2013 7:57:50 PM (1 hours ago) . Motherboard: Acer | | BA40_CP Processor: Intel® Core i3 CPU M 380 @ 2.53GHz | CPU 1 | 2533/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 284 GiB total, 258.55 GiB free. D: is CDROM (CDFS) E: is Removable F: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: Description: Network Controller Device ID: PCI\VEN_168C&DEV_002E&SUBSYS_E034105B&REV_01\4&307E878F&0&00E1 Manufacturer: Name: Network Controller PNP Device ID: PCI\VEN_168C&DEV_002E&SUBSYS_E034105B&REV_01\4&307E878F&0&00E1 Service: . Class GUID: Description: Device ID: PCI\VEN_8086&DEV_3B64&SUBSYS_04171025&REV_06\3&11583659&1&B0 Manufacturer: Name: PNP Device ID: PCI\VEN_8086&DEV_3B64&SUBSYS_04171025&REV_06\3&11583659&1&B0 Service: . Class GUID: Description: Ethernet Controller Device ID: PCI\VEN_14E4&DEV_1692&SUBSYS_033D1025&REV_01\4&20E7272F&0&00E0 Manufacturer: Name: Ethernet Controller PNP Device ID: PCI\VEN_14E4&DEV_1692&SUBSYS_033D1025&REV_01\4&20E7272F&0&00E0 Service: . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Acer Crystal Eye Webcam Acer ePower Management Adobe Flash Player 11 ActiveX Adobe Reader XI (11.0.03) Identity Card Intel® Graphics Media Accelerator Driver Java 7 Update 25 Java Auto Updater Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) Realtek High Definition Audio Driver Seowon_WiMaxCM_SW_017_64bit Skype™ 6.7 swMSM Synaptics Pointing Device Driver WinRAR 5.00 (64-bit) . ==== End Of File ===========================
  4. I have two different irremovable infections on my pc. The first is a PUM.UserWLoad with the category as Registry Value. It is located at HCKU\SOFTWARE\Microsoft\Windows NT\Current Version\Windows|Load. The value of the infection is Windows|Load. The other infection is Trojan.Ransom. It is in the same category, location, and value of the first infection. Below is the log I get when I try to remove the two. They come back after I restart my computer every single time. Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.08.21.07 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16660Juhmer :: JUHMER-HP [administrator] Protection: Enabled 8/21/2013 7:27:39 PMmbam-log-2013-08-21 (19-27-39).txt Scan type: Flash scanScan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled: Registry | File SystemObjects scanned: 199439Time elapsed: 32 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 2HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Juhmer\LOCALS~1\Temp\msarskiu.scr -> Delete on reboot.HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Juhmer\LOCALS~1\Temp\msarskiu.scr -> Delete on reboot. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  5. I need some help. I have done a quick scan and malwarebytes detects 2 infected files: PUM.UserWLoad and Trojan.Ransom Registry Values Detected: 2HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data:C:\Users\Joseph\LOCALS~1\Temp\mshxufb.bat -> Delete on reboot.HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Joseph\LOCALS~1\Temp\mshxufb.bat -> Delete on reboot. I removed these infected files and Malwarebytes tells me that an urgent restart on my system should be done to remove all active threats properly, but after doing this, the said infected files still appear when I do another quick scan, it seems that they were not deleted. What should I do about this?
  6. DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2Run by Cyn at 3:00:20 on 2013-08-18Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.5578.3931 [GMT -7:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\dwm.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exeC:\Program Files (x86)\Launch Manager\dsiwmis.exeC:\Windows\system32\dashost.exeC:\Program Files\Elantech\ETDService.exeC:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Program Files\McAfee\AppStats\MfeASUM.exeC:\windows\system32\mfevtps.exeC:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exeC:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exeC:\Windows\RfBtnSvc64.exeC:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exeC:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\taskhostex.exeC:\Program Files (x86)\Launch Manager\LMutilps32.exeC:\Program Files\Elantech\ETDCtrl.exeC:\Windows\Explorer.EXEC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Launch Manager\LManager.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\Launch Manager\MMDx64Fx.exeC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exeC:\Program Files (x86)\TeamViewer\Version8\tv_w32.exeC:\Program Files (x86)\TeamViewer\Version8\tv_x64.exeC:\Program Files\Elantech\ETDCtrlHelper.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Acer\Acer Power Management\ePowerTray.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtTray.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\System32\RuntimeBroker.exeC:\Users\Cyn\AppData\Roaming\Search Protection\SearchProtection.exeC:\Users\Cyn\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeC:\Users\Cyn\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\Gyazo\GyStation.exeC:\Program Files (x86)\Clownfish\Clownfish.exeC:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exeC:\Program Files\mcafee.com\agent\mcagent.exeC:\Program Files (x86)\RadioController\RfBtnHelper.exeC:\Dolby PCEE4\pcee4.exeC:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Bamboo Dock\BambooCore.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exeC:\Program Files\iPod\bin\iPodService.exec:\PROGRA~2\mcafee\SITEAD~1\saui.exeC:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exeC:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exeC:\Program Files\Acer\Acer Power Management\ePowerSvc.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Acer\Acer Power Management\ePowerEvent.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\EgisTec IPS\PMMUpdate.exeC:\Program Files\EgisTec IPS\EgisUpdate.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exec:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exec:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\msiexec.exeC:\Windows\System32\cscript.exeC:\Windows\System32\svchost.exe -k WerSvcGroup.============== Pseudo HJT Report ===============.uProxyOverride = <local>;*.localuWindows: Load = C:\Users\Cyn\LOCALS~1\Temp\msiewoe.commWinlogon: Userinit = userinit.exe,BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dlluRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentuRun: [searchProtection] "C:\Users\Cyn\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostartuRun: [Akamai NetSession Interface] "C:\Users\Cyn\AppData\Local\Akamai\netsession_win.exe"uRun: [Chatango] C:\Program Files (x86)\Chatango\Chatango.exeuRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeuRun: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exeuRun: [Clownfish] "C:\Program Files (x86)\Clownfish\Clownfish.exe"mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun: [LManager] <no file>mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentdRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}mExplorerRun: [btvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ACERBA~1.LNK - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\TrayMenu.lnk - C:\Windows\SysWOW64\C2MP\TrayMenu.exemPolicies-System: DisableCAD = dword:1Trusted Zone: aeriagames.comTrusted Zone: aeriagames.comTCP: NameServer = 192.168.0.1TCP: