Jump to content

STILL infected with mediashifting redirect


Recommended Posts

Here's my old thread.

Same redirects, no new websites and all.

My computer has been infected in these places most of the time:

c:\windows\assembly\tmp\u\000000c0.@trojan.agent

C:\Windows\assembly\GAC_32\Desktop.ini

Restarting does nothing. Deleting does nothing. It just keeps coming back and re-directs me to new sites or completely freeze my firefox, msn messenger, skype, chrome or even the task manager itself! Even whatever I am clicking or typing on freezes constantly..

I will be hoping for the best here. Thank you!

Here are the logs:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_03

Run by chibikarla at 23:11:12 on 2012-01-19

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2116 [GMT -5:00]

.

AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\taskhost.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Users\chibikarla\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\chibikarla\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\chibikarla\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\chibikarla\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\chibikarla\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\chibikarla\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\chibikarla\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\chibikarla\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\chibikarla\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\chibikarla\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Java\jre1.6.0_03\bin\jucheck.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\LogonUI.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.orbitdownloader.com

mStart Page = hxxp://www.bigseekpro.com/hypercam/{11A2A5ED-9291-4557-B3A8-4BB8BCA1CCA4}

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

mURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbhelper.dll

mWinlogon: Userinit=userinit.exe,

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll

BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\chibikarla\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Hyperionics DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll

TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [Google Update] "C:\Users\chibikarla\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [FlashGet 3] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize

mRun: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

IE: Download all by FlashGet3 - C:\Users\chibikarla\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download by FlashGet3 - C:\Users\chibikarla\AppData\Roaming\FlashGetBHO\GetUrl.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 167.206.251.129 167.206.251.130

TCP: Interfaces\{9C3B4FB8-4E50-40E0-8B23-4E3ED25A5B24} : DhcpNameServer = 167.206.251.129 167.206.251.130

TCP: Interfaces\{9C3B4FB8-4E50-40E0-8B23-4E3ED25A5B24}\D69745F65736860243740284F6473707F647 : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll

BHO-X64: dTPodcastBHO - No File

BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

BHO-X64: uTorrentControl2 - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\chibikarla\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll

BHO-X64: FlashGetBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll

BHO-X64: SMTTB2009 - No File

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Hyperionics DB Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll

TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\chibikarla\AppData\Roaming\Mozilla\Firefox\Profiles\qmnxbt22.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20111105182142569&tb_oid=08-11-2011&tb_mrud=08-11-2011

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001

FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=63303&p=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\chibikarla\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]

R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]

R2 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-9 652872]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-31 2255464]

R2 pav_security;Safety Settings Service;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]

R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\system32\DRIVERS\OSDACPI.SYS --> C:\Windows\system32\DRIVERS\OSDACPI.SYS [?]

R3 AVerAVF2;AVerAVF2;C:\Windows\system32\DRIVERS\AVerAVF2.sys --> C:\Windows\system32\DRIVERS\AVerAVF2.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 Gun;Gun;C:\Game\SoftnyxGame\GunboundIS\Gun64.sys [2011-9-12 45176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-01-20 01:25:44 -------- d-----w- C:\Users\chibikarla\AppData\Local\{23205B85-FFC9-4D57-9AF0-AB9D30492BE4}

2012-01-20 01:24:34 -------- d-----w- C:\Users\chibikarla\AppData\Local\{11730E43-F445-40AF-AE0C-A3D6A0A98341}

2012-01-18 23:58:29 -------- d-----w- C:\Users\chibikarla\AppData\Local\{076CAFDE-2FCA-4F0D-A67B-DD16150C401A}

2012-01-18 23:58:16 -------- d-----w- C:\Users\chibikarla\AppData\Local\{1C89024B-5350-4331-AF7C-01B7648FF2F0}

2012-01-18 21:05:12 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8E6C2F12-73C0-4984-B430-6676854AE2BE}\offreg.dll

2012-01-18 11:57:42 -------- d-----w- C:\Users\chibikarla\AppData\Local\{32F7D5F3-4FC3-46EC-B0CA-94FE90AA82A7}

2012-01-18 11:56:34 -------- d-----w- C:\Users\chibikarla\AppData\Local\{D102AAA9-3CDC-4F15-BF47-59C13028393F}

2012-01-17 23:41:28 -------- d-----w- C:\Users\chibikarla\AppData\Local\{DF0593BA-258A-4741-BD7C-2DF86E793007}

