FrysGIRL Posted November 23, 2011 ID:497402 Share Posted November 23, 2011 I recently got infected with Security Protection 2012. So, whenever I try to access google.com or other various websites, it tells me "Your PC is Infected!You can loose all your Secure data from bank details toe-mail or social network password:Please activate System Protection 2012 toREMOVE Infection from your PC."I followed the instructions in the removal guide but when I scan with malwarebytes, it tells me that it can't detect any malicious software. Any help would be great, thanks!DDS.txt Link to post Share on other sites More sharing options...
Staff screen317 Posted November 27, 2011 Staff ID:498512 Share Posted November 27, 2011 Hi and welcome to Malwarebytes. In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log. Next, run DDS again and post DDS.txt directly in your reply. Link to post Share on other sites More sharing options...
Staff screen317 Posted December 6, 2011 Staff ID:502034 Share Posted December 6, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
FrysGIRL Posted December 7, 2011 Author ID:502107 Share Posted December 7, 2011 Thanks for your response. Yes, I am still here. For whatever reason, I wasn't receiving e-mail notifications that you had replied. To keep you updated, the pop-ups and the redirects have gotten worse. Every other time I click on a link, I get redirected. Here is my MWB log.Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 8325Windows 6.1.7601 Service Pack 1Internet Explorer 9.0.8112.1642112/6/2011 08:44:52 PMmbam-log-2011-12-06 (20-44-52).txtScan type: Quick scanObjects scanned: 174725Time elapsed: 2 minute(s), 47 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)*** and here is the DDS log.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29Run by TIM at 20:47:28 on 2011-12-06Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2066 [GMT -5:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\nvvsvc.exeC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\nvvsvc.exeC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\System32\spoolsv.exeC:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\ActivIdentity\ActivClient\acevents.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\windows\system32\svchost.exe -k bthsvcsC:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\windows\SysWOW64\Rezip.exeC:\windows\system32\taskhost.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\Program Files (x86)\CyberLink\Shared files\RichVideo.exeC:\windows\system32\svchost.exe -k imgsvcC:\windows\System32\svchost.exe -k secsvcsC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\windows\system32\svchost.exe -k bthaudiosvcC:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\windows\system32\taskeng.exeC:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exeC:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exeC:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exeC:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exeC:\windows\System32\rundll32.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exeC:\Program Files\iPod\bin\iPodService.exeC:\windows\System32\svchost.exe -k LocalServicePeerNetC:\windows\system32\svchost.exe -k SDRSVCC:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\PROGRA~2\Java\jre6\bin\jp2launcher.exeC:\Program Files (x86)\Java\jre6\bin\java.exeC:\windows\system32\conhost.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\windows\sysWOW64\wbem\wmiprvse.exeC:\Users\TIM\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\windows\system32\notepad.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe.exeC:\windows\SysWOW64\NOTEPAD.EXEC:\windows\SysWOW64\ping.exeC:\windows\system32\conhost.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\SearchFilterHost.exeC:\windows\system32\DllHost.exeC:\windows\system32\DllHost.exeC:\windows\SysWOW64\cmd.exeC:\windows\system32\conhost.exeC:\windows\SysWOW64\cscript.exeC:\windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsnuInternet Settings,ProxyOverride = *.localuURLSearchHooks: H - No FilemWinlogon: Userinit=userinit.exe,BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dlluRun: [Google Update] "C:\Users\TIM\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeuRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exemRun: [<NO NAME>] mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [HFALoader] C:\Program Files (x86)\Hamster Soft\Free ZIP Archiver\HamsterArc.exe -loadermRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000IE: Free YouTube to MP3 Converter - C:\Users\TIM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htmIE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllLSP: mswsock.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabTCP: DhcpNameServer = 10.0.0.1TCP: Interfaces\{E1CA3EFE-1C56-42DF-A21C-4D0EE033B96A} : DhcpNameServer = 10.0.0.1TCP: Interfaces\{E1CA3EFE-1C56-42DF-A21C-4D0EE033B96A}\2456C6B696E6F574F575962756C6563737F5349393541453 : DhcpNameServer = 192.168.2.1TCP: Interfaces\{E1CA3EFE-1C56-42DF-A21C-4D0EE033B96A}\6596374716027596649602D2022302 : DhcpNameServer = 10.0.0.1TCP: Interfaces\{E1CA3EFE-1C56-42DF-A21C-4D0EE033B96A}\A416764516C6B6027457563747 : DhcpNameServer = 10.30.224.20 10.40.224.20 10.20.224.20TCP: Interfaces\{E1CA3EFE-1C56-42DF-A21C-4D0EE033B96A}\F466669636560275966496 : DhcpNameServer = 10.0.0.1Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4BHO-X64: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllBHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllmRun-x64: [(Default)] mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun-x64: [HFALoader] C:\Program Files (x86)\Hamster Soft\Free ZIP Archiver\HamsterArc.exe -loadermRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm.================= FIREFOX ===================.FF - ProfilePath - C:\Users\TIM\AppData\Roaming\Mozilla\Firefox\Profiles\fj2uev7m.default\FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllFF - plugin: C:\Users\TIM\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: C:\Users\TIM\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\TIM\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll.============= SERVICES / DRIVERS ===============.R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/02/03 12:12:40];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-11-19 146928]R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]R2 HFGService;Handsfree Headset Service;C:\windows\system32\svchost.exe -k bthaudiosvc [2009-7-13 20992]R2 Rezip;Rezip;C:\Windows\SysWOW64\Rezip.exe [2010-2-2 311296]R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-3 1153368]R3 BthAudioHF;BthAudioHF Service;C:\windows\system32\DRIVERS\BthAudioHF.sys --> C:\windows\system32\DRIVERS\BthAudioHF.sys [?]R3 BthAvrcp;Bluetooth AVRCP Profile;C:\windows\system32\DRIVERS\BthAvrcp.sys --> C:\windows\system32\DRIVERS\BthAvrcp.sys [?]R3 csr_a2dp;Bluetooth AV Profile;C:\windows\system32\drivers\bthav.sys --> C:\windows\system32\drivers\bthav.sys [?]R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-8-24 362992]S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-8-24 309744]S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-8-24 166384]S3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?]S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]S3 GKUPRO2D;GKUPRO2D;C:\windows\system32\Drivers\GKUPRO2D.sys --> C:\windows\system32\Drivers\GKUPRO2D.sys [?]S3 ivusb;Initio Driver for USB Default Controller;C:\windows\system32\DRIVERS\ivusb.sys --> C:\windows\system32\DRIVERS\ivusb.sys [?]S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-8-24 1083888]S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\windows\system32\DRIVERS\S3XXx64.sys --> C:\windows\system32\DRIVERS\S3XXx64.sys [?]S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]S3 WSDScan;WSD Scan Support via UMB;C:\windows\system32\DRIVERS\WSDScan.sys --> C:\windows\system32\DRIVERS\WSDScan.sys [?]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]SUnknown jpzhzgae;jpzhzgae; [x].=============== Created Last 30 ================.2011-12-07 01:40:46 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys2011-12-06 22:03:15 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7F2EBC80-AE54-469E-BC9E-2266AD07D4E3}\offreg.dll2011-12-06 22:03:13 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7F2EBC80-AE54-469E-BC9E-2266AD07D4E3}\mpengine.dll2011-12-04 00:43:08 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy2011-12-04 00:43:08 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy2011-11-27 05:04:05 111616 ----a-w- C:\windows\SysWow64\N0V0SuxhO.com_2011-11-27 04:52:47 -------- d-----we C:\windows\system642011-11-23 04:01:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2011-11-22 05:52:48 -------- d-----w- C:\ProgramData\Malwarebytes2011-11-22 05:16:12 -------- d-----w- C:\Program Files (x86)\GFI Software2011-11-22 04:59:11 691 ----a-w- C:\Users\TIM\AppData\Roaming\GetValue.vbs2011-11-22 04:59:11 35 ----a-w- C:\Users\TIM\AppData\Roaming\SetValue.bat2011-11-22 04:59:11 2372 ----a-w- C:\windows\SysWow64\tmp.reg2011-11-22 02:46:00 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools2011-11-22 02:45:59 -------- d-----w- C:\Program Files (x86)\PC Tools Security2011-11-22 02:44:54 -------- d-----w- C:\ProgramData\PC Tools2011-11-21 21:24:03 -------- d-----w- C:\Program Files\iTunes2011-11-21 21:24:03 -------- d-----w- C:\Program Files\iPod2011-11-21 05:30:26 -------- d-----w- C:\Users\TIM\AppData\Roaming\Malwarebytes2011-11-21 05:29:14 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE2011-11-21 05:29:10 25416 ----a-w- C:\windows\System32\drivers\mbam.sys2011-11-21 05:16:28 -------- d-----w- C:\Users\TIM\AppData\Roaming\yhhYYXwjUVelBtP2011-11-21 05:16:28 -------- d-----w- C:\Users\TIM\AppData\Roaming\JHHH5sQQJ7dK8RZ2011-11-21 05:16:26 -------- d-----w- C:\Users\TIM\AppData\Roaming\TK77ffEL9gTZjYw2011-11-21 05:16:25 -------- d-----w- C:\Users\TIM\AppData\Roaming\Y00uuvS22iF3pG52011-11-21 05:16:25 -------- d-----w- C:\Users\TIM\AppData\Roaming\mjjjYCCekI2011-11-21 05:16:23 -------- d-----w- C:\Users\TIM\AppData\Roaming\GeeellOBtzP0c2011-11-21 05:16:21 -------- d-----w- C:\Users\TIM\AppData\Roaming\jbbDD3ppnG4QHsW2011-11-19 16:33:03 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll2011-11-19 16:33:03 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll2011-11-19 16:33:03 3144704 ----a-w- C:\windows\System32\win32k.sys2011-11-19 16:33:03 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys.==================== Find3M ====================.2011-11-19 16:28:41 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-10-03 10:06:03 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll.============= FINISH: 20:50:31.13 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted December 13, 2011 Staff ID:504320 Share Posted December 13, 2011 Hi,Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
