infected?

[seabeetodd]

My son tried downloading a bunch of call of duty hacks. I ran Malwarebytes anti-malware and it found and quarantined an item, but I couldn't find it in the vault afterwards. I just want to make sure there is nothing else.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Todd at 11:49:30 on 2012-06-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.6768 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Windows\SysWOW64\schtasks.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Windows\ehome\ehRecvr.exe

C:\Windows\ehome\mcGlidHost.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page =

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [Family Tree Builder Update] C:\Users\Todd\MyHeritage\Bin\FTBCheckUpdates.exe

StartupFolder: C:\Users\Todd\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BCF4865F-23B7-4460-81D4-294C88685033} : NameServer = 216.176.95.129,216.176.95.161

TCP: Interfaces\{F57E66B0-60C0-49C0-B8B6-44854D1F37EA} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F57E66B0-60C0-49C0-B8B6-44854D1F37EA}\D496C6C6562713 : DhcpNameServer = 97.64.168.12 97.64.183.165

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do Not Track - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [Family Tree Builder Update] C:\Users\Todd\MyHeritage\Bin\FTBCheckUpdates.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\14k63ll8.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine -

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6R8ujcUcmh

FF - user.js: extensions.incredibar_i.upn2n - 92824439394731701

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10658

FF - user.js: extensions.incredibar_i.ppd -

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8ujcUcmh&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 780e0ab90000000000000626824725b7

FF - user.js: extensions.incredibar_i.instlDay - 15488

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:49:36

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-24 13336]

R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-1-27 226624]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-5-30 3048136]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-30 257696]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-06-20 16:08:48 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-06-20 16:08:48 839096 ----a-w- C:\Windows\System32\deployJava1.dll

2012-06-19 14:51:09 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-19 14:50:56 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-19 14:50:42 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-19 14:50:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-19 14:42:44 -------- d-----w- C:\Users\Todd\AppData\Roaming\MyHeritage

2012-06-19 14:42:44 -------- d-----w- C:\ProgramData\MyHeritage

2012-06-19 14:42:20 454656 ----a-w- C:\Windows\SysWow64\PaintX.dll

2012-06-19 14:42:20 372736 ----a-w- C:\Windows\SysWow64\ijl15.dll

2012-06-19 14:42:20 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL

2012-06-19 14:42:19 608448 ----a-w- C:\Windows\SysWow64\comctl32.ocx

2012-06-19 14:42:19 137000 ----a-w- C:\Windows\SysWow64\msmapi32.ocx

2012-06-19 14:42:19 -------- d-----w- C:\Users\Todd\AppData\Roaming\The Complete Genealogy Reporter - FTB

2012-06-19 14:42:10 -------- d-----w- C:\Users\Todd\MyHeritage

2012-06-08 16:51:52 -------- d-----w- C:\$RECYCLE.BIN

2012-06-06 15:18:56 -------- d-----w- C:\Program Files (x86)\ESET

2012-06-05 18:11:48 -------- d-----w- C:\Program Files (x86)\Oracle

2012-06-05 18:11:18 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-06-05 17:54:04 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2012-05-30 18:59:30 4966600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2012-05-30 17:02:03 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-05-30 16:37:55 388096 ----a-r- C:\Users\Todd\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-30 16:37:55 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-05-30 16:08:07 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-28 19:49:03 -------- d-----w- C:\Program Files (x86)\1ClickDownload

2012-05-26 04:00:43 -------- d-----w- C:\ProgramData\blekko toolbars

2012-05-26 04:00:35 -------- d-----w- C:\Users\Todd\AppData\Local\blekkotb_031

2012-05-26 04:00:34 -------- d-----w- C:\ProgramData\Tarma Installer

2012-05-26 04:00:34 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor

.

==================== Find3M ====================

.

2012-05-30 17:02:08 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 15:12:15 644496 ----a-w- C:\Users\Todd\EBOOT.BIN

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-04-19 09:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-04-04 23:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 11:49:48.65 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 3/1/2010 1:00:41 PM

System Uptime: 6/20/2012 2:06:36 AM (9 hours ago)

.

Motherboard: MSI | | IONA

Processor: Intel® Core i5 CPU 650 @ 3.20GHz | CPU 1 | 3201/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 920 GiB total, 790.702 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 1.585 GiB free.

E: is CDROM (CDFS)

F: is Removable

G: is Removable

H: is Removable

I: is Removable

K: is Removable

N: is FIXED (NTFS) - 298 GiB total, 195.667 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart Prem C410 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart Prem C410 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP271: 6/11/2012 11:11:42 AM - Scheduled Checkpoint

RP272: 6/14/2012 3:00:28 AM - Windows Update

RP273: 6/16/2012 1:20:10 AM - HPSF Restore Point

RP274: 6/19/2012 9:50:25 AM - Windows Update

RP275: 6/20/2012 11:08:23 AM - Installed Java 7 Update 5 (64-bit)

RP276: 6/20/2012 11:10:48 AM - Removed Java 7 Update 4

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.5

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Software Update

BufferChm

C410

Command & Conquer™ Red Alert™ 3

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite Deluxe

D3DX10

Destinations

DeviceDiscovery

DirectX for Managed Code Update (Summer 2004)

DocProc

DVD Menu Pack for HP MediaSmart Video

ESET Online Scanner v3

Fax

ffdshow [rev 2527] [2008-12-19]

Google Chrome

Google Talk Plugin

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.1.0

HiJackThis

HP Advisor

HP Customer Experience Enhancements

HP Games

HP MediaSmart Demo

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP MediaSmart/TouchSmart Netflix