Interfaces\{2D067F58-B226-4AE7-B271-B21A3A26F2A3} : NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{2D067F58-B226-4AE7-B271-B21A3A26F2A3} : DHCPNameServer = 192.168.0.1TCP: Interfaces\{2D067F58-B226-4AE7-B271-B21A3A26F2A3}\2516A7A743 : DHCPNameServer = 192.168.0.1Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dllx64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exex64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 x64-Run: [btPreLoad] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe"x64-ExplorerRun: [btvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"x64-mPolicies-System: DisableCAD = dword:1x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dllx64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dllx64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-6-22 771536]R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-6-22 340216]R1 ccSet_NARA;NARA Settings Manager;C:\Windows\System32\Drivers\NARAx64\0401000.00E\ccSetx64.sys [2013-1-11 168608]R1 MfeASKM;McAfee Application Statistics Device Driver;C:\Program Files\mcafee\AppStats\MfeASKM.sys [2013-7-21 31408]R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\Drivers\mwlPSDFilter.sys [2012-12-14 22648]R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\Drivers\mwlPSDNserv.sys [2012-12-14 20520]R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\Drivers\mwlPSDVDisk.sys [2012-12-14 62776]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-14 239616]R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2013-1-11 199008]R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe [2013-1-28 227456]R2 CCDMonitorService;CCDMonitorService;C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2012-10-25 2449552]R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-12-14 350544]R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-12-14 100752]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-1-11 2466448]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-7-17 201304]R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-7-17 201304]R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-7-17 201304]R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-7-17 201304]R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-12-14 241456]R2 MfeASUM;McAfee Application Statistics Service;C:\Program Files\mcafee\AppStats\MfeASUM.exe [2013-7-21 335216]R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-12-14 218760]R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-12-14 182752]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-12-14 91648]R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2013-7-25 34384]R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-6-22 70112]R3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2012-10-23 658064]R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2012-12-14 331152]R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-12-14 118936]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-8-18 25928]R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-6-22 309840]R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-6-22 515968]R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2013-1-11 26736]R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2013-1-11 343696]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-1-11 58536]S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2012-6-18 69168]S1 vflt;Shrew Soft Lightweight Filter;C:\Windows\System32\Drivers\vfilter.sys [2013-6-30 24064]S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-7-25 89168]S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2013-7-25 346192]S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2013-7-25 115280]S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2013-7-25 179432]S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2013-7-25 77464]S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2013-7-25 136424]S3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-7-25 581200]S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2012-11-16 469648]S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2012-7-11 174160]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2013-7-17 196440]S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-12-14 332080]S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\Drivers\mferkdet.sys [2012-6-22 106552]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\System32\Drivers\virtualnet.sys [2013-6-30 17408]S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2013-7-17 14544]S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\Windows\System32\Drivers\xusb22.sys [2012-7-25 89088]S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2013-7-17 201304].=============== Created Last 30 ================.2013-08-18 09:44:51 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-08-18 09:44:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-18 06:51:27 -------- d-----w- C:\Program Files (x86)\Clownfish2013-08-16 12:24:08 -------- d-----w- C:\Users\Cyn\AppData\Roaming\foobar20002013-08-16 12:23:58 -------- d-----w- C:\Program Files (x86)\foobar20002013-08-16 09:04:31 -------- d-----w- C:\Users\Cyn\AppData\Local\Roblox2013-08-16 08:18:32 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys2013-08-16 08:17:49 -------- d-----w- C:\Program Files\iPod2013-08-16 08:17:48 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-08-16 08:17:48 -------- d-----w- C:\Program Files\iTunes2013-08-16 08:17:48 -------- d-----w- C:\Program Files (x86)\iTunes2013-08-16 08:16:23 -------- d-----w- C:\Program Files\Bonjour2013-08-16 08:16:23 -------- d-----w- C:\Program Files (x86)\Bonjour2013-08-14 03:32:58 148992 ----a-w- C:\Program Files\Internet Explorer\jsdebuggeride.dll2013-08-14 03:32:37 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-08-14 03:32:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-08-14 03:32:27 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll2013-08-14 03:24:05 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll2013-08-14 03:24:05 68096 ----a-w- C:\Windows\System32\cryptsvc.dll2013-08-14 03:24:05 337408 ----a-w- C:\Windows\System32\wintrust.dll2013-08-14 03:24:05 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-08-14 03:24:05 1889280 ----a-w- C:\Windows\System32\crypt32.dll2013-08-14 03:24:05 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-08-14 03:24:05 124416 ----a-w- C:\Windows\System32\apprepapi.dll2013-08-14 03:24:04 98304 ----a-w- C:\Windows\System32\apprepsync.dll2013-08-14 03:24:04 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll2013-08-11 16:14:16 -------- d-----w- C:\Users\Cyn\AppData\Roaming\raidcall2013-08-11 16:14:06 -------- d-----w- C:\Program Files (x86)\RaidCall2013-08-11 15:31:30 -------- d-----w- C:\Users\Cyn\AppData\Roaming\FlyForHeroInstaller2013-08-10 17:55:54 -------- dc-h--w- C:\ProgramData\{907A85CA-E023-4161-8F5C-E72C340031D2}2013-08-10 17:55:54 -------- d-----w- C:\Program Files (x86)\Creative2013-08-10 09:45:08 -------- d-----w- C:\Program Files (x86)\Lame For Audacity2013-08-10 06:32:23 -------- d-----w- C:\Users\Cyn\AppData\Roaming\wacomid-desktop-launcher2013-08-09 16:43:24 -------- d-----w- C:\Users\Cyn\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.12013-08-09 16:43:23 -------- d-----w- C:\Users\Cyn\AppData\Roaming\Wacom2013-08-09 16:43:13 -------- d-----w- C:\ProgramData\Wacom2013-08-09 