FrysGIRL Posted December 15, 2011 Author ID:505129 Share Posted December 15, 2011 Alright, here is the combofix log and the new DDS log. Thanks.ComboFix log:ComboFix 11-12-13.03 - TIM 12/14/2011 19:59:13.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2269 [GMT -5:00]Running from: c:\users\TIM\Downloads\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\install.exec:\users\TIM\AppData\Roaming\Adobe\plugsc:\users\TIM\AppData\Roaming\inst.exec:\users\TIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011c:\windows\system32\consrv.dllc:\windows\System64c:\windows\SysWow64\404Fix.exec:\windows\SysWow64\Agent.OMZ.Fix.exec:\windows\SysWow64\dumphive.exec:\windows\SysWow64\IEDFix.C.exec:\windows\SysWow64\IEDFix.exec:\windows\SysWow64\o4Patch.exec:\windows\SysWow64\Process.exec:\windows\SysWow64\SrchSTS.exec:\windows\SysWow64\tmp.regc:\windows\SysWow64\VACFix.exec:\windows\SysWow64\VCCLSID.exec:\windows\SysWow64\WS2Fix.exe..((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))..2011-12-15 01:06 . 2011-12-15 01:06 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC826F76-8BBB-4018-BD51-A375A972B298}\offreg.dll2011-12-15 01:05 . 2011-12-15 01:05 -------- d-----w- c:\users\Default\AppData\Local\temp2011-12-13 07:19 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC826F76-8BBB-4018-BD51-A375A972B298}\mpengine.dll2011-12-04 00:43 . 2011-12-04 01:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy2011-12-04 00:43 . 2011-12-04 01:34 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy2011-12-02 21:45 . 2011-12-02 21:45 -------- d-----w- c:\program files (x86)\Common Files\Java2011-11-27 05:04 . 2011-11-27 05:06 111616 ----a-w- c:\windows\SysWow64\N0V0SuxhO.com_2011-11-23 04:01 . 2011-12-02 17:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2011-11-22 05:52 . 2011-11-22 05:52 -------- d-----w- c:\programdata\Malwarebytes2011-11-22 05:16 . 2011-11-22 05:16 -------- d-----w- c:\program files (x86)\GFI Software2011-11-22 04:59 . 2011-11-22 05:05 35 ----a-w- c:\users\TIM\AppData\Roaming\SetValue.bat2011-11-22 04:59 . 2011-11-22 05:05 691 ----a-w- c:\users\TIM\AppData\Roaming\GetValue.vbs2011-11-22 03:17 . 2011-11-22 03:17 -------- d-----w- c:\windows\Sun2011-11-22 02:46 . 2011-11-22 05:01 -------- d-----w- c:\program files (x86)\Common Files\PC Tools2011-11-22 02:45 . 2011-11-22 05:01 -------- d-----w- c:\program files (x86)\PC Tools Security2011-11-22 02:44 . 2011-11-22 03:05 -------- d-----w- c:\programdata\PC Tools2011-11-21 21:24 . 2011-11-21 21:24 -------- d-----w- c:\program files\iTunes2011-11-21 21:24 . 2011-11-21 21:24 -------- d-----w- c:\program files\iPod2011-11-21 05:30 . 2011-11-21 05:30 -------- d-----w- c:\users\TIM\AppData\Roaming\Malwarebytes2011-11-21 05:29 . 2011-11-23 03:58 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE2011-11-21 05:29 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-21 05:16 . 2011-11-21 05:16 -------- d-----w- c:\users\TIM\AppData\Roaming\yhhYYXwjUVelBtP2011-11-21 05:16 . 2011-11-21 05:16 -------- d-----w- c:\users\TIM\AppData\Roaming\JHHH5sQQJ7dK8RZ2011-11-21 05:16 . 2011-11-21 05:16 -------- d-----w- c:\users\TIM\AppData\Roaming\TK77ffEL9gTZjYw2011-11-21 05:16 . 2011-11-21 05:44 -------- d-----w- c:\users\TIM\AppData\Roaming\mjjjYCCekI2011-11-21 05:16 . 2011-11-21 05:16 -------- d-----w- c:\users\TIM\AppData\Roaming\Y00uuvS22iF3pG52011-11-21 05:16 . 2011-11-21 05:16 -------- d-----w- c:\users\TIM\AppData\Roaming\GeeellOBtzP0c2011-11-21 05:16 . 2011-11-21 05:16 -------- d-----w- c:\users\TIM\AppData\Roaming\jbbDD3ppnG4QHsW2011-11-19 16:33 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll2011-11-19 16:33 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll2011-11-19 16:33 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys2011-11-19 16:33 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys2011-11-19 16:28 . 2011-11-19 16:28 -------- d-----w- c:\windows\system32\Macromed...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-19 16:28 . 2011-06-05 20:18 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-11-05 21:56 . 2011-11-05 21:56 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2011-10-31 06:46 . 2011-10-31 06:46 2189 ----a-w- c:\users\TIM\AppData\Local\TempfixPerms.vbs2011-10-03 10:06 . 2010-06-18 00:59 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll.<pre>c:\program files (x86)\eGames\Puzzle Master Autumn\Uninstall Puzzle Master Autumn .exe</pre>.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]"HFALoader"="c:\program files (x86)\Hamster Soft\Free ZIP Archiver\HamsterArc.exe" [2011-10-11 2318336]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 1082144].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]R3 GKUPRO2D;GKUPRO2D;c:\windows\system32\Drivers\GKUPRO2D.sys [x]R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [x]S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]S3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]..Contents of the 'Scheduled Tasks' folder.2011-12-14 c:\windows\Tasks\At10.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At12.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At14.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At16.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At18.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At2.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At20.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At22.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At24.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At26.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At28.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At30.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At32.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At34.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-15 c:\windows\Tasks\At36.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-15 c:\windows\Tasks\At38.