2012-01-17 23:41:16 -------- d-----w- C:\Users\chibikarla\AppData\Local\{9467837C-CCEC-4060-9E74-49D72A7C6887}

2012-01-17 20:02:37 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8E6C2F12-73C0-4984-B430-6676854AE2BE}\mpengine.dll

2012-01-17 11:40:46 -------- d-----w- C:\Users\chibikarla\AppData\Local\{FF2658FE-05CD-4952-B44D-43D5214EBB7B}

2012-01-17 11:39:35 -------- d-----w- C:\Users\chibikarla\AppData\Local\{DDFCE88C-512F-4800-8B72-821478FDD81A}

2012-01-16 18:07:05 -------- d-----w- C:\Users\chibikarla\AppData\Local\{C0F8DB38-4B8E-483C-B693-438A2F70DC44}

2012-01-16 18:06:50 -------- d-----w- C:\Users\chibikarla\AppData\Local\{2A18DF8F-D09B-4C8A-A56B-68B36FDC6868}

2012-01-16 06:06:11 -------- d-----w- C:\Users\chibikarla\AppData\Local\{206AE50B-9444-47BB-A7AE-E4CF95869ABD}

2012-01-16 06:05:56 -------- d-----w- C:\Users\chibikarla\AppData\Local\{F467BF8F-008A-45BD-A64C-6436F5D0BFEB}

2012-01-15 18:05:42 -------- d-----w- C:\Users\chibikarla\AppData\Local\{43D76627-3A6E-4298-BE9C-5CF57705F360}

2012-01-15 18:05:31 -------- d-----w- C:\Users\chibikarla\AppData\Local\{2E60AB40-8F48-479F-9A22-D492F2661095}

2012-01-15 06:04:49 -------- d-----w- C:\Users\chibikarla\AppData\Local\{9910A3FF-2AA7-4288-8108-A2A032E52EDB}

2012-01-15 06:04:34 -------- d-----w- C:\Users\chibikarla\AppData\Local\{A12130C9-7550-4C1A-A179-B0AFF8B13301}

2012-01-14 18:15:29 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-14 18:15:29 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-14 18:15:29 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-14 18:15:29 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll

2012-01-14 18:04:17 -------- d-----w- C:\Users\chibikarla\AppData\Local\{2125C2B1-F54B-4CB4-9A8B-67622F440CE2}

2012-01-14 18:04:04 -------- d-----w- C:\Users\chibikarla\AppData\Local\{438013B3-891C-42DA-94D7-BA528DEEC8B7}

2012-01-14 00:02:54 -------- d-----w- C:\Users\chibikarla\AppData\Local\{362B366E-1EE6-47C4-BA9A-97C2411EB9E4}

2012-01-14 00:02:42 -------- d-----w- C:\Users\chibikarla\AppData\Local\{F69B9278-F8AE-4D49-A0EC-AEF375FD63DD}

2012-01-13 12:01:52 -------- d-----w- C:\Users\chibikarla\AppData\Local\{ADE74C3D-0D02-4673-8C6F-E7524E7D0143}

2012-01-13 12:00:38 -------- d-----w- C:\Users\chibikarla\AppData\Local\{0AEB5A91-E9C2-47BA-B352-A3C3BD68AA94}

2012-01-13 11:58:19 -------- d-sh--w- C:\found.004

2012-01-12 23:54:19 -------- d-----w- C:\Users\chibikarla\AppData\Local\{69D22A39-67DF-47BE-8CED-7C7867AA6015}

2012-01-12 23:54:07 -------- d-----w- C:\Users\chibikarla\AppData\Local\{9A62E7C3-852C-4004-8D04-C5EBB49EA863}

2012-01-12 12:01:46 -------- d-----w- C:\7420ac1c7ae6cb1b519fe30b88

2012-01-12 11:53:23 -------- d-----w- C:\Users\chibikarla\AppData\Local\{47C0CFF0-B073-43B5-A7D0-A073B525224E}

2012-01-12 11:53:09 -------- d-----w- C:\Users\chibikarla\AppData\Local\{95FD21F4-C3FE-430D-9AC2-0E49FDEACB85}

2012-01-11 21:08:48 -------- d-----w- C:\Users\chibikarla\AppData\Local\{03026EA6-CAD0-47EB-842A-FC4837CC6520}

2012-01-11 21:08:08 -------- d-----w- C:\Users\chibikarla\AppData\Local\{D0BBDB50-400A-4632-B882-60B95DEA0F47}

