bayitresources Posted December 26, 2011 ID:509516 Share Posted December 26, 2011 .DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Bill Puccetti at 12:15:00 on 2011-12-26Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6069.4393 [GMT -8:00].AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\FBAgent.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exeC:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Trend Micro\AMSP\coreServiceShell.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeC:\Windows\system32\conhost.exeC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exeC:\Windows\system32\conhost.exeC:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exeC:\Program Files (x86)\LogMeIn\x64\RaMaint.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\LogMeIn\x64\LogMeIn.exeC:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\WUDFHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\servicing\TrustedInstaller.exeC:\Program Files (x86)\LogMeIn\x64\LogMeIn.exeC:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\rundll32.exeC:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exeC:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exeC:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\Citrix\ICA Client\PNAMAIN.EXEC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exeC:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exeC:\Program Files (x86)\Citrix\ICA Client\concentr.exeC:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files (x86)\Browny02\Brother\BrStMonW.exeC:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXEC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Browny02\BrYNSvc.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\SearchProtocolHost.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\AsScrPro.exeC:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9uWindow Title = Windows Internet Explorer provided by Yahoo!BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dllBHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dllBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dllTB: {9D425283-D487-4337-BAB6-AB8354A81457} - No FilemRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exemRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exemRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exemRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /rmRun: [updReg] C:\Windows\UpdReg.EXEmRun: [DXDllRegExe] dxdllreg.exemRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startupmRun: [screwDrivers RDP Plugin] C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exemRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootmRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorunmRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUNmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\Users\BILLPU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXEStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ONLINE~1.LNK - C:\Windows\Installer\{B8A2256E-6225-4D9E-B1C9-C26CA1E22FEB}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exemPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLDPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabDPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=722TCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{C2AC75D8-1533-42B7-BEF4-D00EF6335B7C} : DhcpNameServer = 192.168.1.254TCP: Interfaces\{C2AC75D8-1533-42B7-BEF4-D00EF6335B7C}\4475350246C696E6B60223E2437486A7 : DhcpNameServer = 10.1.0.1Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dllHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg32.dllHandler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dllHandler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dllIFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirectBHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO-X64: 0x1 - No FileBHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dllBHO-X64: Trend Micro NSC BHO - No FileBHO-X64: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dllBHO-X64: Trend Micro Toolbar BHO - No FileBHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dllBHO-X64: Search Helper - No FileBHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dllBHO-X64: TmBpIeBHO - No FileBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB-X64: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dllTB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No FilemRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exemRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exemRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exemRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /rmRun-x64: [updReg] C:\Windows\UpdReg.EXEmRun-x64: [DXDllRegExe] dxdllreg.exemRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startupmRun-x64: [screwDrivers RDP Plugin] C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exemRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootmRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"mRun-x64: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorunmRun-x64: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUNmRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"IFEO-X64: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect.============= SERVICES / DRIVERS ===============.R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-6-6 256336]R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-12-7 375176]R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-6-27 2314240]R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-7-10 245760]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-15 136176]S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-6-27 79360]S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-6-27 79360]S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-8-12 1030600]S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-15 136176]S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?].=============== File Associations ===============.inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*.exe=ND.scr=AutoCADScriptFile.=============== Created Last 30 ================.2011-12-23 14:15:47 -------- d-sh--w- C:\$RECYCLE.BIN2011-12-23 06:40:20 -------- d-----w- C:\Users\Bill Puccetti\AppData\Local\temp2011-12-23 06:33:28 98816 ----a-w- C:\Windows\sed.exe2011-12-23 06:33:28 518144 ----a-w- C:\Windows\SWREG.exe2011-12-23 06:33:28 256000 ----a-w- C:\Windows\PEV.exe2011-12-23 06:33:28 208896 ----a-w- C:\Windows\MBR.exe2011-12-23 06:32:18 -------- d-----w- C:\ComboFix2011-12-22 17:21:14 98816 ----a-w- C:\Windows\System32\wudriver.dll2011-12-22 17:20:54 36864 ----a-w- C:\Windows\System32\wuapp.exe2011-12-22 17:20:54 185416 ----a-w- C:\Windows\System32\wuwebv.dll2011-12-22 17:20:05 2621440 ----a-w- C:\Windows\System32\wucltux.dll2011-12-22 17:18:32 -------- d-----w- C:\610b779be71b9c4852ca2011-12-22 17:18:06 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll2011-12-22 17:18:06 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys2011-12-22 17:18:06 59776 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll2011-12-22 17:18:06 34688 ----a-w- C:\Windows\System32\LMIport.dll2011-12-22 17:18:00 80768 ----a-w- C:\Windows\System32\LMIinit.dll2011-12-22 17:17:44 -------- d-----w- C:\Program Files (x86)\LogMeIn2011-12-22 17:11:44 -------- d-----w- C:\ProgramData\LogMeIn2011-12-22 16:31:28 -------- d-----w- C:\ProgramData\Malwarebytes2011-12-22 16:31:24 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys2011-12-22 16:31:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2011-12-20 14:55:39 -------- d-----w- C:\Users\Bill Puccetti\AppData\Local\Diagnostics2011-12-18 03:02:00 12800 ----a-w- C:\Windows\DCEBoot64.exe2011-12-16 20:27:50 -------- d-----w- C:\Users\Bill Puccetti\AppData\Local\Apps2011-12-14 15:19:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll2011-12-14 15:19:54 3141632 ----a-w- C:\Windows\System32\win32k.sys2011-12-14 15:19:52 723456 ----a-w- C:\Windows\System32\EncDec.dll2011-12-14 15:19:51 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll2011-12-14 15:19:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2011-12-14 15:19:37 2048 ----a-w- C:\Windows\System32\tzres.dll.==================== Find3M ====================.2011-12-26 17:37:41 45056 ----a-w- C:\Windows\System32\acovcnt.exe2011-11-10 13:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys.============= FINISH: 12:15:38.94 =============== Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 18, 2012 ID:528022 Share Posted February 18, 2012 Hi, Next, please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan Wait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Next, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me know how things are running now and what issues remain. Link to post Share on other sites More sharing options...
Recommended Posts