16:42:52 -------- d-----w- C:\Users\Cyn\AppData\Local\Adobe2013-08-09 16:42:43 -------- d-----w- C:\Program Files (x86)\Bamboo Dock2013-08-09 12:20:54 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.32013-08-08 15:08:27 261808 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10213.bin2013-08-06 06:25:43 -------- d-----w- C:\Users\Cyn\AppData\Local\Apple Computer2013-08-06 06:23:13 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll2013-08-06 06:23:13 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll2013-08-06 06:23:13 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll2013-08-06 06:23:13 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll2013-08-06 06:23:13 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll2013-08-06 06:22:00 -------- d-----w- C:\Users\Cyn\AppData\Local\Apple2013-08-06 06:20:21 -------- d-----w- C:\Users\Cyn\AppData\Local\TechSmith2013-08-06 05:55:15 -------- d-----w- C:\Users\Cyn\AppData\Roaming\TechSmith2013-08-06 05:45:29 -------- d-----w- C:\ProgramData\regid.1995-08.com.techsmith2013-08-06 05:45:17 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared2013-08-05 07:37:48 -------- d-----w- C:\Users\Cyn\AppData\Roaming\Malwarebytes2013-08-05 07:37:08 -------- d-----w- C:\ProgramData\Malwarebytes2013-08-03 13:54:57 -------- d-----w- C:\Downloads2013-08-03 13:54:00 -------- d-----w- C:\Program Files (x86)\Free Download Manager2013-08-03 08:10:52 -------- d-----w- C:\Users\Cyn\AppData\Local\Cyberlink2013-08-02 16:40:46 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-07-31 16:44:11 -------- d--h--w- C:\Windows\msdownld.tmp2013-07-31 16:44:05 -------- d-----w- C:\Windows\SysWow64\directx2013-07-31 16:43:31 -------- d-----w- C:\Games2013-07-31 15:51:11 -------- d-----w- C:\Users\Cyn\AppData\Local\PMB Files2013-07-31 15:51:10 -------- d-----w- C:\ProgramData\PMB Files2013-07-31 15:50:39 -------- d-----w- C:\Program Files (x86)\Pando Networks2013-07-31 15:50:29 -------- d-----w- C:\Users\Cyn\.swt2013-07-31 15:43:36 79256 ----a-w- C:\Windows\SysWow64\npOGPPlugin.dll2013-07-31 15:43:35 271768 ----a-w- C:\Windows\SysWow64\OGPIEPlugin.ocx2013-07-31 15:43:33 -------- d-----w- C:\Program Files (x86)\OGPlanet2013-07-30 13:00:15 -------- d-----w- C:\Users\Cyn\AppData\Roaming\SYSTEMAX Software Development2013-07-30 13:00:15 -------- d-----w- C:\ProgramData\SYSTEMAX Software Development2013-07-29 09:17:36 -------- d-----w- C:\Users\Cyn\AppData\Roaming\OBS2013-07-29 09:17:18 -------- d-----w- C:\Program Files (x86)\OBS2013-07-29 07:43:07 -------- d-----w- C:\Users\Cyn\AppData\Roaming\Gyazo2013-07-29 07:42:33 -------- d-----w- C:\Program Files (x86)\Gyazo2013-07-27 16:24:59 47616 ----a-w- C:\Windows\SysWow64\PCPKsp.dll2013-07-27 16:14:59 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll2013-07-27 16:12:04 929792 ----a-w- C:\Windows\SysWow64\mfnetsrc.dll2013-07-27 16:12:04 568832 ----a-w- C:\Windows\SysWow64\mfnetcore.dll2013-07-27 16:12:04 1172992 ----a-w- C:\Windows\System32\mfnetsrc.dll2013-07-27 16:12:03 677888 ----a-w- C:\Windows\System32\mfnetcore.dll2013-07-27 16:12:03 673280 ----a-w- C:\Windows\System32\mfmpeg2srcsnk.dll2013-07-27 16:12:03 513024 ----a-w- C:\Windows\SysWow64\mfmpeg2srcsnk.dll2013-07-27 16:11:06 109568 ----a-w- C:\Windows\System32\dskquota.dll2013-07-27 16:11:04 82944 ----a-w- C:\Windows\SysWow64\dskquota.dll2013-07-27 15:55:20 1184256 ----a-w- C:\Windows\System32\Display.dll2013-07-27 15:55:19 7168 ----a-w- C:\Windows\System32\KBDKURD.DLL2013-07-27 15:55:19 1164800 ----a-w- C:\Windows\SysWow64\Display.dll2013-07-27 15:55:18 6656 ----a-w- C:\Windows\SysWow64\KBDKURD.DLL2013-07-27 15:55:15 641536 ----a-w- C:\Windows\System32\WSShared.dll2013-07-27 15:55:15 523776 ----a-w- C:\Windows\SysWow64\WSShared.dll2013-07-27 15:55:15 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll2013-07-27 15:55:15 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll2013-07-27 15:55:15 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll2013-07-27 15:55:15 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll2013-07-27 15:53:05 11459584 ----a-w- C:\Windows\System32\glcndFilter.dll2013-07-27 14:22:59 144384 ----a-w- C:\Windows\System32\tssdisai.dll2013-07-27 14:08:55 -------- d-----w- C:\Users\Cyn\AppData\Local\gegl-0.22013-07-27 14:08:55 -------- d-----w- C:\Users\Cyn\.gimp-2.82013-07-27 14:06:15 -------- d-----w- C:\Program Files\GIMP 22013-07-27 12:32:03 -------- d-----w- C:\Windows\System32\MRT2013-07-27 08:02:02 -------- d-----w- C:\Users\Cyn\AppData\Roaming\MascotRitsu2013-07-27 06:40:16 -------- d-----w- C:\Users\Cyn\AppData\Roaming\MascotTsumugi2013-07-27 06:39:43 -------- d-----w- C:\Users\Cyn\AppData\Roaming\MascotTable2013-07-27 06:39:30 -------- d-----w- C:\Users\Cyn\AppData\Roaming\MascotYui2013-07-27 06:38:35 -------- d-----w- C:\Users\Cyn\AppData\Roaming\MascotMio2013-07-27 06:37:40 -------- d-----w- C:\Users\Cyn\AppData\Roaming\MascotAzusa2013-07-26 10:34:33 -------- d-----w- C:\Program Files (x86)\VideoLAN2013-07-26 10:30:01 -------- d-----w- C:\Windows\SysWow64\C2MP2013-07-26 08:43:27 -------- d-----w- C:\Program Files (x86)\Audacity2013-07-26 08:23:57 -------- d-----w- C:\Program Files\CCleaner2013-07-26 02:10:15 -------- d-----w- C:\Program Files (x86)\Chatango2013-07-26 02:10:13 1161728 ----a-w- C:\Windows\System32\sppobjs.dll2013-07-26 02:10:07 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll2013-07-26 02:10:06 1627648 ----a-w- C:\Windows\System32\WindowsCodecs.dll2013-07-26 02:10:03 5978624 ----a-w- C:\Windows\System32\mstscax.dll2013-07-26 02:10:03 1338880 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-07-26 02:10:01 4577792 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe2013-07-26 02:10:01 327912 ----a-w- C:\Windows\System32\drivers\Classpnp.sys2013-07-26 02:10:01 1101824 ----a-w- C:\Windows\System32\wmpmde.dll2013-07-26 02:06:30 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll2013-07-26 02:06:23 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll2013-07-26 02:02:43 3552768 ----a-w- C:\Windows\System32\tquery.dll2013-07-26 02:01:59 94208 ----a-w- C:\Windows\SysWow64\mssitlb.dll2013-07-26 02:01:59 65024 ----a-w- C:\Windows\System32\msscntrs.dll2013-07-26 02:01:59 35328 ----a-w- C:\Windows\SysWow64\mssprxy.dll2013-07-26 02:01:59 246272 ----a-w- C:\Windows\System32\mssphtb.dll2013-07-26 02:01:59 10752 ----a-w- C:\Windows\SysWow64\msshooks.dll2013-07-26 02:01:59 102400 ----a-w- C:\Windows\System32\mssitlb.dll2013-07-26 02:01:58 48640 ----a-w- C:\Windows\SysWow64\msscntrs.dll2013-07-26 02:01:57 267264 ----a-w- C:\Windows\System32\EncDump.dll2013-07-26 02:01:56 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-07-26 02:01:55 2048 ----a-w- C:\Windows\System32\tzres.dll2013-07-26 02:00:00 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll2013-07-26 01:59:59 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-07-26 01:59:59 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll2013-07-26 01:59:58 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll2013-07-26 01:59:58 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll2013-07-26 01:59:58 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll2013-07-26 01:59:57 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll2013-07-26 01:55:59 98304 ----a-w- C:\Windows\System32\wudriver.dll2013-07-26 01:54:11 126976 ----a-w- C:\Windows\System32\RDWebAI.dll2013-07-26 