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At4.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-15 c:\windows\Tasks\At40.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At42.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At44.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At46.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At48.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At6.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\At8.job- c:\windows\system32\N0V0SuxhO.com_ [2011-11-27 05:06].2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2171278125-3003510731-1154975722-1001Core.job- c:\users\TIM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 23:21].2011-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2171278125-3003510731-1154975722-1001UA.job- c:\users\TIM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 23:21].2011-11-22 c:\windows\Tasks\SidebarExecute.job- c:\program files\Windows Sidebar\sidebar.exe [2011-05-31 13:25]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [N/A]"(Default)"="" [N/A]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-10 16413288]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]"combofix"="c:\combofix\CF23629.3XE" [2010-11-20 345088].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x1.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000IE: Free YouTube to MP3 Converter - c:\users\TIM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htmIE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 10.0.0.1FF - ProfilePath - c:\users\TIM\AppData\Roaming\Mozilla\Firefox\Profiles\fj2uev7m.default\.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)SafeBoot-mcmscsvcSafeBoot-MCODSToolbar-Locked - (no file)AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{E85781E1-08F4-413E-86A1-CCEF4E1B12CB}\Best Buy Software Installer Setup.exe...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exec:\program files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exec:\program files (x86)\CyberLink\Shared files\RichVideo.exe.**************************************************************************.Completion time: 2011-12-14 20:13:31 - machine was rebootedComboFix-quarantined-files.txt 2011-12-15 01:13.Pre-Run: 360,972,193,792 bytes freePost-Run: 360,920,395,776 bytes free.- - End Of File - - 92500F2FD62C873AEC5A9992479EF2CE*** Now the new DDS log***.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29Run by TIM at 21:50:13 on 2011-12-14Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2462 [GMT -5:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\nvvsvc.exeC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\System32\spoolsv.exeC:\windows\system32\nvvsvc.exeC:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\ActivIdentity\ActivClient\acevents.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\windows\system32\taskhost.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\windows\system32\taskeng.exeC:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exeC:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exeC:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\windows\system32\svchost.exe -k bthsvcsC:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\windows\system32\svchost.exe -k bthaudiosvcC:\windows\SysWOW64\Rezip.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files (x86)\CyberLink\Shared files\RichVideo.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\windows\system32\svchost.exe -k imgsvcC:\windows\System32\svchost.exe -k secsvcsC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\iPod\bin\iPodService.exeC:\windows\system32\SearchIndexer.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Windows Media Player\wmpnetwk.exeC:\windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\windows\system32\DllHost.exeC:\windows\system32\svchost.exe -k SDRSVCC:\windows\system32\taskeng.exeC:\windows\system32\taskhost.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\windows\system32\DllHost.exeC:\windows\system32\DllHost.exeC:\windows\system32\DllHost.exeC:\windows\SysWOW64\cmd.exeC:\windows\system32\conhost.exeC:\windows\SysWOW64\cscript.exeC:\windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyOverride = *.localuURLSearchHooks: H - No FileBHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dlluRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [HFALoader] C:\Program Files (x86)\Hamster Soft\Free ZIP Archiver\HamsterArc.exe -loadermRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exemPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000IE: Free YouTube to MP3 Converter - C:\Users\TIM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htmIE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabTCP: DhcpNameServer = 10.0.0.1TCP: Interfaces\{E1CA3EFE-1C56-42DF-A21C-4D0EE033B96A} : DhcpNameServer = 10.0.0.1TCP: Interfaces\{E1CA3EFE-1C56-42DF-A21C-4D0EE033B96A}\2456C6B696E6F574F575962756C6563737F5349393541453 : DhcpNameServer = 192.168.2.1TCP: Interfaces\{E1CA3EFE-1C56-42DF-A21C-4D0EE033B96A}\6596374716027596649602D2022302 : DhcpNameServer = 10.0.0.1TCP: Interfaces\{E1CA3EFE-1C56-42DF-A21C-4D0EE033B96A}\A416764516C6B6027457563747 : DhcpNameServer = 10.30.224.20 10.40.224.20 10.20.224.20TCP: Interfaces\{E1CA3EFE-1C56-42DF-A21C-4D0EE033B96A}\F466669636560275966496 : DhcpNameServer = 10.0.0.1Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllBHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllmRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun-x64: [HFALoader] C:\Program Files (x86)\Hamster Soft\Free ZIP Archiver\HamsterArc.exe -loadermRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm.================= FIREFOX ===================.FF - ProfilePath - C:\Users\TIM\AppData\Roaming\Mozilla\Firefox\Profiles\fj2uev7m.default\FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllFF - plugin: C:\Users\TIM\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: C:\Users\TIM\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\TIM\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll.============= SERVICES / DRIVERS ===============.R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/02/03 12:12:40];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-11-19 146928]R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]R2 HFGService;Handsfree Headset Service;C:\windows\system32\svchost.exe -k bthaudiosvc [2009-7-13 20992]R2 Rezip;Rezip;C:\Windows\SysWOW64\Rezip.exe [2010-2-2 311296]R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-3 1153368]R3 BthAudioHF;BthAudioHF Service;C:\windows\system32\DRIVERS\BthAudioHF.sys --> C:\windows\system32\DRIVERS\BthAudioHF.sys [?]R3 BthAvrcp;Bluetooth AVRCP Profile;C:\windows\system32\DRIVERS\BthAvrcp.sys --> C:\windows\system32\DRIVERS\BthAvrcp.sys [?]R3 csr_a2dp;Bluetooth AV Profile;C:\windows\system32\drivers\bthav.sys --> C:\windows\system32\drivers\bthav.sys [?]R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-8-24 362992]S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-8-24 309744]S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-8-24 166384]S3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?]S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]S3 GKUPRO2D;GKUPRO2D;C:\windows\system32\Drivers\GKUPRO2D.sys --> C:\windows\system32\Drivers\GKUPRO2D.sys [?]S3 ivusb;Initio Driver for USB Default Controller;C:\windows\system32\DRIVERS\ivusb.sys --> C:\windows\system32\DRIVERS\ivusb.sys [?]S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-8-24 1083888]S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\windows\system32\DRIVERS\S3XXx64.sys --> C:\windows\system32\DRIVERS\S3XXx64.sys [?]S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]S3 WSDScan;WSD Scan Support via UMB;C:\windows\system32\DRIVERS\WSDScan.sys --> C:\windows\system32\DRIVERS\WSDScan.sys [?]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2011-12-15 02:18:07 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC826F76-8BBB-4018-BD51-A375A972B298}\offreg.dll2011-12-15 02:17:52 -------- d-sh--w- C:\$RECYCLE.BIN2011-12-15 00:58:07 98816 ----a-w- C:\windows\sed.exe2011-12-15 00:58:07 518144 ----a-w- C:\windows\SWREG.exe2011-12-15 00:58:07 256000 ----a-w- C:\windows\PEV.exe2011-12-15 00:58:07 208896 ----a-w- C:\windows\MBR.exe2011-12-15 00:58:03 -------- d-----w- C:\ComboFix2011-12-13 07:19:29 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC826F76-8BBB-4018-BD51-A375A972B298}\mpengine.dll2011-12-04 00:43:08 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy2011-12-04 00:43:08 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy2011-11-27 05:04:05 111616 ----a-w- C:\windows\SysWow64\N0V0SuxhO.com_2011-11-23 04:01:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2011-11-22 05:52:48 -------- d-----w- C:\ProgramData\Malwarebytes2011-11-22 05:16:12 -------- d-----w- C:\Program Files (x86)\GFI Software2011-11-22 04:59:11 691 ----a-w- C:\Users\TIM\AppData\Roaming\GetValue.vbs2011-11-22 04:59:11 35 ----a-w- C:\Users\TIM\AppData\Roaming\SetValue.bat2011-11-22 02:46:00 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools2011-11-22 02:45:59 -------- d-----w- C:\Program Files (x86)\PC Tools Security2011-11-22 02:44:54 -------- d-----w- C:\ProgramData\PC Tools2011-11-21 21:24:03 -------- d-----w- C:\Program Files\iTunes2011-11-21 21:24:03 -------- d-----w- C:\Program Files\iPod2011-11-21 05:30:26 -------- d-----w- C:\Users\TIM\AppData\Roaming\Malwarebytes2011-11-21 05:29:14 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE2011-11-21 05:29:10 25416 ----a-w- C:\windows\System32\drivers\mbam.sys2011-11-21 05:16:28 -------- d-----w- C:\Users\TIM\AppData\Roaming\yhhYYXwjUVelBtP2011-11-21 05:16:28 -------- d-----w- C:\Users\TIM\AppData\Roaming\JHHH5sQQJ7dK8RZ2011-11-21 05:16:26 -------- d-----w- C:\Users\TIM\AppData\Roaming\TK77ffEL9gTZjYw2011-11-21 05:16:25 -------- d-----w- C:\Users\TIM\AppData\Roaming\Y00uuvS22iF3pG52011-11-21 05:16:25 -------- d-----w- C:\Users\TIM\AppData\Roaming\mjjjYCCekI2011-11-21 05:16:23 -------- d-----w- C:\Users\TIM\AppData\Roaming\GeeellOBtzP0c2011-11-21 05:16:21 -------- d-----w- C:\Users\TIM\AppData\Roaming\jbbDD3ppnG4QHsW2011-11-19 16:33:03 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll2011-11-19 16:33:03 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll2011-11-19 16:33:03 3144704 ----a-w- C:\windows\System32\win32k.sys2011-11-19 16:33:03 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys.==================== Find3M ====================.2011-11-19 16:28:41 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-10-03 10:06:03 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll.============= FINISH: 21:51:37.20 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted December 19, 2011 Staff ID:506442 Share Posted December 19, 2011 Hi,Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.Next, please open Notepad - don't use any other text editor than notepad or the script will fail.Copy/paste the text in the box below into Notepad:AtJob::KILLALL::Save this as CFScript Then drag the CFScript into ComboFix.exe as you see in the screenshot below.This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.-screen317 Link to post Share on other sites More sharing options...