HP Odometer

HP Photo Creations

HP Remote Solution

HP Setup

HP Support Assistant

HP Support Information

HP Update

HPAppStudio

HPPhotoGadget

HPProductAssistant

HPSSupply

Hulu Desktop

Intel® Rapid Storage Technology

Internet TV for Windows Media Center

JavaFX 2.1.0

Junk Mail filter update

LabelPrint

LG USB Modem driver

LightScribe System Software

Malwarebytes Anti-Malware version 1.61.0.1400

MarketResearch

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Works

Microsoft WSE 3.0 Runtime

Microsoft® Winter Fun Pack 2004 for Windows® XP

MotoHelper 2.0.45 Driver 5.0.0

MotoHelper MergeModules

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox 9.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyHeritage Family Tree Builder

Netflix in Windows Media Center

NVIDIA PhysX

OF Dragon Rising

OpenOffice.org 3.2

Origin

PictureMover

Power2Go

PowerDirector

PS_AIO_07_C410_SW_Min

Quicken 2010

QuickTransfer

Realtek High Definition Audio Driver

Recovery Manager

Revo Uninstaller 1.94

RLPrintPlugin

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype Click to Call

Skype™ 5.9

SmartWebPrinting

SolutionCenter

SpeechRedist

Status

Steam

The Sims Medieval

The Sims™ 3

The Sims™ 3 Pets

Toolbox

TrayApp

Unified Remote

Unreal Tournament 3

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update Installer for WildTangent Games App

Verizon V CAST Media Manager

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

WebReg

WildTangent Games App (HP Games)

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.20 beta 2 (32-bit)

WolfQuest

Zoo Tycoon 2 - Ultimate Collection

.

==== Event Viewer Messages From Past Week ========

.

6/19/2012 12:29:57 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

.

==== End Of File ===========================

[Maniac]

Hello seabeetodd and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

I would like to see what exactly was found from Malwarebytes' Anti-Malware. Please run Malwarebytes' Anti-Malware, go to Logs tab and with double-click on the lines find the log file with this one entrie and post it in your next reply.

[seabeetodd]

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.20.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Todd :: TODD-PC [administrator]

6/20/2012 11:34:52 AM

mbam-log-2012-06-20 (11-34-52).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 219677

Time elapsed: 2 minute(s), 2 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

I know it found something during the scan, i went back and checked and couldn't find anything.

[Maniac]

Okay, lets make some additional scans:

Step 1

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

Step 2

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

In your next reply, post the following log files:

• ESET Online Scanner log
  
• Kaspersky AVP log

[seabeetodd]

<p> </p>

<div>ESETSmartInstaller@High as CAB hook log:</div>

<div>OnlineScanner64.ocx - registred OK</div>

<div>OnlineScanner.ocx - registred OK</div>

<div># version=7</div>

<div># iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)</div>

<div># OnlineScanner.ocx=1.0.0.6583</div>

<div># api_version=3.0.2</div>

<div># EOSSerial=92e70fd392fe9d48986c28909bcf5372</div>

<div># end=finished</div>

<div># remove_checked=false</div>

<div># archives_checked=true</div>

<div># unwanted_checked=true</div>

<div># unsafe_checked=true</div>

<div># antistealth_checked=true</div>

<div># utc_time=2012-06-06 04:41:20</div>

<div># local_time=2012-06-06 11:41:20 (-0600, Central Daylight Time)</div>

<div># country="United States"</div>

<div># lang=1033</div>

<div># osver=6.1.7601 NT Service Pack 1</div>

<div># compatibility_mode=512 16777215 100 0 0 0 0 0</div>

<div># compatibility_mode=1024 16777215 100 0 21028360 21028360 0 0</div>

<div># compatibility_mode=5893 16776574 100 94 31563083 90539597 0 0</div>

<div># compatibility_mode=8192 67108863 100 0 0 0 0 0</div>

<div># scanned=232943</div>

<div># found=4</div>

<div># cleaned=0</div>

<div># scan_time=4732</div>

<div>C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Adware.Yontoo.B application (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Adware.Yontoo.B application (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\_OTL\MovedFiles\05312012_130808\C_Program Files (x86)\WhiteSmokeTranslator\WSRegistrationDictMode.exe<span class="Apple-tab-span" style="white-space:pre"> </span>probably a variant of Win32/WhiteSmoke application (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\_OTL\MovedFiles\05312012_130808\C_Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientDic\index.html<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/WhiteSmoke application (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div> </div>

<div> </div>

<div> </div>

<div> </div>

<div>the Kaspersky wasn't finished running when I left, and when I got back the window was closed (probably someone in my family) and I can't find any log files anywhere. Would you like me to run it again? I did notice that it encountered a few files that it said were password protected and I thought that was strange. I noticed some were .rar files. Sorry for the mixup.</div>

<div> </div>

[Maniac]

It's okay, please proceed with the next step.

[seabeetodd]

I ran kaspersky again. There is no detected threats and the save function is grayed out.

[Maniac]

Everything seems to be fine. Any problems there?

[seabeetodd]

I guess not. Why were some files showing up as password protected during the virus scan? I don't remember doing that.

[Maniac]

There is no way to know.

[Maniac]

Do you still with me?

[seabeetodd]

Yes, I'm sorry. When you said everything seemed fine, I assumed you didn't need me to do anything else.

[Maniac]

I must instruct you what to do after our work.

Please manually delete DDS and Kaspersky AVP. Next, uninstall ESET Online Scanner.

Malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing!

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!