01:54:10 135680 ----a-w- C:\Windows\System32\appserverai.dll2013-07-26 01:54:10 122880 ----a-w- C:\Windows\System32\VmHostAI.dll2013-07-26 01:54:06 148480 ----a-w- C:\Windows\System32\poqexec.exe2013-07-26 01:54:06 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe2013-07-26 01:53:52 1255936 ----a-w- C:\Windows\System32\certutil.exe2013-07-26 01:53:51 141312 ----a-w- C:\Windows\System32\cryptnet.dll2013-07-26 01:53:51 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe2013-07-26 01:53:50 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-07-26 01:50:35 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys2013-07-26 01:50:35 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys2013-07-26 01:50:22 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll2013-07-26 01:50:21 1437184 ----a-w- C:\Windows\SysWow64\GdiPlus.dll2013-07-26 01:50:09 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys2013-07-26 01:50:07 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2013-07-26 01:42:42 70144 ----a-w- C:\Windows\System32\appinfo.dll2013-07-26 01:42:41 112872 ----a-w- C:\Windows\System32\consent.exe2013-07-26 01:37:00 1558912 ----a-w- C:\Program Files\Windows Defender\DbgHelp.dll2013-07-26 01:37:00 149264 ----a-w- C:\Program Files\Windows Defender\SymSrv.dll2013-07-26 01:36:34 2842112 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-26 01:36:34 2620928 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-26 01:32:01 733184 ----a-w- C:\Windows\System32\win32spl.dll2013-07-26 01:32:00 46080 ----a-w- C:\Windows\System32\atmlib.dll2013-07-26 01:32:00 362496 ----a-w- C:\Windows\System32\atmfd.dll2013-07-26 01:32:00 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll2013-07-26 01:32:00 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll2013-07-26 01:32:00 14336 ----a-w- C:\Windows\System32\dciman32.dll2013-07-26 01:31:59 96256 ----a-w- C:\Windows\System32\fontsub.dll2013-07-26 01:31:59 75776 ----a-w- C:\Windows\SysWow64\fontsub.dll2013-07-26 01:31:59 3072 ----a-w- C:\Windows\SysWow64\lpk.dll2013-07-26 01:31:59 3072 ----a-w- C:\Windows\System32\lpk.dll2013-07-26 01:31:59 10752 ----a-w- C:\Windows\SysWow64\dciman32.dll2013-07-26 01:31:48 861184 ----a-w- C:\Windows\System32\drivers\http.sys2013-07-25 14:20:52 -------- d-----w- C:\ProgramData\Atheros2013-07-25 14:20:39 -------- d-----w- C:\Users\Cyn\AppData\Roaming\Atheros2013-07-25 12:15:29 136424 ----a-w- C:\Windows\System32\drivers\btath_rcp.sys2013-07-25 12:15:28 77464 ----a-w- C:\Windows\System32\drivers\btath_lwflt.sys2013-07-25 12:15:27 179432 ----a-w- C:\Windows\System32\drivers\btath_hcrp.sys2013-07-25 12:15:27 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll2013-07-25 12:15:25 89168 ----a-w- C:\Windows\System32\drivers\btath_flt.sys2013-07-25 12:15:24 346192 ----a-w- C:\Windows\System32\drivers\btath_a2dp.sys2013-07-25 12:15:24 115280 ----a-w- C:\Windows\System32\drivers\btath_avdt.sys2013-07-25 12:15:23 581200 ----a-w- C:\Windows\System32\drivers\btfilter.sys2013-07-25 12:15:22 34384 ----a-w- C:\Windows\System32\drivers\btath_bus.sys2013-07-25 12:14:29 -------- d-----w- C:\Program Files (x86)\Common Files\QCA_Bluetooth2013-07-24 01:28:36 -------- d-----w- C:\Download2013-07-24 01:27:38 -------- d-----w- C:\Nexon2013-07-24 01:12:39 -------- d-----w- C:\Program Files (x86)\Kill3rCombo2013-07-24 00:57:17 -------- d-----w- C:\ProgramData\Nexon2013-07-24 00:36:05 -------- d-----w- C:\Users\Cyn\AppData\Local\Shrew Soft VPN2013-07-24 00:36:05 -------- d-----w- C:\ProgramData\Shrew Soft VPN2013-07-24 00:36:04 -------- d-----w- C:\Program Files\ShrewSoft2013-07-21 20:39:15 -------- d-----w- C:\AeriaGames2013-07-21 20:00:42 -------- d-----w- C:\Users\Cyn\AppData\Local\Akamai2013-07-21 06:59:15 -------- d-----w- C:\Users\Cyn\AppData\Roaming\.tshock2013-07-21 00:34:40 -------- d-----w- C:\Users\Cyn\AppData\Roaming\WildTangent2013-07-20 21:26:18 447752 ----a-r- C:\Windows\SysWow64\vp6vfw.dll2013-07-20 21:26:13 -------- d-----w- C:\Program Files (x86)\Microsoft WSE2013-07-20 18:39:37 -------- d-----w- C:\Users\Cyn\AppData\Local\ElevatedDiagnostics2013-07-20 18:26:38 -------- d-----w- C:\Program Files (x86)\Microsoft XNA2013-07-20 17:04:53 -------- d-----w- C:\Users\Cyn\AppData\Roaming\.minecraft2013-07-20 17:04:09 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-07-20 17:04:09 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-07-20 16:54:23 -------- d-----w- C:\Users\Cyn\AppData\Roaming\Search Protection2013-07-20 16:53:35 -------- d-----w- C:\Users\Cyn\AppData\Roaming\uTorrent2013-07-20 16:32:32 -------- d-----w- C:\Users\Cyn\AppData\Local\Aeria Games2013-07-20 16:31:48 -------- d-----w- C:\ProgramData\Aeria Games2013-07-20 06:26:58 3767504 ----a-w- C:\Windows\System32\d3dx9_26.dll2013-07-20 06:26:58 2297552 ----a-w- C:\Windows\SysWow64\d3dx9_26.dll.==================== Find3M ====================.2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-07-26 05:13:28 915968 ----a-w- C:\Windows\System32\uxtheme.dll2013-07-26 05:13:28 53760 ----a-w- C:\Windows\System32\UXInit.dll2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-07-26 03:13:15 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-07-26 00:54:34 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll2013-07-09 06:07:17 2233168 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-07-02 00:44:14 36288 ----a-w- C:\Windows\System32\drivers\WdBoot.sys2013-07-01 22:08:49 247216 ----a-w- C:\Windows\System32\drivers\WdFilter.sys2013-06-30 23:07:18 24064 ----a-w- C:\Windows\System32\drivers\vfilter.sys2013-06-30 23:07:18 17408 ----a-w- C:\Windows\System32\drivers\virtualnet.sys2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-06-16 22:41:31 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll2013-06-01 09:25:03 496640 ----a-w- C:\Windows\SysWow64\qedit.dll2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll2013-06-01 09:21:34 595968 ----a-w- C:\Windows\System32\qedit.dll2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys2013-05-30 23:14:23 4036096 ----a-w- C:\Windows\System32\win32k.sys2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe2013-05-23 23:02:30 1314816 ----a-w- C:\Windows\System32\rpcrt4.dll2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-05-23 22:25:22 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll.============= FINISH: 3:01:39.59 ===============Attatch.txt:DDS (Ver_2012-11-20.01).Microsoft Windows 8Boot Device: \Device\HarddiskVolume2Install Date: 7/17/2013 7:04:01 PMSystem Uptime: 8/18/2013 2:41:12 AM (1 hours ago).Motherboard: Acer | | VA50_CMProcessor: AMD A8-4500M APU with Radeon HD Graphics | Socket FT1 | 1900/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 682 GiB total, 587.372 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}Description: Bluetooth USB ModuleDevice ID: USB\VID_0489&PID_E04E\5&C374159&0&4Manufacturer: Qualcomm Atheros CommunicationsName: Bluetooth USB ModulePNP Device ID: USB\VID_0489&PID_E04E\5&C374159&0&4Service: BTHUSB.==== System Restore Points ===================.RP8: 8/13/2013 10:43:17 PM - Windows UpdateRP9: 8/16/2013 1:17:09 AM - Installed iTunes.==== Installed Programs ======================. clear.fi SDK- Movie 2 clear.fi SDK - Video 2???Acer Backup ManagerAcer Device Fast-laneAcer Instant Update ServiceAcer Power ManagementAcer Recovery ManagementAcerCloudAcerCloud DocsAdobe AIRAeria IgniteAgatha Christie - Death on the NileAkamai NetSession InterfaceAloha TriPeaksAMD Accelerated Video TranscodingAMD APP SDK RuntimeAMD Catalyst Install ManagerAMD Quick StreamAMD VISION Engine Control CenterApple Application SupportApple Mobile Device SupportApple Software UpdateAudacity 2.0.3Backup Manager v4Bamboo DockBejeweled 3BonjourCamtasia Studio 8Castle CrashersCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerChatango Message CatcherCheat Engine 6.3clear.fi Mediaclear.fi PhotoClownfish for SkypeCradle Of Egypt Collector's EditionCreative Vado HD CodecCyberLink MediaEspresso 6.5Delicious: Emily's True Love Premium EditionDolby Home Theater v4Dora's World AdventureDritek Radio ControllereBay WorldwideEden EternalETDWare PS/2-X64 11.6.16.003_WHQLfoobar2000 v1.2.9Garry's ModGIMP 2.8.6Google ChromeGoogle Update HelperGyazo 1.2Identity CardiTunesJava 7 Update 25Java Auto UpdaterJewel Match 3La TaleLAME v3.99.3 (for Windows)Launch ManagerLive UpdaterMalwarebytes Anti-Malware version 1.75.0.1300McAfee Internet Security SuiteMicrosoft OfficeMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft Visual Studio 2005 Tools for Office RuntimeMicrosoft WSE 3.0 RuntimeMicrosoft XNA Framework Redistributable 4.0Mystery P.I. - Curious Case of Counterfeit CoveMyWinLockerMyWinLocker 4MyWinLocker SuiteNexon Game ManagerNorton Online BackupNorton Online Backup ARANTI Media Maker 9Office AddinOGPlanet Game LauncherOpen Broadcaster SoftwarePando Media BoosterPeggle NightsPenguins!Plants vs. Zombies - Game of the YearPolar BowlerPolar GolferQualcomm Atheros Bluetooth Suite (64)Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverQualcomm Atheros WLAN and Bluetooth Client Installation ProgramQuickTimeRaidCallRazer Game BoosterRealtek High Definition Audio DriverRealtek PCIE Card ReaderROBLOX Player for CynSearch ProtectionShared C Run-time for x64ShredderSkype™ 6.6SpotifySteamTales of LagoonaTeamViewer 8TerrariaThe Sims™ 3The Sims™ 3 University LifeUpdate Installer for WildTangent Games AppVisual Studio 2005 Tools for Office Second Edition RuntimeVisual Studio Tools for the Office system 3.0 RuntimeVisual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)VLC media player 2.0.7WildTangent GamesWildTangent Games AppWindows 8 Codec Pack 2.0.1WinRAR 4.20 (32-bit)Zuma's Revenge.==== Event Viewer Messages From Past Week ========.8/18/2013 3:00:49 AM, Error: Service Control Manager [7031] - The TeamViewer 8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.8/18/2013 2:35:07 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).8/15/2013 11:38:13 AM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).8/15/2013 11:38:13 AM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.8/15/2013 11:38:13 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.8/15/2013 11:38:13 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.8/15/2013 11:38:13 AM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.8/15/2013 11:38:13 AM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.8/15/2013 11:38:13 AM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.8/14/2013 10:40:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.8/14/2013 10:40:18 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion..==== End Of File ===========================MB Scan Log:Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.08.17.04 Windows 8 x64 NTFSInternet Explorer 10.0.9200.16660Cyn :: DEST [administrator] Protection: Enabled 8/18/2013 2:48:42 AMMBAM-log-2013-08-18 (02-57-13).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 222939Time elapsed: 8 minute(s), 24 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 2HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Cyn\LOCALS~1\Temp\msiewoe.com -> No action taken.HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Cyn\LOCALS~1\Temp\msiewoe.com -> No action taken. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  7. I found it with my malwarebytes and I can't get rid of it. Also Before I found them I found backdoor.agent and trojan.agent.
  8. Dear Sir; About one week ago my internet connection became intermittent. Ran MalwareBytes showed above infections. Attempted to remove but reappeared. Internet connected for one day then not since. Tried removal with Ad Aware and Iobit Malware fighter. Those did not reappear but found and Quarantined Babylon (fs). Sometimes I can connect to the modum but not to DNS Server.. Asking for help at this point. Thank You Bob L Saw in another forum that infection was rootkit requiring reformat. Like to avoid that.
  9. Hi, I need help to remove Trojan.Ransom and PUM.UserWLoad from my laptop. I detected it last 3 weeks and removed it but they are still in my computer. I've followed the I'm infected what should I do steps and have attached the DDS.txt and Attach.txt. Any help would be much appreciated. dds.txt attach.txt
  10. I am not really the smartest person when it comes to PC security. Waited months after my McAfee expired to install MSE and MalwareBytes over it, on the assumption that it would still protect me because despite the fact I could no longer scan with it, it still actively provided protection against attacks and trojans/viruses. Consequently, I am gifted with this disaster. MalwareBytes' first scan resulted with a whopping 11 trojans identified. Several of these related to Visual Basic Express, which I have grown to become extremely untrusting of. It was likely infected, as it commonly appeared under processes taking up around 50% CPU, and would eventually return after termination. Probably should have consulted someone before going ahead and removing them. Surprisingly, it seems that apparently 9 out of 11 of these trojans was successfully removed, as they no longer appeared in the scan upon reboot. Hopefully, because of this, they will be unimportant. Of course, the two that still appeared are PUM.UserWLoad and Trojan.Ransom. Some searching has shown that they are related, and are known to cause website compromises? I don't run a website, but two trojans on my computer is two trojans too many. Since they don't sound like keyloggers, I'm taking the risk to log in to the accounts I need to get this information around. I could very easily be wrong. Again, not the smartest with PC security. Let's hope THIS trojan doesn't result in the absolute harddrive wipe that the svchost one ended in... It is also my very first time confronting a forum of any kind concerning virus/trojan infections, so please be gentle when I have no idea what the hell I should be doing.
  11. I see a lot of people got the same virus. and been solved by different method. So, i really need help to guide me to remove this virus. This is my malwarebytes log. TQ Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.28.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 user :: USER-PC [administrator] Protection: Enabled 28-Apr-13 7:48:43 PM MBAM-log-2013-04-28 (21-59-56).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 513540 Time elapsed: 2 hour(s), 3 minute(s), 43 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\user\LOCALS~1\Temp\msvikizie.pif -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  12. Everytime I run malware bytes scan, I remove these two items but they show up again in the next scan. Is there a way to remove them fully from my system?? Any help would be much appreciated.
