Jump to content

Sound of Ads playing in the background - Can't get un-infected


Recommended Posts

Hello,

My computer is currently playing music and ads in the background even when I have nothing open. I can't seem to get rid of it using my standard spyware and malware removal tools so hopefully y'all can help.

Here are the logs as requested.

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26

Run by Ben at 13:53:16 on 2012-03-14

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3510.1830 [GMT -5:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

D:\Program Files\Dell\Reader 2.0\DVMExportService.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe

C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\locator.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe

c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Windows\system32\wbem\wmiprvse.exe

D:\Program Files\Dell\Reader 2.0\DellBtrEvent.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Eula.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\ehome\ehshell.exe

C:\Windows\eHome\ehExtHost.exe

C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\ping.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\50qPmDuK.com

C:\Windows\system32\50QPMD~1.COM

C:\Windows\system32\50qPmDuK.com

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.hotspotshield.com/g/?c=h

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe

mRun: [broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe

mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [DellBtrEvent] d:\program files\dell\reader 2.0\DellBtrEvent.exe

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [boingo Wi-Fi] "c:\program files\boingo\boingo wi-fi\Boingo.lnk"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [mslivemsn] c:\windows\system32\config\systemprofile\librarys\wgesdwx\svchost.exe

dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

dRun: [KB00719204.exe] "c:\windows\system32\config\systemprofile\appdata\roaming\KB00719204.exe"

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe

dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f

StartupFolder: c:\users\ben\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 10.200.32.1 128.194.254.1 128.194.254.2 128.194.254.3

TCP: Interfaces\{E1D3E337-09B1-401D-824D-1EBE71D113FC} : DhcpNameServer = 10.200.32.1 128.194.254.1 128.194.254.2 128.194.254.3

TCP: Interfaces\{E1D3E337-09B1-401D-824D-1EBE71D113FC}\14379616E67496E676562714379616E6D27657563747 : DhcpNameServer = 208.180.42.68 208.180.42.100

TCP: Interfaces\{E1D3E337-09B1-401D-824D-1EBE71D113FC}\2444E45445 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{E1D3E337-09B1-401D-824D-1EBE71D113FC}\24F6E65627A416D637 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{E1D3E337-09B1-401D-824D-1EBE71D113FC}\2523644503 : DhcpNameServer = 192.168.1.1 71.242.0.12

TCP: Interfaces\{E1D3E337-09B1-401D-824D-1EBE71D113FC}\752545631303E4 : DhcpNameServer = 208.67.222.222 208.67.220.220 208.180.42.100

TCP: Interfaces\{E1D3E337-09B1-401D-824D-1EBE71D113FC}\C416155796E64716 : DhcpNameServer = 4.2.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Authentication Packages = msv1_0 wvauth

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\ben\appdata\roaming\mozilla\firefox\profiles\0nnectse.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\ben\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-24 343920]

R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-7-8 17072]

R1 DVMIO;DVMIO;d:\program files\dell\reader 2.0\dvmio.sys [2009-7-10 16984]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe [2010-7-8 81920]

R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-12-17 812448]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-12-17 27040]

R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-12-10 386848]

R2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\dell\reader 2.0\DVMExportService.exe [2009-8-3 327680]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-7-8 13336]

R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-7-8 60928]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-20 652360]

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-3-25 22816]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-3-25 66880]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-8-24 70728]

R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-7-8 59904]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-7-8 42672]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-7-8 143968]

R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-7-8 33832]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-7-8 214696]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-7-8 132480]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-7-8 232960]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-22 20464]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 avg7alrt;Application;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-12 136176]

S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-3-25 147472]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-7-8 134144]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-12 136176]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-24 91832]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-24 43288]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-24 66600]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-7-8 48640]

S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-7-8 38912]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-15 1343400]

.

=============== Created Last 30 ================

.