FrysGIRL Posted December 21, 2011 Author ID:507737 Share Posted December 21, 2011 Alrighty, here is the new ComboFix logComboFix 11-12-21.02 - TIM 12/21/2011 16:34:24.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2507 [GMT -5:00]Running from: c:\users\TIM\Desktop\ComboFix.exeCommand switches used :: c:\users\TIM\Desktop\CFScript.txtSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\Tasks\At10.jobc:\windows\Tasks\At12.jobc:\windows\Tasks\At14.jobc:\windows\Tasks\At16.jobc:\windows\Tasks\At18.jobc:\windows\Tasks\At2.jobc:\windows\Tasks\At20.jobc:\windows\Tasks\At22.jobc:\windows\Tasks\At24.jobc:\windows\Tasks\At26.jobc:\windows\Tasks\At28.jobc:\windows\Tasks\At30.jobc:\windows\Tasks\At32.jobc:\windows\Tasks\At34.jobc:\windows\Tasks\At36.jobc:\windows\Tasks\At38.jobc:\windows\Tasks\At4.jobc:\windows\Tasks\At40.jobc:\windows\Tasks\At42.jobc:\windows\Tasks\At44.jobc:\windows\Tasks\At46.jobc:\windows\Tasks\At48.jobc:\windows\Tasks\At6.jobc:\windows\Tasks\At8.job..((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))..2011-12-21 21:41 . 2011-12-21 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp2011-12-14 21:27 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll2011-12-14 21:27 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys2011-12-14 21:26 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll2011-12-14 21:26 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll2011-12-14 21:26 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll2011-12-14 21:26 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll2011-12-04 00:43 . 2011-12-04 01:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy2011-12-04 00:43 . 2011-12-04 01:34 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy2011-12-02 21:45 . 2011-12-02 21:45 -------- d-----w- c:\program files (x86)\Common Files\Java2011-11-27 05:04 . 2011-11-27 05:06 111616 ----a-w- c:\windows\SysWow64\N0V0SuxhO.com_2011-11-23 04:01 . 2011-12-02 17:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2011-11-22 05:52 . 2011-11-22 05:52 -------- d-----w- c:\programdata\Malwarebytes2011-11-22 05:16 . 2011-11-22 05:16 -------- d-----w- c:\program files (x86)\GFI Software2011-11-22 04:59 . 2011-11-22 05:05 35 ----a-w- c:\users\TIM\AppData\Roaming\SetValue.bat2011-11-22 04:59 . 2011-11-22 05:05 691 ----a-w- c:\users\TIM\AppData\Roaming\GetValue.vbs2011-11-22 03:17 . 2011-11-22 03:17 -------- d-----w- c:\windows\Sun2011-11-22 02:46 . 2011-11-22 05:01 -------- d-----w- c:\program files (x86)\Common Files\PC Tools2011-11-22 02:45 . 2011-11-22 05:01 -------- d-----w- c:\program files (x86)\PC Tools Security2011-11-22 02:44 . 2011-11-22 03:05 -------- d-----w- c:\programdata\PC Tools...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-12-21 21:42 . 2011-12-21 21:42 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE939DF5-267A-4691-A727-2C2A0E9BF38B}\offreg.dll2011-11-21 11:40 . 2011-12-20 19:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE939DF5-267A-4691-A727-2C2A0E9BF38B}\mpengine.dll2011-11-19 16:28 . 2011-06-05 20:18 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-11-05 21:56 . 2011-11-05 21:56 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2011-10-31 06:46 . 2011-10-31 06:46 2189 ----a-w- c:\users\TIM\AppData\Local\TempfixPerms.vbs2011-10-03 10:06 . 2010-06-18 00:59 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll2011-09-29 16:29 . 2011-11-19 16:33 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys.<pre>c:\program files (x86)\eGames\Puzzle Master Autumn\Uninstall Puzzle Master Autumn .exe</pre>.((((((((((((((((((((((((((((( SnapShot@2011-12-15_01.06.50 ))))))))))))))))))))))))))))))))))))))))).- 2010-06-19 22:31 . 2011-10-13 07:01 35088 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe+ 2010-06-19 22:31 . 2011-12-15 18:15 35088 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\oisicon.exe- 2010-06-19 22:31 . 2011-10-13 07:01 18704 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe+ 2010-06-19 22:31 . 2011-12-15 18:15 18704 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\mspicons.exe+ 2010-06-19 22:31 . 2011-12-15 18:15 20240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe- 2010-06-19 22:31 . 2011-10-13 07:01 20240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\cagicon.exe+ 2011-12-15 18:15 . 2011-12-15 18:15 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe- 2011-09-16 19:41 . 2011-09-16 19:41 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe- 2011-12-15 01:06 . 2011-12-15 01:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2011-12-21 21:42 . 2011-12-21 21:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat- 2011-12-15 01:06 . 2011-12-15 01:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2011-12-21 21:42 . 2011-12-21 21:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2009-07-14 05:01 . 2011-12-21 21:41 376836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat- 2009-07-14 05:01 . 2011-12-15 01:05 376836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat- 2010-06-19 22:31 . 2011-10-13 07:01 888080 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe+ 2010-06-19 22:31 . 2011-12-15 18:15 888080 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\wordicon.exe+ 2010-06-19 22:31 . 2011-12-15 18:15 922384 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe- 2010-06-19 22:31 . 2011-10-13 07:01 922384 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\pptico.exe+ 2010-06-19 22:31 . 2011-12-15 18:15 845584 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe- 2010-06-19 22:31 . 2011-10-13 07:01 845584 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\outicon.exe+ 2010-06-19 22:31 . 2011-12-15 18:15 217864 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe- 2010-06-19 22:31 . 2011-10-13 07:01 217864 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\misc.exe+ 2011-12-15 18:15 . 2011-12-15 18:15 350080 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll+ 2010-10-28 14:48 . 2011-12-21 21:41 2794008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2171278125-3003510731-1154975722-1001-8192.dat- 2010-10-28 14:48 . 2011-12-15 01:05 2794008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2171278125-3003510731-1154975722-1001-8192.dat- 2011-06-05 03:37 . 2011-12-15 01:05 8437056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2171278125-3003510731-1154975722-1001-4096.dat+ 2011-06-05 03:37 . 