  13. Repost, since i mistakenly post this in General Forum (sorry, admins, i'm panicked and havent read the whole rules in here). hi, i'm a newbie and am not a computer savvy. last night while using my laptop, i found out that since March 24th, my Avira antivirus automatically update has failed to update and till now wont do the automatic update. since i just got a BSoD on the same day, i thought maybe because i was did the system Recovery. so then i did the update manually and for safety, i ran it. It came back with 2 virus, which i really forgot the name since i just clicked remove. Then i ran Malwarebytes and found 2 trojan/virus: Trojan.Ransom and PUM.UserWLoad. I removed right away. after restarted my computer, i ran HitmanPro and Malwarebytes again. HitmanPro came back clean, but in Malwarebytes, those 2 were back again. i removed and restart my computer and scanned it again, and both Trojan.Ransom and PUM.UserWLoad keep coming back. i have done it for 3 times. i have uninstall Avira (since it still failed to automatically update) and instal Avast and i also have installed RogueKiller. here are the result : Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.29.01 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 maria :: MARIA-PC [administrator] 3/29/2013 12:20:07 PM mbam-log-2013-03-29 (12-20-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 191348 Time elapsed: 4 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\maria\LOCALS~1\Temp\msoufzi.bat -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\maria\LOCALS~1\Temp\msoufzi.bat -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) I ran RogueKiller, here's the result : RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : maria [Admin rights] Mode : Scan -- Date : 03/29/2013 12:28:55 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 12 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Insomnia Live (C:\Users\maria\qzcxotl.exe) [x] -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : QzcxOTlGRkZFNjg4RjVGQ0 (C:\ProgramData\kmmmoanh.exe) [x] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3632183951-932135029-350098339-1000[...]\Run : Insomnia Live (C:\Users\maria\qzcxotl.exe) [x] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3632183951-932135029-350098339-1000[...]\Run : QzcxOTlGRkZFNjg4RjVGQ0 (C:\ProgramData\kmmmoanh.exe) [x] -> FOUND [sHELL][sUSP PATH] HKCU\[...]\Windows : Load (C:\Users\maria\Local Settings\Temp\msoufzi.bat) [x] -> FOUND [sHELL][sUSP PATH] HKUS\S-1-5-21-3632183951-932135029-350098339-1000[...]\Windows : Load (C:\Users\maria\Local Settings\Temp\msoufzi.bat) [x] -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{756A48EC-DCE8-4153-B027-94306FA03BCE} : NameServer (202.134.0.155,208.67.222.222) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{756A48EC-DCE8-4153-B027-94306FA03BCE} : NameServer (202.134.0.155,208.67.222.222) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9250315AS ATA Device +++++ --- User --- [MBR] 428f8d519c5427dc22265cec51d1a069 [bSP] c8496c40e90cbc7dfd19b1c9015414c6 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 49900 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 102402048 | Size: 188472 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_03292013_02d1228.txt >> RKreport[1]_S_03292013_02d1228.txt Please help me. and pardon me for my poor English. Attached Files dds.txt attach.txt RKreport1_S_03292013_02d1228.txt
  14. Hello, I scanned the computer with Malwarebytes recently and it found just one thing: PUM.UserWLoad I have since scanned it couple more times and was trying to remove the trojan with Malawarebytes but PUM.UserWLoad remains. Please see my most recent Full scan results below: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.10.01 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Agnieszka :: AGNIESZKA-DELL [administrator] 16/03/2013 10:57:48 MBAM-log-2013-03-16 (15-10-30).txt Scan type: Full scan (C:\|D:\|Q:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 494679 Time elapsed: 3 hour(s), 6 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\AGNIES~1\LOCALS~1\Temp\rpsgoab.exe -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Thank you, yaga1977
  15. Hello, I am infected with TrojanRansom and PUM.UserWLoad. Malwarebytes detects them but it does not seem to remove them. I've run Malwarebytes, selected to remove them, rebooted, run Malwarebytes again without doing anything else and they are detected again. I greatly appreciate any help you can give me. attach.txt dds.txt
  16. Please help me with my computer..... Malwarebytes detected PUM.UserWLoad & Trojan.Ransom! My AVG anti-virus and Advanced System Care did not catch before it infected my computer. I have run all program scans including Malwarebytes and I can not get rid of it. Computer is running slow displaying registry errors and randomly shutting down. Any help would be greatly appreciated! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2 Run by poison ivy at 2:49:43 on 2013-03-03 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2373 [GMT -6:00] . AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\atiesrxx.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\WLANExt.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe C:\Windows\system32\agr64svc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Program Files (x86)\AVG\AVG2013\avgemca.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files (x86)\SMINST\BLService.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Windows\ehome\ehtray.exe C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\dcmsvc\dcmsvc.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\osk.exe C:\Windows\hh.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ie uSearch Bar = hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=US&userid=978a4256-38d8-4fb2-98d9-f8260c7a5343&searchtype=ds&isid=9860&q={searchTerms} uSearch Page = hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=US&userid=978a4256-38d8-4fb2-98d9-f8260c7a5343&searchtype=ds&isid=9860&q={searchTerms} uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mStart Page = hxxp://search.gboxapp.com/ mDefault_Page_URL = hxxp://www.yahoo.com/ uSearchAssistant = hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=US&userid=978a4256-38d8-4fb2-98d9-f8260c7a5343&searchtype=ds&isid=9860&q={searchTerms} uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll uWindows: Load = C:\Users\POISON~1\LOCALS~1\Temp\mssoxak.bat BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned> BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file> TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [Google Update] "C:\Users\poison ivy\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart uRunServices: [JavaFXStudio1.0.0.1] c:\users\poison ivy\appdata\locallow\sun\java\deployment\systemcache\6.0\46\f84c6ae-7b21986b-n\visualmsvcr71.exe mRun: [uCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [updatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" mRun: [dcmsvc] "C:\Program Files (x86)\dcmsvc\dcmsvc.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 24.159.64.23 24.217.201.67 24.177.176.38 TCP: Interfaces\{7FAE03DA-EBA4-4CAD-967A-917A019D5615} : DHCPNameServer = 24.159.64.23 24.217.201.67 24.177.176.38 Handler: linkscanner - <Clsid value has no data> Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" x64-mStart Page = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0ByEyB0AtC0F0Czy0BzzyCtN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=874237943 x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned> x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide x64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe x64-Run: [smartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe x64-mPolicies-Explorer: NoActiveDesktop = dword:1 x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 x64-mPolicies-System: EnableUIADesktopToggle = dword:0 x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab x64-Handler: linkscanner - <Clsid value has no data> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p= FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ff FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\poison ivy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0ByEyB0AtC0F0Czy0BzzyCtN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=874237943 FF - user.js: extensions.funmoods.dfltSrch - true FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0ByEyB0AtC0F0Czy0BzzyCtN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=874237943 FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0ByEyB0AtC0F0Czy0BzzyCtN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=874237943&q= FF - user.js: extensions.funmoods.id - 00242B47A1FC9B86 FF - user.js: extensions.funmoods.instlDay - 15542 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.222:8:35 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - axl FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - axl FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.turbo.enabled - true FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.chrome.favicons - false FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: content.notify.ontimer - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.switch.threshold - 750000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 39768] R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-11-7 465216] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [2012-1-22 89088] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-4 238080] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984] R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-2-23 805752] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-21 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-11-6 682344] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608] R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2008-10-23 365952] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208] R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-9-24 296320] R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-9-24 116096] R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-12-21 46136] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2012-2-23 92176] R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-10-23 228408] R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-1-24 60928] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-11-6 24176] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-1-30 26168] S1 bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Windows\System32\drivers\BdfNdisf6.sys [2009-7-17 87048] S2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe --> C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-12-25 128912] S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2008-1-20 3154432] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-13 89920] . =============== File Associations =============== . FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %* FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2013-02-27 14:19:13 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-27 14:19:11 262560 ----a-w- C:\Windows\SysWow64\javaws.exe 2013-02-27 14:19:11 174496 ----a-w- C:\Windows\SysWow64\javaw.exe 2013-02-27 14:19:10 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-02-27 14:19:10 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-02-27 14:19:10 174496 ----a-w- C:\Windows\SysWow64\java.exe 2013-02-27 05:29:43 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-27 05:29:43 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-18 15:47:50 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2013-02-14 12:15:54 70004024 ----a-w- C:\Windows\System32\mrt.exe 2013-01-16 00:49:08 26432 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe 2013-01-09 01:48:55 17812992 ----a-w- C:\Windows\System32\mshtml.dll 2013-01-09 01:22:26 10925568 ----a-w- C:\Windows\System32\ieframe.dll 2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-01-09 01:12:29 1346048 ----a-w- C:\Windows\System32\urlmon.dll 2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-01-09 01:10:26 237056 ----a-w- C:\Windows\System32\url.dll 2013-01-09 01:09:10 85504 ----a-w- C:\Windows\System32\jsproxy.dll 2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:50 816640 ----a-w- C:\Windows\System32\jscript.dll 2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-01-09 01:06:39 729088 ----a-w- C:\Windows\System32\msfeeds.dll 2013-01-09 01:05:45 2147840 ----a-w- C:\Windows\System32\iertutil.dll 2013-01-09 01:04:58 96768 ----a-w- C:\Windows\System32\mshtmled.dll 2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-01-09 01:00:48 248320 ----a-w- C:\Windows\System32\ieui.dll 2013-01-08 22:23:25 12321280 ----a-w- C:\Windows\SysWow64\mshtml.dll 2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:09:18 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll 2013-01-08 22:03:57 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll 2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 22:01:48 231936 ----a-w- C:\Windows\SysWow64\url.dll 2013-01-08 22:00:14 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll 2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:43 717824 ----a-w- C:\Windows\SysWow64\jscript.dll 2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:57:49 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll 2013-01-08 21:56:51 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll 2013-01-08 21:56:37 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll 2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-08 21:53:13 176640 ----a-w- C:\Windows\SysWow64\ieui.dll 2013-01-05 05:37:50 4695400 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-01-04 11:31:10 1423720 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-01-04 01:59:24 2773504 ----a-w- C:\Windows\System32\win32k.sys 2012-12-25 06:32:53 201424 ----a-w- C:\Windows\SysWow64\rmoc3260.dll 2012-12-25 06:32:29 6656 ----a-w- C:\Windows\SysWow64\pndx5016.dll 2012-12-25 06:32:29 5632 ----a-w- C:\Windows\SysWow64\pndx5032.dll 2012-12-25 06:32:27 272896 ----a-w- C:\Windows\SysWow64\pncrt.dll 2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 2:50:25.22 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 1/14/2009 10:32:30 AM System Uptime: 3/3/2013 2:32:03 AM (0 hours ago) . Motherboard: Compal | | 30FC Processor: AMD Turion X2 Dual-Core Mobile RM-72 | Socket M2/S1G1 | 2100/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 285 GiB total, 133.922 GiB free. D: is FIXED (NTFS) - 13 GiB total, 1.987 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Acrobat.com Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) Adobe Shockwave Player 11.6 Advanced SystemCare 6 Agere Systems HDA Modem AMD APP SDK Runtime AMD Catalyst Install Manager AMD Fuel AMD USB Audio Driver Filter AMD VISION Engine Control Center Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Driver Installation Program AVG 2013 AVG Security Toolbar Bonjour Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system CyberLink DVD Suite dcmsvc 1.0 ESU for Microsoft Vista FATE ffdshow v1.1.4369 [2012-03-03] File Type Assistant Final Media Player 2011 GadgetBox Game Console - WildGames Google Chrome Hewlett-Packard ACLM.NET v1.1.0.0 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Customer Experience Enhancements HP Doc Viewer HP Help and Support HP MediaSmart Music/Photo/Video HP MediaSmart SmartMenu HP MediaSmart TV HP MediaSmart Webcam HP MULTIPLE MODEM INSTALLER for VISTA HP Product Detection HP Quick Launch Buttons HP Total Care Advisor HP Update HP User Guides 0129 HP Wireless Assistant HPAsset component for HP Active Support Library HPTCSSetup iCloud IDT Audio IObit Apps Toolbar v7.0 iTunes Java 7 Update 15 Java Auto Updater Java 6 Update 30 Java 6 Update 7 Java 7 Update 5 (64-bit) JavaFX 2.1.1 JMicron JMB38X Flash Media Controller LabelPrint LightScribe System Software 1.14.17.1 Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal My HP Games Netflix in Windows Media Center PhotoNow! Power2Go PowerDirector ProtectSmart Hard Drive Protection QLBCASL QuickTime RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista RealUpgrade 1.1 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Skype Click to Call Skype™ 6.0 Slingbox - Watch Your TV Anywhere SlingPlayer sprotector 1.62 Surround MP4 Tool 3.7.4 swMSM Uninstall vue MP4 PLAYER Unity Web Player Unreal Tournament G.O.T.Y. Edition Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update Installer for WildTangent Games App VideoBuzz Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables VLC media player 2.0.0 Warner Bros. Digital Copy Manager WildTangent Games App (HP Games) Wondershare Dr.Fone (iPhone 4)(Build 1.0.0.33) . ==== End Of File ===========================
  17. This may be a duplicate. First time poser and i dont see my thread built. Reposting I am unable to remove Trojan.Ransom & PUM.UserWLoad. Each time i run malwarebytes it sows up, i remove, restart, and rescan and its there again attach.txt dds.txt
  18. Hi I'm having a similar problem to this thread where I'm unable to remove Trojan.Ransom and PUM.UserWLoad upon restart with Malwarebytes. I've created the DDS files which I've attached. I appreciate any help you may provide on this! dds.txt attach.txt
  19. I'm running Windows Vista. Malwarebytes free version detected PUM.UserWLoad and Trojan.Ransom, however cannot delete them. I've attached the log. I've seen numerous posts with the same problem, all seem to have been sorted with your help. Please assist me!!! I'm not very experienced with solving computer problems, so your assistance and patience is appreciated. Many thanks in advance! MBAM-log-2013-01-24 (14-21-06).txt
  20. Hi, This is a new post for me but isn't new for all of you; it seems like many people are experiencing the same PUM.UserWLoad + Trojan.Ransom problem. I'm on an HP running Vista. Last week I did an updated Malwarebytes scan and nothing came up. I have two firewalls running and I have not had any malware, etc. for more than a year. Two evenings ago however I found the PUM + Trojan.Ransom. I have looked online some but decided this was the best option. I can find the registry for the sucker at HKCU\Softeware\Microsoft\WindowsNT\CurrentVersion\Windows|Load and the 'data' for it is C:\Uders\HP_User\Locals~1\Temp\mslaaicx.com. However, I can't erase the registry just like Malwarebytes can't. I know there are also exe and/or dll files that need to be erased, but don't know which to erase. I appreciate all of the help you can give me. It seems looking at the other threads that you have been able to help others with the same problem. Thanks much in advance, M&M I ran a full search (1+ hours) last night of MalwareBytes, updated version, and found the PUM, the Trojan.ransom and a java-related malware bug hiding around. I was able to delete the third (java) one, but the PUM.UserWLoad and Trojan.r are still there. Also, an interesting thing is that when I have restarted the computer after doing Malwarebytes scans (did it in normal mode a couple of times and safe mode once) you can actually see this @#$%@ bug at the bottom in the task bar... it has a 'bar' (I don't know what else to call it) that looks like it's black screen with white text... command prompt type stuff... and its name is the C:\Users\ HP_Users\... whatever. It doesn't hide very well if it's visible somehow lol. But it disappears in a few seconds. btw, here is the most recent MalwareBytes quick search (with updated info; not out of date) log: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.23.10 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 HP_USER :: HP_USER-PC [administrator] 1/24/2013 1:50:17 PM mbam-log-2013-01-24 (13-50-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 270451 Time elapsed: 5 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\HP_USER\LOCALS~1\Temp\mslaaicx.com -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\HP_USER\LOCALS~1\Temp\mslaaicx.com -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  21. Hi all, I'm new here - Happy New Year! I was wondering if anyone would be kind enough to offer me some help. Recently I encounted that terrible PCEU LockScreen virus (like the FBI LockScreen virus except for the UK). I ran Malwarebytes Anti-Malware a few times as well as Emsisoft Emergency Kit in line with some instructions I found online. This seemed to remove the virus and my AVG virus scanner then found no problems at all. However, when I reactivated the internet and started browsing, after a few minutes of trouble free browsing the LockScreen was back! I have now disabled internet access. Today I ran Malwarebytes Anti-Malware again and it detected 1 problem under "Registry Values". The following entry showed up: HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Rob\Locals~1\Temp\mskqtkejf.pif At this point I decided not to delete it and searched help on Google. I came across an entry on this forum for a similar problem and, although I'm really not a technical guy, I have been following your very helpful instructions. As per the other thread, I downloaded Combofix onto my desktop, disabled my firewall and anti-virus software, closed all other programs and ran Combofix. It ran successfully and then rebooted my computer. Combofix then posted a log - I have attached this for your information. The only thing that is worrying me slightly is that, whilst everything appears normal superficially, if I double click on any programme files or Word, PDF, or similar, a window opens with the message "Illegal operation attempted on a registry key that has been marked for deletion". I thought this was a good time to pause everything and seek further help from someone much wiser than me! As I am concerned about this "marked for deletion" message, I am going to leave my laptop switched on and prevent it from re-booting just in case it destroys my PC!!! Any help and advice you could offer would be massively appreciated! Hope to hear from someone soon. Many thanks. ComboFix.txt
  22. Hi, Recently i noticed two trojans that came up during a Malwarebytes scan, PUM.UserWLoad, and Trojan.Ransom. I have the free version of Malwarebytes, and cannot seem to get rid of these two trojans. I have used both the remove feature inside of Malwarebytes as well as the Malwarebytes Chameleon Software, neither of which have been able to remove anything after five attempts. Any help would be greatly appreciated!!!