2012-03-09 17:28:20 82433 ----a-w- c:\windows\system32\50qPmDuK.com

2012-02-25 08:56:28 -------- d-----w- c:\users\ben\appdata\roaming\SUPERAntiSpyware.com

2012-02-25 08:56:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-02-25 08:56:02 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-02-25 08:42:22 82433 ----a-w- c:\programdata\0U7uKtJ4.exe_

2012-02-25 08:42:22 82433 ----a-w- c:\programdata\0U7uKtJ4.exe

2012-02-24 16:01:47 82433 ----a-w- c:\windows\system32\50qPmDuK.com_

.

==================== Find3M ====================

.

2012-03-14 08:11:12 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-03-10 23:35:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-23 02:56:50 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

.

============= FINISH: 13:56:58.31 ===============

and Attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 7/14/2010 11:22:18 AM

System Uptime: 3/14/2012 3:10:25 AM (10 hours ago)

.

Motherboard: Dell Inc. | | 02K3Y4

Processor: Intel® Core i5 CPU M 540 @ 2.53GHz | CPU 1 | 2534/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 216 GiB total, 108.692 GiB free.

D: is FIXED (FAT32) - 2 GiB total, 1.904 GiB free.

E: is CDROM (UDF)

I: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

==== System Restore Points ===================

.

RP196: 2/23/2012 2:34:51 AM - Scheduled Checkpoint

RP197: 2/25/2012 2:19:06 AM - Restore Operation

RP198: 2/27/2012 10:41:22 AM - Windows Backup

RP199: 3/1/2012 11:47:33 AM - Windows Backup

.

==== Installed Programs ======================

.

.

µTorrent

32 Bit HP CIO Components Installer

AccelerometerP11

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.6

Adobe Shockwave Player 11.5

AIM 7

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Batman: Arkham Asylum GOTY Edition

BioAPI Framework

Boingo Wi-Fi

Bonjour

BufferChm

CDisplay 1.8

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Cisco Systems VPN Client 5.0.03.0560

Copy

DCP32MMWrapper

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Control Point

Dell ControlPoint Security Manager

Dell ControlPoint System Manager

Dell ControlVault Host Components Installer

Dell Edoc Viewer

Dell Embassy Trust Suite by Wave Systems

Dell Security Device Driver Pack

Dell Touchpad

Dell Webcam Central

Destinations

DeviceDiscovery

DJ_AIO_05_F4400_Software_Min

Document Manager Lite

Download Updater (AOL LLC)

DW WLAN Card Utility

EMBASSY Security Center

EMBASSY Security Setup

ESC Home Page Plugin

F4400

Gemalto

Google Earth

Google Update Helper

GPBaseService2

HP Customer Participation Program 13.0

HP Deskjet F4400 Printer Driver Software 13.0 Rel .5

HP Imaging Device Functions 13.0

HP Print Projects 1.0

HP Solution Center 13.0

HPPhotoGadget

hpPrintProjects

HPProductAssistant

HPSSupply

hpWLPGInstaller

Intel® Graphics Media Accelerator Driver

Intel® Network Connections 14.8.43.0

Intel® Rapid Storage Technology

iTunes

Java Auto Updater

Java 6 Update 26

Junk Mail filter update

League of Legends

Malwarebytes Anti-Malware version 1.60.1.1000

MarketResearch

McAfee Agent

McAfee VirusScan Enterprise

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft IntelliPoint 8.2

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 10.0.2 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

novaPDF Standard Desktop 7.2 printer

NTRU TCG Software Stack

NVIDIA PhysX

Pando Media Booster

PowerDVD DX

POWERPREP II

Preboot Manager

Private Information Manager

QuickTime

QuickTime 3.0

Reader 2.0

Rosetta Stone Version 3

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE 10.3

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft Excel 2010 (KB2553070)

Security Update for Microsoft InfoPath 2010 (KB2510065)

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2289161)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft PowerPoint 2010 (KB2519975)

Security Update for Microsoft Publisher 2010 (KB2409055)

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Word 2010 (KB2345000)