2011-12-15 18:30 8437056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2171278125-3003510731-1154975722-1001-4096.dat+ 2011-11-01 18:34 . 2011-11-01 18:34 1552384 c:\windows\Installer\3690d56.msp+ 2011-11-01 18:34 . 2011-11-01 18:34 4250112 c:\windows\Installer\3690d4e.msp+ 2011-11-01 18:34 . 2011-11-01 18:34 2247168 c:\windows\Installer\3690d2c.msp+ 2011-11-11 21:14 . 2011-11-11 21:14 9096192 c:\windows\Installer\3690d1b.msp+ 2011-11-01 18:34 . 2011-11-01 18:34 2531840 c:\windows\Installer\3690cfb.msp+ 2011-11-11 21:15 . 2011-11-11 21:15 1795584 c:\windows\Installer\3690cf3.msp+ 2011-11-11 21:16 . 2011-11-11 21:16 8458240 c:\windows\Installer\3690cd3.msp- 2010-06-19 22:31 . 2011-10-13 07:01 1172240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe+ 2010-06-19 22:31 . 2011-12-15 18:15 1172240 c:\windows\Installer\{91120000-0012-0000-0000-0000000FF1CE}\xlicons.exe+ 2009-04-02 17:14 . 2009-04-02 17:14 2532224 c:\windows\Installer\$PatchCache$\Managed\00002119210000000000000000F01FEC\12.0.6425\GRAPH.EXE.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]"HFALoader"="c:\program files (x86)\Hamster Soft\Free ZIP Archiver\HamsterArc.exe" [2011-10-11 2318336]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 1082144].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]R3 GKUPRO2D;GKUPRO2D;c:\windows\system32\Drivers\GKUPRO2D.sys [x]R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/02/03 12:12];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-11-20 03:49 146928]S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [x]S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]S3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]..Contents of the 'Scheduled Tasks' folder.2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2171278125-3003510731-1154975722-1001Core.job- c:\users\TIM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 23:21].2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2171278125-3003510731-1154975722-1001UA.job- c:\users\TIM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 23:21].2011-11-22 c:\windows\Tasks\SidebarExecute.job- c:\program files\Windows Sidebar\sidebar.exe [2011-05-31 13:25]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [N/A]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-10 16413288]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000IE: Free YouTube to MP3 Converter - c:\users\TIM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htmIE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 10.0.0.1FF - ProfilePath - c:\users\TIM\AppData\Roaming\Mozilla\Firefox\Profiles\fj2uev7m.default\.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exec:\program files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exec:\program files (x86)\CyberLink\Shared files\RichVideo.exe.**************************************************************************.Completion time: 2011-12-21 16:48:50 - machine was rebootedComboFix-quarantined-files.txt 2011-12-21 21:48ComboFix2.txt 2011-12-15 01:13.Pre-Run: 357,852,164,096 bytes freePost-Run: 357,779,759,104 bytes free.- - End Of File - - CB92D747A5E1B05F15B721E7443CCC0C***And now the new DDS log***.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29Run by TIM at 18:29:35 on 2011-12-21Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2610 [GMT -5:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\nvvsvc.exeC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\System32\spoolsv.exeC:\windows\system32\nvvsvc.exeC:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\ActivIdentity\ActivClient\acevents.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\windows\system32\taskhost.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\windows\system32\taskeng.exeC:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exeC:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exeC:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exeC:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\windows\system32\svchost.exe -k bthsvcsC:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\windows\SysWOW64\Rezip.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files (x86)\CyberLink\Shared files\RichVideo.exeC:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\windows\system32\svchost.exe -k imgsvcC:\windows\System32\svchost.exe -k secsvcsC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\windows\system32\svchost.exe -k bthaudiosvcC:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeC:\Program Files\iPod\bin\iPodService.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\windows\system32\DllHost.exeC:\windows\system32\svchost.exe -k SDRSVCC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\taskeng.exeC:\windows\system32\taskeng.exeC:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exeC:\windows\system32\msiexec.exeC:\windows\system32\SearchIndexer.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\SearchFilterHost.exeC:\windows\system32\DllHost.exeC:\windows\system32\DllHost.exeC:\windows\SysWOW64\cmd.exeC:\windows\system32\conhost.exeC:\windows\SysWOW64\cscript.exeC:\windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyOverride = *.localuURLSearchHooks: H - No FileBHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dlluRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [HFALoader] C:\Program Files (x86)\Hamster Soft\Free ZIP Archiver\HamsterArc.exe -loadermRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exemPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000IE: Free YouTube to MP3 Converter - C:\Users\TIM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htmIE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabTCP: DhcpNameServer = 10.0.0.1TCP: Interfaces\{E1CA3EFE-1C56-42DF-A21C-4D0EE033B96A} : DhcpNameServer = 10.0.0.1TCP: Interfaces\{E1CA3EFE-1C56-42DF-A21C-4D0EE033B96A}\2456C6B696E6F574F575962756C6563737F5349393541453 : DhcpNameServer = 192.168.2.1TCP: Interfaces\{E1CA3EFE-1C56-42DF-A21C-4D0EE033B96A}\6596374716027596649602D2022302 : DhcpNameServer = 10.0.0.1TCP: Interfaces\{E1CA3EFE-1C56-42DF-A21C-4D0EE033B96A}\A416764516C6B6027457563747 : DhcpNameServer = 10.30.224.20 10.40.224.20 10.20.224.20TCP: Interfaces\{E1CA3EFE-1C56-42DF-A21C-4D0EE033B96A}\F466669636560275966496 : DhcpNameServer = 10.0.0.1Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllBHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllmRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun-x64: [HFALoader] C:\Program Files (x86)\Hamster Soft\Free ZIP Archiver\HamsterArc.exe -loadermRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm.================= FIREFOX ===================.FF - ProfilePath - C:\Users\TIM\AppData\Roaming\Mozilla\Firefox\Profiles\fj2uev7m.default\.============= SERVICES / DRIVERS ===============.R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/02/03 12:12:40];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-11-19 146928]R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]R2 HFGService;Handsfree Headset Service;C:\windows\system32\svchost.exe -k bthaudiosvc [2009-7-13 20992]R2 Rezip;Rezip;C:\Windows\SysWOW64\Rezip.exe [2010-2-2 311296]R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-3 1153368]R3 BthAudioHF;BthAudioHF Service;C:\windows\system32\DRIVERS\BthAudioHF.sys --> C:\windows\system32\DRIVERS\BthAudioHF.sys [?]R3 BthAvrcp;Bluetooth AVRCP Profile;C:\windows\system32\DRIVERS\BthAvrcp.sys --> C:\windows\system32\DRIVERS\BthAvrcp.sys [?]R3 csr_a2dp;Bluetooth AV Profile;C:\windows\system32\drivers\bthav.sys --> C:\windows\system32\drivers\bthav.sys [?]R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-8-24 362992]S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-8-24 309744]S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-8-24 166384]S3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?]S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]S3 GKUPRO2D;GKUPRO2D;C:\windows\system32\Drivers\GKUPRO2D.sys --> C:\windows\system32\Drivers\GKUPRO2D.sys [?]S3 ivusb;Initio Driver for USB Default Controller;C:\windows\system32\DRIVERS\ivusb.sys --> C:\windows\system32\DRIVERS\ivusb.sys [?]S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-8-24 1083888]S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\windows\system32\DRIVERS\S3XXx64.sys --> C:\windows\system32\DRIVERS\S3XXx64.sys [?]S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]S3 WSDScan;WSD Scan Support via UMB;C:\windows\system32\DRIVERS\WSDScan.sys --> C:\windows\system32\DRIVERS\WSDScan.sys [?]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2011-12-21 21:55:17 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EE939DF5-267A-4691-A727-2C2A0E9BF38B}\offreg.dll2011-12-21 21:42:40 -------- d-----w- C:\$RECYCLE.BIN2011-12-21 21:33:21 -------- d-----w- C:\ComboFix2011-12-20 19:40:07 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EE939DF5-267A-4691-A727-2C2A0E9BF38B}\mpengine.dll2011-12-15 00:58:07 98816 ----a-w- C:\windows\sed.exe2011-12-15 00:58:07 518144 ----a-w- C:\windows\SWREG.exe2011-12-15 00:58:07 256000 ----a-w- C:\windows\PEV.exe2011-12-15 00:58:07 208896 ----a-w- C:\windows\MBR.exe2011-12-14 21:27:25 43520 ----a-w- C:\windows\System32\csrsrv.dll2011-12-14 21:27:13 3145216 ----a-w- C:\windows\System32\win32k.sys2011-12-14 21:26:59 723456 ----a-w- C:\windows\System32\EncDec.dll2011-12-14 21:26:59 534528 ----a-w- C:\windows\SysWow64\EncDec.dll2011-12-14 21:26:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll2011-12-14 21:26:49 2048 ----a-w- C:\windows\System32\tzres.dll2011-12-04 00:43:08 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy2011-12-04 00:43:08 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy2011-11-27 05:04:05 111616 ----a-w- C:\windows\SysWow64\N0V0SuxhO.com_2011-11-23 04:01:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2011-11-22 05:52:48 -------- d-----w- C:\ProgramData\Malwarebytes2011-11-22 05:16:12 -------- d-----w- C:\Program Files (x86)\GFI Software2011-11-22 04:59:11 691 ----a-w- C:\Users\TIM\AppData\Roaming\GetValue.vbs2011-11-22 04:59:11 35 ----a-w- C:\Users\TIM\AppData\Roaming\SetValue.bat2011-11-22 02:46:00 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools2011-11-22 02:45:59 -------- d-----w- C:\Program Files (x86)\PC Tools Security2011-11-22 02:44:54 -------- d-----w- C:\ProgramData\PC Tools.==================== Find3M ====================.2011-11-19 16:28:41 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-11-04 01:53:39 2309120 ----a-w- C:\windows\System32\jscript9.dll2011-11-04 01:44:47 1390080 ----a-w- C:\windows\System32\wininet.dll2011-11-04 01:44:21 1493504 ----a-w- C:\windows\System32\inetcpl.cpl2011-11-04 01:34:43 2382848 ----a-w- C:\windows\System32\mshtml.tlb2011-11-03 22:47:42 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll2011-11-03 22:40:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl2011-11-03 22:39:47 1127424 ----a-w- C:\windows\SysWow64\wininet.dll2011-11-03 22:31:57 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb2011-10-03 10:06:03 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll2011-09-29 16:29:28 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys.============= FINISH: 18:30:26.08 ===============Thanks. Link to post Share on other sites More sharing options...
Staff screen317 Posted December 23, 2011 Staff ID:508281 Share Posted December 23, 2011 Hi, Next, please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan Wait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me know how things are running now and what issues remain. Link to post Share on other sites More sharing options...
FrysGIRL Posted January 12, 2012 Author ID:516507 Share Posted January 12, 2012 This is the ESET log: It said it found 4 items that it placed in quarantine for deletion.ESETSmartInstaller@High as CAB hook log:OnlineScanner64.ocx - registred OKOnlineScanner.ocx - registred OKThis is the Security Check Log:C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.E trojan cleaned by deleting - quarantinedC:\Users\TIM\AppData\Roaming\62AB017C05BCE4718DDFAB7AB7504198\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantinedC:\Users\TIM\AppData\Roaming\62AB017C05BCE4718DDFAB7AB7504198\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantinedC:\Windows\System32\N0V0SuxhO.com_ a variant of Win32/Kryptik.VRX trojan cleaned by deleting - quarantined Link to post Share on other sites More sharing options...
Staff screen317 Posted January 16, 2012 Staff ID:517387 Share Posted January 16, 2012 Did you see the rest of my instructions above?? Link to post Share on other sites More sharing options...
Staff screen317 Posted February 22, 2012 Staff ID:529615 Share Posted February 22, 2012 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted February 28, 2012 Staff ID:531345 Share Posted February 28, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts