reggiewjr1 Posted June 10, 2012 ID:559248 Share Posted June 10, 2012 DDS.TXT.DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421Run by Sunsational at 17:18:58 on 2012-06-10Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3837.2492 [GMT -4:00].AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exeC:\Windows\SysWOW64\svchost.exe -k AkamaiC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\SysWOW64\AsHookDevice.exeC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exeC:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXEC:\Program Files\Microsoft LifeCam\MSCamS64.exeC:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exeC:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler64.exeC:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\LTONHIS\Touch Manager\SKDaemon.exeC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Users\Sunsational\AppData\Local\Akamai\netsession_win.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Users\Sunsational\AppData\Local\Akamai\netsession_win.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Users\Sunsational\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exeC:\Users\Sunsational\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exeC:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\system32\taskhost.exeC:\SalonTouch\SalonTouch.exeC:\SalonTouch\ComManager.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\splwow64.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\taskmgr.exeC:\Windows\SysWOW64\ping.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\ping.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\ping.exeC:\Windows\system32\conhost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uSearch Bar = PreserveuStart Page = https://mail.google.com/uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>mWinlogon: Userinit=userinit.exe,BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\CommonFiles\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files(x86)\Canon\Easy-WebPrint EX\ewpexbho.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllBHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files(x86)\adawaretb\adawareDx.dllBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\SearchEnhancement Pack\Search Helper\SEPsearchhelperie.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\ProgramFiles (x86)\Windows Live\Companion\companioncore.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files(x86)\Java\jre6\bin\jp2ssv.dllBHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dllTB: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dllTB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\GoogleToolbar\GoogleToolbar_32.dllTB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files(x86)\adawaretb\adawareDx.dllEB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dlluRun: [Akamai NetSession Interface] "C:\Users\Sunsational\AppData\Local\Akamai\netsession_win.exe"uRun: [spotify] "C:\Users\Sunsational\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostartuRun: [Google Update] "C:\Users\Sunsational\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exemRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exemRun: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /SmRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\DefaultManager\DefMgr.exe" -resumemRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exemRun: [<NO NAME>]mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe"/starttraymRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-runuPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableLUA = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\ProgramFiles (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\ProgramFiles (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllLSP: mswsock.dllDPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -hxxp://office.microsoft.com/sites/production/ieawsdc32.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} -hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} -hxxp://www.shockwave.com/content/doggiedash/sis/DoggieDash.1.0.0.6.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabTCP: DhcpNameServer = 68.87.71.226 68.87.73.242TCP: Interfaces\{1DD5410E-A90C-4C4C-98AE-B70ECF336F78} : DhcpNameServer = 68.87.71.226 68.87.73.242Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\PhotoGallery\AlbumDownloadProtocolHandler.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files(x86)\Canon\Easy-WebPrint EX\ewpexbho.dllBHO-X64: Canon Easy-WebPrint EX BHO - No FileBHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dllBHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files(x86)\adawaretb\adawareDx.dllBHO-X64: Ad-Aware Security Toolbar - No FileBHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllBHO-X64: Search Helper - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files(x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files(x86)\Java\jre6\bin\jp2ssv.dllBHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\YontooLayers\YontooIEClient.dllBHO-X64: Yontoo Layers - No FileTB-X64: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dllTB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files(x86)\Canon\Easy-WebPrint EX\ewpexhlp.dllTB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files(x86)\adawaretb\adawareDx.dllEB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No FilemRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exemRun-x64: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /SmRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumemRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exemRun-x64: [(Default)]mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-runHosts: 127.0.0.1 www.spywareinfo.com.============= SERVICES / DRIVERS ===============.R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe[2012-5-3 1226096]R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-4-27203392]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-4 654408]R2 msftesql$SALONTOUCH;SQL Server FullText Search (SALONTOUCH);C:\Program Files (x86)\Microsoft SQLServer\MSSQL.1\MSSQL\Binn\msftesql.exe [2007-6-22 95592]R2 MSSQL$SALONTOUCH;SQL Server (SALONTOUCH);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-5-27 29262680]R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-7 1153368]R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys--> C:\Windows\system32\drivers\IntcHdmi.sys [?]R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys--> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]R3 Svk2pl;GigawareX USB to Serial Driver;C:\Windows\system32\DRIVERS\Svk2pl64.sys --> C:\Windows\system32\DRIVERS\Svk2pl64.sys [?]S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]S1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[2010-10-14 136176]S2 PEVSystemStart;PEVSystemStart;C:\32788R22FWJFW\pev.3XE [2011-6-26 256000]S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 257696]S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[2010-10-14 136176]S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys--> C:\Windows\system32\DRIVERS\netr28x.sys [?]S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper[2009-7-13 20992]S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys -->C:\Windows\system32\DRIVERS\sbfwim.sys [?]S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys[?]S3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys[?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe -->C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-06-08 12:34:12 -------- d-----w- C:\Users\Sunsational\AppData\Local\PackageAware2012-06-08 11:54:06 388096 ----a-r- C:\Users\Sunsational\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2012-06-08 11:54:06 -------- d-----w- C:\Program Files (x86)\hjt2012-06-07 12:08:25 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy2012-06-07 12:08:25 -------- d-----w- C:\Program Files (x86)\Spybot - Search &Destroy2012-06-06 15:09:17 -------- d-----w- C:\Users\Sunsational\AppData\Local\LogMeInRescue Applet2012-06-06 13:03:53 -------- d-----w- C:\Users\Sunsational\AppData\Local\adaware2012-06-06 13:03:30 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys2012-06-06 13:03:22 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys2012-06-06 13:03:22 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys2012-06-06 13:03:21 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys2012-06-06 13:03:21 45936 ----a-w- C:\Windows\System32\sbbd.exe2012-06-06 13:03:20 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus2012-06-06 13:03:04 -------- d-----w- C:\Users\Sunsational\AppData\Local\adawarebp2012-06-06 13:03:04 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection2012-06-06 12:59:17 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner2012-06-06 12:59:16 -------- d-----w- C:\Program Files (x86)\adawaretb2012-06-06 12:50:34 -------- d-----w- C:\Users\Sunsational\AppData\Roaming\Ad-Aware Antivirus2012-06-06 12:06:58 40960 ----a-r- C:\Users\Sunsational\AppData\Roaming\Microsoft\Installer\{BC85CECC-12CE-449F-AD68-9AEF07493674}\Adnet2k.exe1_BC85CECC12CE449FAD689AEF07493674_3.exe2012-06-06 12:06:58 -------- d-----w- C:\t-max2012-06-06 12:06:02 -------- d-----w- C:\Windows\Downloaded Installations2012-06-05 00:20:58 -------- d-----w- C:\Users\Sunsational\AppData\Roaming\Malwarebytes2012-06-05 00:20:52 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-06-05 00:20:52 -------- d-----w- C:\ProgramData\Malwarebytes2012-06-05 00:20:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-06-03 14:42:19 -------- d-----w- C:\Users\Sunsational\AppData\Roaming\Tific2012-06-03 14:42:18 -------- d-----w- C:\Users\Sunsational\AppData\Local\Symantec2012-06-03 14:34:13 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%2012-06-03 14:23:22 -------- d-----w- C:\Users\Sunsational\AppData\Local\MSP2012-06-03 14:23:22 -------- d-----w- C:\ProgramData\F4D55F3B047251A123753481B4EB23672012-06-01 07:33:03 8955792 ------w- C:\ProgramData\Microsoft\Windows Defender\DefinitionUpdates\{99B22F92-95DC-4C95-B094-E6032065D9C9}\mpengine.dll2012-05-15 20:30:34 -------- d-----w- C:\ProgramData\boost_interprocess.==================== Find3M ====================.2012-05-05 16:25:12 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-05-05 16:25:12 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-05-05 16:25:07 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys2001-09-29 00:00:28 164864 ----a-w- C:\Program Files (x86)\UNWISE.EXE.============= FINISH: 17:20:27.79 ===============Attach.txt Link to post Share on other sites More sharing options...
