Jump to content

Security Shield 2012 - MB dont detect it - Need Help Plz


Recommended Posts

I somehow got infected by Security Shield 2012, and cant seem to remove it. I can not access the internet unless I enter safe mode with networking,I did a quick and full scan of MalwareBytes but it didnt find anything.

I run an online business and am in desperate need of help - thanks in advance

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421

Run by BQfromNY at 3:49:57 on 2012-04-21

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.5723 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://woot.com/

uSearch Bar = Preserve

uInternet Settings,ProxyOverride = 192.168.*.*

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

uRun: [HLBackupScheduler] G:\Applications\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

uRun: [Google Update] "C:\Users\BQfromNY\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRunOnce: [snoylfpe] C:\Users\BQfromNY\AppData\Local\snoylfpe.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Conime] %windir%\system32\conime.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I

mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [PWRISOVM.EXE] G:\Applications\PowerISO\PWRISOVM.EXE

mRunOnce: [Malwarebytes Anti-Malware] G:\Applications\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\EDIMAX\Common\RaUI.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: C:\Windows\system32\wpclsp.dll

Trusted Zone: intuit.com\ttlc

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{C63B6EB1-2DF5-4535-AF1C-F37211BFB0EE} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{FF2394B9-131C-4AE8-AB5B-1BB9D7DC6678} : NameServer = 208.67.220.222,208.67.220.220

TCP: Interfaces\{FF2394B9-131C-4AE8-AB5B-1BB9D7DC6678} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: CescrtHlpr Object: {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll

BHO-X64: facemoods Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: facemoods Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll

TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Conime] %windir%\system32\conime.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I

mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [PWRISOVM.EXE] G:\Applications\PowerISO\PWRISOVM.EXE

mRunOnce-x64: [Malwarebytes Anti-Malware] G:\Applications\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

.

============= SERVICES / DRIVERS ===============

.

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]

R3 rt61x64;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]

S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-1 136176]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]

S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]

S2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe [2010-2-5 53760]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-1 136176]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-2-5 89920]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-04-21 02:55:24 381952 ----a-w- C:\Users\BQfromNY\AppData\Local\snoylfpe.exe

2012-04-21 02:12:14 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9057EADD-983E-4356-A0FD-11BDE412FE8C}\mpengine.dll

2012-04-11 07:03:20 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-11 07:03:10 78848 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-11 07:03:10 5632 ----a-w- C:\Windows\System32\wmi.dll

2012-04-11 07:03:10 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-11 07:03:10 219136 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-11 07:03:10 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-11 07:03:10 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-11 07:03:10 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-11 01:26:39 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat

2012-04-11 01:26:39 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat

2012-04-08 00:57:38 -------- d-----w- C:\Users\BQfromNY\AppData\Local\{1E221A13-D0E9-49EA-9657-EC34C61E4C52}

.

==================== Find3M ====================

.

2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll

2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll

2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll

2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll

2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 3:50:53.74 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2/5/2010 7:26:10 PM

System Uptime: 4/21/2012 1:12:48 AM (2 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5E Deluxe

Processor: Intel® Core2 Quad CPU Q9650 @ 3.00GHz | LGA775 | 3005/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 75 GiB total, 0.708 GiB free.

D: is CDROM (CDFS)

F: is CDROM (CDFS)

G: is FIXED (NTFS) - 932 GiB total, 402.934 GiB free.

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0001

Manufacturer: Microsoft

Name: isatap.rochester.rr.com

PNP Device ID: ROOT\*ISATAP\0001

Service: tunnel

.

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}

Description: Standard PS/2 Keyboard

Device ID: ACPI\PNP0303\4&23F9C1E3&0

Manufacturer: (Standard keyboards)

Name: Standard PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0

Service: i8042prt

.

Class GUID:

Description: SM Bus Controller

Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_82771043&REV_02\3&11583659&0&FB

Manufacturer:

Name: SM Bus Controller

PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_82771043&REV_02\3&11583659&0&FB

Service:

.

==== System Restore Points ===================

.

RP1175: 4/19/2012 8:43:36 PM - Windows Update

RP1176: 4/20/2012 10:11:33 PM - Windows Update

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

AC3Filter 1.63b

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 9.4.5

aioscnnr

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Software Update

Application Profiles

C4USelfUpdater

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center HydraVision Full

ccc-core-static

CCC Help English

center

D3DX10

DHTML Editing Component

DiRT 3

DivX Web Player

Edimax Wireless LAN

ESET Online Scanner v3

essentials

Facemoods Toolbar

ffdshow [rev 2527] [2008-12-19]

FileZilla Client 3.5.3

Google Chrome

Google Update Helper

Holdem Manager

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Product Detection

HydraVision

Java Auto Updater

Java 6 Update 29

JDownloader 0.9

Junk Mail filter update

K-Lite Codec Pack 7.7.0 (Basic)

KODAK AiO Software

ksDIP

Lernout & Hauspie TruVoice American English TTS Engine

Malwarebytes Anti-Malware version 1.61.0.1400

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MotoHelper MergeModules

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MTX

NVIDIA PhysX

ocr

OpenAL

Perpetuum

PostgreSQL 8.4

PowerISO

PreReq

Quicken 2011

QuickTime

Rapture3D 2.4.8 Game

RIFT

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Segoe UI

Skins

Star Wars: The Old Republic

System Requirements Lab

TeamSpeak 3 Client

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wnyiper

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wnyiper

TurboTax 2011 wrapper

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.762

Verizon V CAST Media Manager

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 1.1.11

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR archiver

World of Warcraft

Xilisoft Video Converter Ultimate 6

.

==== Event Viewer Messages From Past Week ========

.

4/21/2012 1:16:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/21/2012 1:15:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO i8042prt MpFilter SABKUTIL SASDIFSV SASKUTIL SCDEmu spldr Wanarpv6

4/21/2012 1:15:45 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

4/21/2012 1:15:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/21/2012 1:15:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/21/2012 1:14:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/21/2012 1:04:06 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL

4/21/2012 1:02:55 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/20/2012 7:45:32 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001F1F1D3D39 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

4/20/2012 11:26:41 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

4/20/2012 11:26:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO DfsC i8042prt MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss SABKUTIL SASDIFSV SASKUTIL SCDEmu Smb spldr tdx Wanarpv6 ws2ifsl

4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/20/2012 11:25:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

4/20/2012 11:25:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

4/20/2012 11:25:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

4/20/2012 11:22:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/17/2012 9:16:07 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001F1F1D3D39 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

------->Logs will be closed if you haven't replied within 3 days!<--------

See if following this guide works.

if not...........

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

--------------------------------------

Next.....

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Thanks for your help!

RogueKiller V7.3.3 [04/22/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User: BQfromNY [Admin rights]

Mode: Scan -- Date: 04/22/2012 16:06:06

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800AAJS-55M0A0 ATA Device +++++

--- User ---

[MBR] 928b309c73e14f265088477f8b22064a

[bSP] 0cba7ebd502fe44e78ce7d7b865c4e82 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76317 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1002FAEX-007BA0 ATA Device +++++

--- User ---

[MBR] d9bf02f086f4539c92a8d0e584e44fa7

[bSP] a9d1ab513d6adee634987d06ea2bd69e : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

 

 

 

Link to post
Share on other sites

OTL logfile created on: 4/22/2012 4:08:26 PM - Run 3

OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\BQfromNY\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.11 Gb Available Physical Memory | 63.95% Memory free

16.20 Gb Paging File | 13.06 Gb Available in Paging File | 80.64% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 74.53 Gb Total Space | 4.30 Gb Free Space | 5.76% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Drive G: | 931.51 Gb Total Space | 419.97 Gb Free Space | 45.09% Space Free | Partition Type: NTFS

Computer Name: QUERRIE-PC | User Name: BQfromNY | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/21 19:34:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\BQfromNY\Desktop\OTL.com

PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

PRC - [2011/11/18 00:25:22 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe

PRC - [2011/10/23 04:19:04 | 005,013,128 | ---- | M] () -- G:\Applications\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2009/09/08 03:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe

PRC - [2009/09/08 03:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

PRC - [2008/11/02 04:38:58 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- G:\Applications\PowerISO\PWRISOVM.EXE

PRC - [2007/12/26 18:17:18 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe

PRC - [2007/12/22 09:36:18 | 001,040,384 | ---- | M] (Edimax Technology Co., Ltd.) -- C:\Program Files (x86)\EDIMAX\Common\RaUI.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/23 04:19:04 | 005,013,128 | ---- | M] () -- G:\Applications\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

MOD - [2011/10/23 04:18:40 | 000,100,352 | ---- | M] () -- G:\Applications\Verizon V CAST Media Manager\avutil-50.dll

MOD - [2011/10/23 04:18:38 | 000,684,032 | ---- | M] () -- G:\Applications\Verizon V CAST Media Manager\libexpat.dll

MOD - [2011/10/23 04:18:38 | 000,466,975 | ---- | M] () -- G:\Applications\Verizon V CAST Media Manager\sqlite3.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)

SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)

SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/09/08 03:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)

SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/12/26 18:17:18 | 000,053,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)

DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/06/10 10:38:32 | 000,393,216 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr6164.sys -- (rt61x64)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/10/31 03:00:24 | 000,085,936 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)

DRV:64bit: - [2007/12/06 13:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)

DRV:64bit: - [2005/03/29 05:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://woot.com/

IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://woot.com/

IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_en

IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z039&form=ZGAIDF

IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\BQfromNY\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\BQfromNY\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\BQfromNY\AppData\Roaming\IDM\idmmzcc5

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Entanglement = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\

CHR - Extension: Facemoods = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.6_0\

CHR - Extension: ICE Quick Stream = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\4.9_0\

CHR - Extension: Poppit = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2010/07/25 00:26:50 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O3 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)

O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe File not found

O4 - HKLM..\Run: [PWRISOVM.EXE] G:\Applications\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000..\Run: [HLBackupScheduler] G:\Applications\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()

O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler File not found

O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1007..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1007..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)

O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)

O7 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C63B6EB1-2DF5-4535-AF1C-F37211BFB0EE}: DhcpNameServer = 209.18.47.61 209.18.47.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF2394B9-131C-4AE8-AB5B-1BB9D7DC6678}: DhcpNameServer = 209.18.47.61 209.18.47.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF2394B9-131C-4AE8-AB5B-1BB9D7DC6678}: NameServer = 208.67.220.222,208.67.220.220

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\BQfromNY\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\BQfromNY\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{4dd7bd17-d615-11e0-a8b9-0022153fbda0}\Shell - "" = AutoRun

O33 - MountPoints2\{4dd7bd17-d615-11e0-a8b9-0022153fbda0}\Shell\AutoRun\command - "" = J:\setup.exe -a

O33 - MountPoints2\{4dd7be84-d615-11e0-a8b9-0022153fbda0}\Shell - "" = AutoRun

O33 - MountPoints2\{4dd7be84-d615-11e0-a8b9-0022153fbda0}\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe

O33 - MountPoints2\{5f1919db-df8f-11e0-96bd-0022153fbda0}\Shell - "" = AutoRun

O33 - MountPoints2\{5f1919db-df8f-11e0-96bd-0022153fbda0}\Shell\AutoRun\command - "" = F:\setup.exe -a

O33 - MountPoints2\{6e438395-4f90-11e1-82c4-0022153fbda0}\Shell - "" = AutoRun

O33 - MountPoints2\{6e438395-4f90-11e1-82c4-0022153fbda0}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a

O33 - MountPoints2\{9b8cb9e9-0b74-11e1-a744-0022153fbda0}\Shell - "" = AutoRun

O33 - MountPoints2\{9b8cb9e9-0b74-11e1-a744-0022153fbda0}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe

O33 - MountPoints2\F\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: convlwiz - (C:\Windows\system32\RmCllist.dll) - File not found

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/22 16:05:50 | 000,000,000 | ---D | C] -- C:\Users\BQfromNY\Desktop\RK_Quarantine

[2012/04/22 15:59:34 | 002,072,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\BQfromNY\Desktop\TDSSKiller.exe

[2012/04/22 08:23:22 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/04/21 19:40:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\BQfromNY\Desktop\aswMBR.exe

[2012/04/21 19:36:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\BQfromNY\Desktop\OTL.com

[2012/04/21 03:48:19 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.com

[2012/04/21 03:48:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.scr

[2012/04/21 02:42:05 | 000,883,616 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\BQfromNY\Desktop\FixExec.exe

[2012/04/20 23:57:38 | 000,000,000 | ---D | C] -- C:\Users\BQfromNY\Desktop\virus

[2012/04/07 20:57:38 | 000,000,000 | ---D | C] -- C:\Users\BQfromNY\AppData\Local\{1E221A13-D0E9-49EA-9657-EC34C61E4C52}

[2012/04/02 13:06:24 | 000,000,000 | ---D | C] -- C:\Users\BQfromNY\Desktop\RatioMaster.NET

========== Files - Modified Within 30 Days ==========

[2012/04/22 16:05:28 | 001,280,512 | ---- | M] () -- C:\Users\BQfromNY\Desktop\RogueKiller.exe

[2012/04/22 16:02:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2894203282-2819386857-897259243-1000UA.job

[2012/04/22 15:59:17 | 002,053,340 | ---- | M] () -- C:\Users\BQfromNY\Desktop\tdsskiller.zip

[2012/04/22 15:34:59 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/04/22 14:29:25 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/22 14:29:25 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/22 09:52:41 | 000,724,366 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/04/22 09:52:41 | 000,618,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/04/22 09:52:41 | 000,110,072 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/04/22 09:50:27 | 000,216,064 | ---- | M] () -- C:\Users\BQfromNY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/04/22 08:29:46 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/04/22 08:29:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/22 07:02:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2894203282-2819386857-897259243-1000Core.job

[2012/04/21 20:29:11 | 000,407,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/04/21 20:25:49 | 000,001,356 | ---- | M] () -- C:\Users\BQfromNY\AppData\Local\d3d9caps.dat

[2012/04/21 20:18:10 | 000,001,460 | ---- | M] () -- C:\Users\BQfromNY\AppData\Local\d3d9caps64.dat

[2012/04/21 20:04:04 | 000,000,512 | ---- | M] () -- C:\Users\BQfromNY\Desktop\MBR.dat

[2012/04/21 19:40:28 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\BQfromNY\Desktop\aswMBR.exe

[2012/04/21 19:34:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\BQfromNY\Desktop\OTL.com

[2012/04/21 03:48:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.com

[2012/04/21 03:48:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.scr

[2012/04/21 02:42:04 | 000,883,616 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\BQfromNY\Desktop\FixExec.exe

[2012/04/21 01:20:54 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/20 23:45:52 | 001,008,141 | ---- | M] () -- C:\Users\BQfromNY\Desktop\iexplorer.com

[2012/04/20 19:50:44 | 002,072,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\BQfromNY\Desktop\TDSSKiller.exe

[2012/04/16 08:46:46 | 000,358,544 | ---- | M] () -- C:\Users\BQfromNY\Desktop\Mission_Impossible_Ghost_Protocol_2011_720p_BluRay_x264_SPARKS.torrent

[2012/04/13 19:24:20 | 111,762,379 | ---- | M] () -- C:\Users\BQfromNY\Desktop\K.J-5.2-D2012.rar

[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/04/02 17:13:43 | 018,283,464 | ---- | M] () -- C:\Users\BQfromNY\Desktop\power of one final poster copy.pdf

[2012/03/30 15:18:26 | 000,000,545 | ---- | M] () -- C:\Users\BQfromNY\Desktop\INVENTORY - Shortcut.lnk

[2012/03/30 14:03:06 | 038,146,728 | ---- | M] () -- C:\Users\BQfromNY\Desktop\lake fence video.mp4