  23. My Malware Bytes scan has been coming up with PUM.UserWLoad and Trojan.Ransom. When I click remove selected and reboot my computer, the two still come up in the scan. Both come under the category "Registry Value". Here is my log: (I am not sure if I am supposed to post the other log because it says not to unless instructed) DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_31 Run by Amy at 5:00:08 on 2012-12-27 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4087.434 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\NCsoft\Aion\bin32\aion.bin C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\hh.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ask.com/?l=dis&o=14196 uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> uWindows: Load = C:\Users\Amy\LOCALS~1\Temp\msuyffc.scr mWinlogon: Userinit = userinit.exe, BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: SelectionLinksBHO Class: {300BEC06-B743-4D19-86B9-11DC711D7FFB} - C:\Program Files (x86)\OApps\SelectionLinks.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: XfireXO Toolbar: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\tbXfir.dll TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file> TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll uRun: [PlayNC Launcher] <no file> mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{CB33F662-5B1E-45C0-BBC1-496B3A1795A1} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{E818C25F-36FD-448A-943C-1623B5A6E635} : DHCPNameServer = 75.75.75.75 75.75.76.76 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll Notify: SDWinLogon - SDWinLogon.dll SSODL: WebCheck - <orphaned> x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-SSODL: WebCheck - <orphaned> Hosts: 68.44.253.119 Goodnight_Sweet_Princess ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\r3w2tj1m.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B44f6237a-12cd-46da-8345-8c0edff75bfb%7D&mid=3ee9640d250225e68ecc7e30d069fdee-cfafb69c029a1151281cd7e77d786a56d11a12c9&ds=AVG&v=10.0.0.7〈=us&pr=fr&d=2011-12-15%2013%3A30%3A08&sap=ku&q= FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff10.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff11.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff12.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff9.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Amy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll FF - plugin: C:\Users\Amy\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll FF - plugin: C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npoctoshape.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - ExtSQL: 2012-12-27 03:11; plugin@selectionlinks.com; C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\r3w2tj1m.default\extensions\plugin@selectionlinks.com . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0 ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 30568] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [2010-8-1 81920] R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-2 1103392] R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-2 1369624] R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-2 168384] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824] R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2010-8-1 2736128] R3 MRV6X64U;Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x);C:\Windows\System32\drivers\MRVW24C.sys [2007-10-28 340480] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064] R3 wod0205;WeOnlyDo Network Adapter 2.5;C:\Windows\System32\drivers\wod0205.sys [2011-7-27 33160] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate1caebf819b9c401;Google Update Service (gupdate1caebf819b9c401);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-4 133104] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-12 167264] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2009-11-25 61280] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-6 704864] S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-30 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-7 1255736] . =============== Created Last 30 ================ . 2012-12-27 09:06:07 0 ----a-w- C:\Windows\System32\olepro32.dll 2012-12-27 09:06:07 0 ----a-w- C:\Windows\System32\nvwgf2um.dll 2012-12-27 09:06:07 0 ----a-w- C:\Windows\System32\nvd3dum.dll 2012-12-27 09:06:07 0 ----a-w- C:\Windows\System32\nvapi.dll 2012-12-27 08:13:39 -------- d-----w- C:\Program Files\CPUID 2012-12-27 08:11:15 -------- d-----w- C:\Users\Amy\AppData\Local\Coupon Companion Plugin 2012-12-27 08:11:13 -------- d-----w- C:\Program Files (x86)\OApps 2012-12-27 08:11:13 -------- d-----w- C:\Program Files (x86)\Coupon Companion Plugin 2012-12-27 08:11:09 -------- d-----w- C:\Users\Amy\AppData\Local\Wajam 2012-12-27 08:11:09 -------- d-----w- C:\Program Files (x86)\Wajam 2012-12-27 06:32:59 -------- d-----w- C:\Program Files\CCleaner 2012-12-27 00:27:39 -------- d-----w- C:\Users\Amy\.swt 2012-12-22 08:01:31 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-22 08:01:31 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-22 08:01:30 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-22 08:01:25 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-12 08:02:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll 2012-12-12 08:02:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll 2012-12-12 08:02:59 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll 2012-12-12 08:02:59 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll 2012-12-02 21:15:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-12-02 21:15:23 17272 ----a-w- C:\Windows\System32\sdnclean64.exe 2012-12-02 21:15:20 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2 2012-12-02 21:15:03 -------- d-----w- C:\Users\Amy\AppData\Local\Programs . ==================== Find3M ==================== . 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-08 16:23:49 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-10-11 02:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll 2012-10-11 02:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll 2012-10-11 02:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll 2012-10-11 02:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll 2012-10-11 02:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll 2012-10-11 02:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll 2012-10-11 02:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys 2012-10-11 02:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll 2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll 2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll 2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll 2012-10-02 18:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 5:01:02.89 ===============
  24. Had FBI ransom virus. Seems to have been removed successfully but Malwarebytes reports the PUM.UserWLoad virus "Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\OURLAP~1\LOCALS~1\Temp\msaxuiyes.exe -> Delete on reboot." Have run scan and rebooted several times same results registry not deleted. Have run the scan(Malwarebytes and AVG) in normal and safemode with the reboot same results. AVG does not detect any problems. Windows 7 home premium 64bit Help with removal will be greatly appreciated. M
  25. Hello, I'm a newbie when it comes to serious problems with my computer. I already ran AVG 2013 and Malwarebytes to try solving the issue, but the viruses continue to come back and are not permanently deleted. Any help with this issue would be greatly appreciated. I ran the DDS with the results attached below. dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.