2012-01-11 12:16:46 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-01-11 12:16:45 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-01-11 12:16:44 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-11 12:16:44 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-01-11 12:12:51 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-11 12:12:47 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-01-11 12:11:02 77312 ----a-w- C:\Windows\System32\packager.dll

2012-01-11 12:11:02 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-01-11 00:35:41 -------- d-----w- C:\Users\chibikarla\AppData\Local\{E2E78B6B-7F0B-45EA-923C-7D59E6F7EA6F}

2012-01-11 00:34:34 -------- d-----w- C:\Users\chibikarla\AppData\Local\{7BBC7865-4A06-46EC-9B59-BECB57677746}

2012-01-10 12:02:16 -------- d-----w- C:\Users\chibikarla\AppData\Local\{0148B9E7-51AD-4A0E-91FC-A88C99907AD0}

2012-01-10 12:01:06 -------- d-----w- C:\Users\chibikarla\AppData\Local\{5BFDAF13-7999-4F8E-99A3-FBE404133829}

2012-01-09 23:38:00 -------- d-----w- C:\Users\chibikarla\AppData\Local\{29109BED-28CB-439C-908C-DC70A0FFEDE5}

2012-01-09 23:37:49 -------- d-----w- C:\Users\chibikarla\AppData\Local\{8E71AC4B-048D-4F64-8283-DECA3F2392B4}

2012-01-09 11:37:02 -------- d-----w- C:\Users\chibikarla\AppData\Local\{B1BC5EF9-D72F-4FA5-8E13-9B681B0CE2C5}

2012-01-09 11:36:16 -------- d-----w- C:\Users\chibikarla\AppData\Local\{D7C4AA22-BF56-46DA-9623-5AAA8A7C76A3}

2012-01-08 17:36:27 -------- d-----w- C:\Users\chibikarla\AppData\Local\{B5F2CC0D-4B85-4D36-90F0-E004E3F60133}

2012-01-08 17:35:46 -------- d-----w- C:\Users\chibikarla\AppData\Local\{772A60EE-EDD3-4083-87B3-069D3B528910}

2012-01-08 04:26:23 -------- d-----w- C:\Users\chibikarla\AppData\Roaming\RenPy

2012-01-08 04:23:13 -------- d-----w- C:\Program Files (x86)\Katawa Shoujo

2012-01-08 04:20:02 -------- d-----w- C:\Users\chibikarla\AppData\Local\{E36DC0AE-CD8E-421A-B3D4-10BAB08762D6}

2012-01-08 04:19:48 -------- d-----w- C:\Users\chibikarla\AppData\Local\{AE77655C-991A-4B1B-A898-37B247B15F41}

2012-01-07 16:19:15 -------- d-----w- C:\Users\chibikarla\AppData\Local\{1C5780EB-4EF7-4A5B-A044-80A717B03CD1}

2012-01-07 16:18:07 -------- d-----w- C:\Users\chibikarla\AppData\Local\{9F2910F0-8D12-4817-ADF5-BF9B6D4EE506}

2012-01-06 21:54:15 -------- d-----w- C:\Users\chibikarla\AppData\Local\{5DD82C9A-C3C0-40D6-8F00-BE78116BE756}

2012-01-06 21:53:59 -------- d-----w- C:\Users\chibikarla\AppData\Local\{18D73BDB-CD40-408A-8DCE-E7B5D7886034}

2012-01-06 03:02:30 -------- d-----w- C:\Users\chibikarla\AppData\Local\{868134D9-5BF5-42DC-B1E4-AE7DAD07D9AE}

2012-01-06 03:01:47 -------- d-----w- C:\Users\chibikarla\AppData\Local\{B832F4DF-F8B1-4BC7-9945-E29265341761}

2012-01-05 12:30:58 -------- d-----w- C:\Users\chibikarla\AppData\Local\{68D66E1B-587B-4A37-BAD0-7EA8F8474AA6}

2012-01-05 12:30:46 -------- d-----w- C:\Users\chibikarla\AppData\Local\{FC9A9F9F-0566-4235-9B0B-1B8C8F5C9868}

2012-01-05 00:30:00 -------- d-----w- C:\Users\chibikarla\AppData\Local\{CE30395F-8B9C-46B0-8DAD-0E5FC43C37CB}

2012-01-05 00:29:47 -------- d-----w- C:\Users\chibikarla\AppData\Local\{9F1718C9-5077-43F6-9C12-47330D1FB568}

2012-01-04 12:28:32 -------- d-----w- C:\Users\chibikarla\AppData\Local\{018ECCBE-AAD0-4CDD-8BA2-5F9F1F2BC606}