Security Wizards

Shop for HP Supplies

Skype Toolbars

Skype™ 5.3

SO32MMWrapper

SolutionCenter

Stata 12

Status

Steam

StreamTorrent 1.0

SUPERAntiSpyware

The Elder Scrolls V: Skyrim

Toolbox

TrayApp

Trusted Drive Manager

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Office 2010 (KB2413186)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2523113)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft OneNote 2010 (KB2493983)

Update for Microsoft Outlook Social Connector (KB2583935)

UPEK TouchChip Fingerprint Reader

Veetle TV 0.9.18

VirtualCloneDrive

VLC media player 1.1.4

Wave Infrastructure Installer

Wave Support Software

WebReg

Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Player Firefox Plugin

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

3/7/2012 3:38:48 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.3 with the system having network hardware address 78-A3-E4-09-65-48. Network operations on this system may be disrupted as a result.

3/14/2012 3:11:33 AM, Error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).

3/14/2012 3:11:16 AM, Error: Service Control Manager [7023] - The Tga service terminated with the following error: The specified module could not be found.

3/14/2012 3:11:16 AM, Error: Service Control Manager [7023] - The Slservice service terminated with the following error: The specified module could not be found.

3/14/2012 3:11:16 AM, Error: Service Control Manager [7023] - The Pdlncfwk service terminated with the following error: The specified module could not be found.

3/14/2012 3:11:16 AM, Error: Service Control Manager [7023] - The Mcmispupdmgr service terminated with the following error: The specified module could not be found.

3/14/2012 3:11:16 AM, Error: Service Control Manager [7023] - The Ma763004 service terminated with the following error: The specified module could not be found.

3/14/2012 3:11:16 AM, Error: Service Control Manager [7023] - The LMIRfsDriver service terminated with the following error: The specified module could not be found.

3/14/2012 3:11:16 AM, Error: Service Control Manager [7023] - The Idrivert service terminated with the following error: The specified module could not be found.

3/14/2012 3:11:16 AM, Error: Service Control Manager [7023] - The ESettingsService service terminated with the following error: The specified module could not be found.

3/14/2012 3:11:16 AM, Error: Service Control Manager [7023] - The Dmserver service terminated with the following error: The specified module could not be found.

3/14/2012 3:11:16 AM, Error: Service Control Manager [7023] - The Avg7rsw service terminated with the following error: The specified module could not be found.

3/14/2012 3:11:16 AM, Error: Service Control Manager [7023] - The ABVPN2K service terminated with the following error: The specified module could not be found.

3/14/2012 3:11:16 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

3/14/2012 3:11:15 AM, Error: Service Control Manager [7023] - The Winmtsrv service terminated with the following error: The specified module could not be found.

3/14/2012 3:11:15 AM, Error: Service Control Manager [7023] - The ScFBPNT3 service terminated with the following error: The specified module could not be found.

3/14/2012 3:11:15 AM, Error: Service Control Manager [7023] - The Iaimtv3 service terminated with the following error: The specified module could not be found.

3/14/2012 3:11:15 AM, Error: Service Control Manager [7023] - The Ghaio service terminated with the following error: The specified module could not be found.

3/14/2012 3:11:15 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

3/14/2012 3:11:15 AM, Error: Service Control Manager [7023] - The Bthport service terminated with the following error: The specified module could not be found.

3/14/2012 3:11:15 AM, Error: Service Control Manager [7023] - The Application service terminated with the following error: The specified module could not be found.

3/14/2012 3:11:15 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

3/14/2012 3:11:15 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.

3/14/2012 12:43:14 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.

3/14/2012 10:11:20 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

3/14/2012 10:11:20 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

3/14/2012 1:54:14 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

3/13/2012 11:49:36 AM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.

3/13/2012 11:17:54 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

3/13/2012 11:17:49 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .

3/12/2012 7:45:52 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

3/10/2012 11:58:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

.

==== End Of File ===========================

thanks for any help you can provide

Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.