MrCharlie Posted June 10, 2012 ID:559270 Share Posted June 10, 2012 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system (don't run any other options, they're not all bad!)Post back the report.MrC Link to post Share on other sites More sharing options...
reggiewjr1 Posted June 10, 2012 Author ID:559281 Share Posted June 10, 2012 RogueKiller V7.5.4 [06/07/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser: Sunsational [Admin rights]Mode: Scan -- Date: 06/10/2012 18:46:35¤¤¤ Bad processes: 0 ¤¤¤¤¤¤ Registry Entries: 8 ¤¤¤[] HKLM\[...]\Wow6432Node\Windows : () -> ACCESS DENIED[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver: [NOT LOADED] ¤¤¤¤¤¤ Infection : ZeroAccess ¤¤¤[ZeroAccess] (LOCKED) windir\Assembly\GAC\Desktop.ini present!¤¤¤ HOSTS File: ¤¤¤127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 www.100888290cs.com127.0.0.1 100888290cs.com127.0.0.1 100sexlinks.com127.0.0.1 www.100sexlinks.com[...]¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST31000528AS ATA Device +++++--- User ---[MBR] d1efc8267ae28f7219a0526b4d3e2eb1[bSP] b7f1af624ca415852c3eb9ae77b37bea : Windows Vista MBR CodePartition table:0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 2048 | Size: 14524 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29747200 | Size: 381546 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 811153408 | Size: 557797 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
MrCharlie Posted June 10, 2012 ID:559283 Share Posted June 10, 2012 ¤¤¤ Infection : ZeroAccess ¤¤¤[ZeroAccess] (LOCKED) windir\Assembly\GAC\Desktop.ini present!Your computer is infected with a nasty rootkit. Please read the following information first.You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.BACKDOOR WARNINGAlso please note that some of these infections have proven to be impossible to remove and the only way to fix it to do a format and reinstall of the operating system.------------------------------One or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?http://www.dslreports.com/faq/10451When Should I Format, How Should I Reinstallhttp://www.dslreports.com/faq/10063I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards and......There's a possibility that you'll lose your internet connections which I may not be able to correct and will require a repair install.There's also a possibility that during the cleaning procedure the computer will become unusable (won't boot) which will result in a repair install or complete format and install.I strongly suggest you back up all of the important items on the system before we continue.Please let me know you have read this and agree to it.Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.===========================================================================================Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
reggiewjr1 Posted June 11, 2012 Author ID:559443 Share Posted June 11, 2012 I've backed up everything on this PC. I think we should atempt to fix these issue first. I do not have a Windows 7 OS CD to reinstall the operating system at this time. I'm hoping I can retreive this from the person who has it. If this fails for what ever reason and I can not get the OS from them, I will just run out and purchase a new copy I suppose. combofix to follow Link to post Share on other sites More sharing options...
reggiewjr1 Posted June 11, 2012 Author ID:559475 Share Posted June 11, 2012 ComboFix does not seem to be creating a log....? Link to post Share on other sites More sharing options...
MrCharlie Posted June 11, 2012 ID:559485 Share Posted June 11, 2012 Did it actually run??Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:C:\ComboFix.txtSee if it shows up--------------------------If not......Please make sure system restore is running and create a new restore point before continuing.XP <===> Vista & W7XP users > please back up the registry using ERUNT.-----------------------------------------Please download and run TDSSKiller to your desktop as outlined below:Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.-------------------------Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.------------------------Click the Start Scan button.-----------------------If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueAny entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.----------------------If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.--------------------A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.-------------------Here's a summary of what to do if you would like to print it out:If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueAny entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.MrC Link to post Share on other sites More sharing options...
MrCharlie Posted June 14, 2012 ID:560405 Share Posted June 14, 2012 How are we doing??Do you still need help or can I close this post??MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 15, 2012 ID:560735 Share Posted June 15, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts