Infected..browser hyjacted?

[fstodd]

Hi after downloading an ftp client sunday my icons on my desktop disapeared and most of my programs in the start menu also were gone. After using the recovery console I was able to find my desktop icons but they all had their attributes set to hidden...so after resetting them all seemed fine until I launched IE and tried a google search, it redirected me to a random sites that had little or nothing to do with the search topic. After installing MWB a notice was popping up say it had block acsess to 206.161.121.5. After running a full scan with MWB it said it found nothing, Here are the contence of the log files as requested,

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 6/25/2011 8:05:36 PM

System Uptime: 4/3/2012 10:20:31 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0YH79Y

Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU | 2301/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 684 GiB total, 503.101 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Officejet 6300 series

Device ID: ROOT\MULTIFUNCTION\0008

Manufacturer:

Name: Officejet 6300 series

PNP Device ID: ROOT\MULTIFUNCTION\0008

Service:

.

Class GUID:

Description: HP LaserJet 4050 Series

Device ID: ROOT\MULTIFUNCTION\0009

Manufacturer:

Name: HP LaserJet 4050 Series

PNP Device ID: ROOT\MULTIFUNCTION\0009

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: DesignJet 800 (C7779B)

Device ID: ROOT\MULTIFUNCTION\0010

Manufacturer: Hewlett-Packard

Name: DesignJet 800 (C7779B)

PNP Device ID: ROOT\MULTIFUNCTION\0010

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 7500 E910

Device ID: ROOT\MULTIFUNCTION\0011

Manufacturer: HP

Name: Officejet 7500 E910

PNP Device ID: ROOT\MULTIFUNCTION\0011

Service:

.

Class GUID:

Description: HP LaserJet P3005

Device ID: ROOT\MULTIFUNCTION\0012

Manufacturer:

Name: HP LaserJet P3005

PNP Device ID: ROOT\MULTIFUNCTION\0012

Service:

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Intel® Centrino® Wireless-N 1030

Device ID: PCI\VEN_8086&DEV_008A&SUBSYS_53258086&REV_34\4&2618800A&0&00E0

Manufacturer: Intel Corporation

Name: Intel® Centrino® Wireless-N 1030

PNP Device ID: PCI\VEN_8086&DEV_008A&SUBSYS_53258086&REV_34\4&2618800A&0&00E0

Service: NETwNs64

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: hp business inkjet 1100

Device ID: ROOT\MULTIFUNCTION\0013

Manufacturer: hp

Name: hp business inkjet 1100

PNP Device ID: ROOT\MULTIFUNCTION\0013

Service:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Todd at 10:36:52 on 2012-04-03

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8106.5718 [GMT -7:00]

.

AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\Common Files\Rockwell\EventServer.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe

C:\Program Files (x86)\Rockwell Software\RSOPC Gateway\RSOPCGateway.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Common Files\Rockwell\RdcyHost.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe

C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe

C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe

C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files (x86)\Common Files\Rockwell\EventClientMultiplexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe

C:\Program Files (x86)\Common Files\Rockwell\RnaDirServer.exe

C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe

C:\Program Files (x86)\Common Files\Rockwell\RNADirMultiplexor.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\PST\Binaries\RACurrTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe

C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Users\Todd\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://news.google.com/nwshp?hl=en&tab=wn

uDefault_Page_URL = hxxp://companyweb

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"

mRun: [usbCipHelper] C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

StartupFolder: C:\Users\Todd\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Todd\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RACURR~1.LNK - C:\Program Files (x86)\PST\Binaries\RACurrTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: RunStartupScriptSync = 1 (0x1)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724

DPF: {FFAD8DA9-ED41-494D-AC8E-63D861D0A733} - hxxps://download.rockwellautomation.com/plugins/rockwell.cab

TCP: DhcpNameServer = 192.168.30.3

TCP: Interfaces\{65318C82-C38F-4815-BCB0-B0EEF71985A3} : DhcpNameServer = 192.168.30.3

TCP: Interfaces\{65318C82-C38F-4815-BCB0-B0EEF71985A3}\84F4553554F5751405 : DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll

Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"

mRun-x64: [usbCipHelper] C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120317.011\BHDrvx64.sys [2012-3-22 1157240]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [?]

R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [?]

R1 VirtualBackplane;A-B Virtual Backplane;C:\Windows\system32\Drivers\VirtualBackplane.sys --> C:\Windows\system32\Drivers\VirtualBackplane.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-28 98208]

R2 aksdf;aksdf;C:\Windows\system32\DRIVERS\aksdf.sys --> C:\Windows\system32\DRIVERS\aksdf.sys [?]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-13 901184]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-13 974912]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-2-27 499200]

R2 FactoryTalk Activation Service;FactoryTalk Activation Service;C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [2010-5-17 1122568]

R2 FactoryTalk Gateway;FactoryTalk Gateway;C:\Program Files (x86)\Rockwell Software\RSOPC Gateway\RSOPCGateway.exe [2010-8-26 387432]

R2 FTActivationBoost;FactoryTalk Activation Helper;C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [2011-11-14 144744]

R2 MSSQL$FTVIEWX64TAGDB;SQL Server (FTVIEWX64TAGDB);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe [2011-6-17 43040096]

R2 NmspHost;Rockwell Namespace Services;C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe [2011-11-11 224104]

R2 RdcyHost;Rockwell Redundancy Services;C:\Program Files (x86)\Common Files\Rockwell\RdcyHost.exe [2011-11-11 224104]

R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [2011-6-14 137224]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-4-28 1692480]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-28 2656280]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-9-23 539248]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-2-27 885248]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-13 1298496]

R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]

R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]

R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-13 138360]

R3 EventServer;Rockwell Event Server;C:\Program Files (x86)\Common Files\Rockwell\EventServer.exe [2011-11-11 250216]

R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-25 136176]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-3 652360]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S3 DataLoggerService;OPC Data Logger;C:\Program Files (x86)\Software Toolbox\OPC Data Logger\DataLoggerService.exe [2012-2-26 16384]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-25 136176]

S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

S3 LogReceiver;LogReceiver;C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [2011-6-24 80232]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]

S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 44896]

S4 SQLAgent$FTVIEWX64TAGDB;SQL Server Agent (FTVIEWX64TAGDB);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 370016]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-04-03 16:07:05 -------- d-----w- C:\Users\Todd\AppData\Roaming\Malwarebytes

2012-04-03 16:06:54 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-03 16:06:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-01 23:46:35 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC71AE8F-B2D9-4BE0-B4DE-32B23B16D47E}\offreg.dll

2012-04-01 21:27:23 -------- d-----w- C:\Program Files (x86)\ioDesktop

2012-03-29 00:49:53 -------- d-----w- C:\1203-USB_Drivers

2012-03-16 10:13:58 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-16 10:13:50 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-16 10:13:50 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-16 10:13:50 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-16 10:13:36 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-16 10:13:36 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-16 10:04:40 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-16 10:04:39 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-16 10:04:39 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-16 10:04:39 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-15 18:25:01 -------- d-----w- C:\Program Files (x86)\ControlFLASH

2012-03-15 18:06:06 -------- d-----w- C:\RSCommon

2012-03-06 23:05:05 -------- d-----w- C:\Program Files\Babylon

2012-03-06 23:05:05 -------- d-----w- C:\Program Files (x86)\Babylon

2012-03-05 11:02:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-03-05 11:02:35 2048 ----a-w- C:\Windows\System32\tzres.dll

.

==================== Find3M ====================

.

2012-03-01 16:42:57 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-28 21:37:33 27990 ---ha-w- C:\Users\Todd\Voip_router_config.bin

2012-01-29 13:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-12 23:39:32 1488 ----a-w- C:\Windows\SysWow64\Rsvchost.reg

2012-01-12 23:39:32 1488 ----a-w- C:\Windows\SysWow64\RdcyReg.reg

.

============= FINISH: 10:44:58.02 ===============

[D-FRED-BROWN]

Hello fstodd and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

• TDSSKiller.zip from here and extract it (right click on it => "Extract here").
  

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

• Click on the Start Scan button and wait for the scan and disinfection process to be over.
  
• If an infected file is detected, the default action will be Cure, click on Continue
  
• If a suspicious file is detected, the default action will be Skip, click on Continue
  
• If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  
• If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
  

In your next reply, please include the following (you may need to use two posts to get it all in):

• TDSSKiller_log.txt
  

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

-------------

In your next reply, please include:

• TDSSKiller logfile
  
• C:\ComboFix.txt
  
• Security Check checkup.txt
  

How is your computer running now?

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!