========== Files Created - No Company Name ==========

[2012/04/22 16:05:31 | 001,280,512 | ---- | C] () -- C:\Users\BQfromNY\Desktop\RogueKiller.exe

[2012/04/22 15:59:20 | 002,053,340 | ---- | C] () -- C:\Users\BQfromNY\Desktop\tdsskiller.zip

[2012/04/22 09:50:12 | 037,945,640 | ---- | C] () -- C:\Users\BQfromNY\Desktop\2- Came to my Rescue-Hillsong United.avi

[2012/04/22 09:48:32 | 011,823,549 | ---- | C] () -- C:\Users\BQfromNY\Desktop\3 Greg o'quinn and ipraize Lead Me Jesus(480p_H.264-AAC).flv

[2012/04/22 09:47:57 | 010,964,992 | ---- | C] () -- C:\Users\BQfromNY\Desktop\1 holy spirit come kate miner.mpg

[2012/04/21 20:04:04 | 000,000,512 | ---- | C] () -- C:\Users\BQfromNY\Desktop\MBR.dat

[2012/04/21 01:20:54 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/20 23:57:39 | 001,008,141 | ---- | C] () -- C:\Users\BQfromNY\Desktop\iexplorer.com

[2012/04/16 08:46:52 | 000,358,544 | ---- | C] () -- C:\Users\BQfromNY\Desktop\Mission_Impossible_Ghost_Protocol_2011_720p_BluRay_x264_SPARKS.torrent

[2012/04/13 15:27:53 | 111,762,379 | ---- | C] () -- C:\Users\BQfromNY\Desktop\K.J-5.2-D2012.rar

[2012/04/02 17:12:36 | 018,283,464 | ---- | C] () -- C:\Users\BQfromNY\Desktop\power of one final poster copy.pdf

[2012/03/31 01:13:15 | 038,146,728 | ---- | C] () -- C:\Users\BQfromNY\Desktop\lake fence video.mp4

[2012/03/30 15:18:26 | 000,000,545 | ---- | C] () -- C:\Users\BQfromNY\Desktop\INVENTORY - Shortcut.lnk

[2012/02/11 18:55:13 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2011/10/29 10:30:26 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011/10/24 11:16:42 | 000,602,112 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll

[2011/09/24 13:59:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2011/07/08 19:17:26 | 000,000,129 | ---- | C] () -- C:\Windows\QUICKEN.INI

[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/01/18 22:54:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/12/24 13:57:12 | 000,001,714 | ---- | C] () -- C:\Users\BQfromNY\AppData\Roaming\SAS7_000.DAT

[2010/12/19 09:01:02 | 000,001,356 | ---- | C] () -- C:\Users\BQfromNY\AppData\Local\d3d9caps.dat

[2010/12/04 00:31:42 | 000,000,745 | ---- | C] () -- C:\Users\BQfromNY\AppData\Roaming\AtomicAlarmClock.ini

========== LOP Check ==========

[2011/11/27 00:24:44 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\DMCache

[2011/02/02 12:16:29 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Easeware

[2012/04/08 22:40:19 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\FileZilla

[2010/03/07 03:39:23 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\FLV Extract

[2010/11/03 14:56:57 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\HEM Data

[2010/02/12 20:17:02 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Libronix DLS

[2011/10/03 22:12:11 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\motorola

[2011/02/04 22:47:03 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\RIFT

[2011/10/31 22:22:49 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Temp

[2011/12/25 02:04:12 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\TS3Client

[2011/12/16 13:57:56 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\ts3overlay

[2010/03/26 22:13:39 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\UnknownApplicationVendor

[2012/04/19 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\uTorrent

[2011/01/12 18:32:33 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\wargaming.net

[2011/06/08 23:28:07 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Xilisoft

[2012/01/06 22:59:39 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp

[2012/01/06 22:59:39 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp

[2012/04/22 08:27:50 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

I see you ran TDSSKiller, did it find anything and can you post the log.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.