2012-01-04 12:27:53 -------- d-----w- C:\Users\chibikarla\AppData\Local\{8CF2265E-CCB3-4124-9B53-83AEB3BFF13A}

2012-01-04 00:19:00 -------- d-----w- C:\Users\chibikarla\AppData\Local\{0912C5FA-F06E-497E-904A-91713F85C93A}

2012-01-04 00:18:46 -------- d-----w- C:\Users\chibikarla\AppData\Local\{455886A5-CCF1-4C78-A102-AC5CEEADF431}

2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2012-01-03 12:17:54 -------- d-----w- C:\Users\chibikarla\AppData\Local\{F0FF0FD9-6111-43B6-9D94-840C4E8890C8}

2012-01-03 12:17:15 -------- d-----w- C:\Users\chibikarla\AppData\Local\{9621F174-92E6-4C05-B6E9-E3E00CE33226}

2012-01-02 16:37:42 -------- d-----w- C:\Users\chibikarla\AppData\Local\{76F450A0-2647-4399-AF30-2103F9F61087}

2012-01-02 16:37:00 -------- d-----w- C:\Users\chibikarla\AppData\Local\{4A951605-B80E-4385-92C7-FA52AA224281}

2012-01-01 19:43:34 -------- d-----w- C:\Users\chibikarla\AppData\Local\{92BF27A2-CB7B-44BA-B4E7-466354D2AAE9}

2012-01-01 19:42:58 -------- d-----w- C:\Users\chibikarla\AppData\Local\{8228E595-FE29-4CE1-86BC-BAB52976F327}

2012-01-01 04:03:34 -------- d-----w- C:\Users\chibikarla\AppData\Local\{97B28C5E-CE5A-42A9-BAD1-674FC7C422F7}

2012-01-01 04:03:22 -------- d-----w- C:\Users\chibikarla\AppData\Local\{A2C7A4F7-EF44-41DB-9BCD-26254B264BA9}

2011-12-31 16:02:43 -------- d-----w- C:\Users\chibikarla\AppData\Local\{8F729B5E-ACE9-48E7-AA40-4B76796F438D}

2011-12-31 16:02:28 -------- d-----w- C:\Users\chibikarla\AppData\Local\{0A3795CD-7DF4-4DA8-84E4-BF99701B812A}

2011-12-31 15:43:24 -------- d-----w- C:\Users\chibikarla\AppData\Local\doubleTwist Corporation

2011-12-31 15:43:20 -------- d-----w- C:\Program Files (x86)\Common Files\doubleTwist

2011-12-31 15:43:17 60273 ----a-w- C:\Windows\SysWow64\pthreadGC2.dll

2011-12-31 15:43:17 57344 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2011-12-31 15:43:16 -------- d-----w- C:\Program Files (x86)\ffdshow

2011-12-31 15:42:23 -------- d-----w- C:\Program Files (x86)\doubleTwist 2.0

2011-12-31 04:01:55 -------- d-----w- C:\Users\chibikarla\AppData\Local\{D700A865-7F93-4035-9CC5-82449C84675D}

2011-12-31 04:01:42 -------- d-----w- C:\Users\chibikarla\AppData\Local\{52080EA3-7484-4EDF-8DA1-D3B3C60CEF58}

2011-12-30 16:01:27 -------- d-----w- C:\Users\chibikarla\AppData\Local\{2F15770A-0859-4FD2-BA19-6B65104B1CC0}

2011-12-30 16:01:16 -------- d-----w- C:\Users\chibikarla\AppData\Local\{97B17968-5BCB-42DC-B013-D00C253E1DFA}

2011-12-30 05:57:42 -------- d-----w- C:\Windows\Logs

2011-12-30 05:55:32 -------- d-sh--w- C:\$RECYCLE.BIN

2011-12-30 05:55:19 -------- d-----w- C:\Users\chibikarla\AppData\Local\Temp

2011-12-30 05:55:17 -------- d-----w- C:\Windows\System32\wbem\Logs

2011-12-28 23:10:29 -------- d-----w- C:\Program Files (x86)\uTorrentControl2

2011-12-24 04:26:17 -------- d-----w- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)

.

==================== Find3M ====================

.

2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-08 20:01:12 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-12-03 00:32:42 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-11-05 05:47:42 546256 ----a-r- C:\Windows\SysWow64\SZComp5.dll

2011-11-05 05:47:42 480720 ----a-r- C:\Windows\SysWow64\SZBase5.dll

2011-11-05 05:47:42 22992 ----a-r- C:\Windows\SysWow64\SZIO5.dll

2011-11-05 05:47:42 132560 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll

2011-11-05 05:47:40 99792 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll

2011-11-05 05:47:40 738768 ----a-r- C:\Windows\SysWow64\IS3Base5.dll

2011-11-05 05:47:40 67024 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll

2011-11-05 05:47:40 456144 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll

2011-11-05 05:47:40 390608 ----a-r- C:\Windows\SysWow64\IS3UI5.dll

2011-11-05 05:47:40 28624 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll

2011-11-05 05:47:40 230864 ----a-r- C:\Windows\SysWow64\IS3Win325.dll

2011-11-05 05:47:40 103888 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll

2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-11-01 01:23:30 4022504 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe

2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

.

============= FINISH: 23:12:43.75 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 8/31/2011 5:14:16 PM

System Uptime: 1/19/2012 8:23:36 PM (3 hours ago)

.

Motherboard: PEGATRON CORPORATION | | Maureen

Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz | CPU 1 | 1188/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 581 GiB total, 310.383 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 2.024 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

I: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Windows Firewall Authorization Driver

Device ID: ROOT\LEGACY_MPSDRV\0000

Manufacturer:

Name: Windows Firewall Authorization Driver

PNP Device ID: ROOT\LEGACY_MPSDRV\0000

Service: mpsdrv

.

==== System Restore Points ===================

.

RP96: 1/3/2012 7:46:47 AM - Windows Update

RP98: 1/10/2012 6:08:49 PM - Windows Update

RP100: 1/10/2012 11:28:43 PM - Windows Update

RP102: 1/12/2012 6:58:13 AM - Windows Update

RP104: 1/14/2012 1:07:13 PM - Windows Update

RP106: 1/17/2012 3:02:13 PM - Windows Update

.

==== Installed Programs ======================

.

µTorrent

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.2)

AIM 7

AIO_CDA_ProductContext

AIO_CDA_Software

AIO_Scan

Amazon MP3 Downloader 1.0.12

AOL Messaging Toolbar

Apple Application Support

Apple Software Update

Audacity 1.3.14 (Unicode)

Boilsoft Video Splitter 6.32

BufferChm

C5100

c5100_Help

CameraHelperMsi

CDex - Open Source Digital Audio CD Extractor

Click to Call with Skype

Copy

D3DX10

dBpoweramp DSP Effects

dBpoweramp Music Converter

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

DocProc

doubleTwist

Download Updater (AOL LLC)

Easy Video Splitter 1.28

erLT

Fax

ffdshow [rev 2527] [2008-12-19]

FlashGet 3.7

Google Chrome

GPBaseService2

HP Update

HPDiagnosticAlert

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

HyperCam 2

Hyperionics DB Toolbar

ImgBurn

IrfanView (remove only)

Java™ 6 Update 3

Junk Mail filter update

Katawa Shoujo

Logitech Vid HD

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.60.0.1800

MarketResearch

Mesh Runtime

Messenger Companion

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Mozilla Firefox 9.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA 3D Vision Controller Driver

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Origin

Pando Media Booster

Pepakura Designer 3

Pepakura Viewer 3

QuickTime

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2553070)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Skype™ 5.5

SmartWebPrinting

SolutionCenter

Status

Tag&Rename 3.5.7

The Sims™ 3

The Sims™ 3 Ambitions

The Sims™ 3 Create a Sim

The Sims™ 3 Fast Lane Stuff

The Sims™ 3 Generations

The Sims™ 3 High-End Loft Stuff

The Sims™ 3 Late Night

The Sims™ 3 Outdoor Living Stuff

The Sims™ 3 Town Life Stuff

The Sims™ 3 World Adventures

Toolbox

TrayApp

UnloadSupport

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

uTorrentControl2 Toolbar

VirtualCloneDrive

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

xrecode II 1.0.0.181

.

==== Event Viewer Messages From Past Week ========

.

1/19/2012 8:25:19 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

1/19/2012 8:24:02 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.

1/19/2012 8:24:02 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.

1/12/2012 6:54:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Update Service Daemon service to connect.

1/12/2012 6:54:41 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/12/2012 11:18:07 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

1/12/2012 11:15:09 AM, Error: Ntfs [137] - The default transaction resource manager on volume H: encountered a non-retryable error and could not start. The data contains the error code.

.

==== End Of File ===========================

Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.