Jump to content

Unknown Virus/Malware Attacking Computer


Recommended Posts

Hi,

I am having a computer problem whereby it appears as though I have a virus that Malwarebytes has not been able to remove or detect. Currently there is a Internet Explorer window opening (a local newspaper) in the top left corner of the desktop and we have been unable to close it or remove the window.

Here are the DDS and Attach logs:

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by HEM at 12:41:08 on 2012-07-05

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2233 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\3COM\3Com Wireless 108 Mbps 11g USB Utility \lcs.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Citrix\GoToMyPC\g2svc.exe

C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe

C:\Program Files\Citrix\GoToMyPC\g2comm.exe

C:\Program Files\Citrix\GoToMyPC\g2pre.exe

C:\Program Files\Citrix\GoToMyPC\g2tray.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\NLSSRV32.EXE

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Motive\pcCMService.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\UMonit.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\WINDOWS\STK02N\STK02NM.exe

C:\Documents and Settings\HEM\Application Data\Dropbox\bin\Dropbox.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyDtC0DyBtDyDyD0Ezz0FtAtN0D0Tzu0CtCzzyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=18690824

uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn\YTNavAssist.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll

BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: PC Antivirus Web Protection BHO: {c11cbda9-6702-469e-9ce1-64e3971a6b44} - c:\program files\pc antivirus\pf.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll

BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll

TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll"

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [uMonit] c:\windows\system32\UMonit.exe

mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking11\Ereg.ini

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\ConduitEngine /f

StartupFolder: c:\docume~1\hem\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\hem\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stk02n~1.lnk - c:\windows\stk02n\STK02NM.exe

uPolicies-explorer: NoThumbnailCache = 1 (0x1)

mPolicies-explorer: NoResolveTrack = 1 (0x1)

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: cnet.com\download

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

DPF: Starfield Technologies - hxxp://video.secureserver.net/WSTPlugins/starfield_technologies.CAB

DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://99.28.49.193/webrec.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://65.254.18.46:120/RemoteWeb.cab

DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://66.192.110.33:100/VideoViewer.ocx

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266006557234

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341329730109

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.opentopia.com/support/activex/AxisCamControl.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{87E4B200-38DD-479B-BB2C-A0142A73BAD9} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll

Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\hem\application data\mozilla\firefox\profiles\ajj61eh2.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7B99945dac-158f-4ccd-b30c-95cca09b959f%7D&mid=036c9dd0f4d147d0bd56d168c3f999a6-5465d9b6fc0bf4d5974f78a9f122f84e472db74f&ds=ts026&v=11.1.0.7〈=en&pr=sa&d=2012-06-30%2012%3A44%3A26&sap=hp

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B99945dac-158f-4ccd-b30c-95cca09b959f%7D&mid=036c9dd0f4d147d0bd56d168c3f999a6-5465d9b6fc0bf4d5974f78a9f122f84e472db74f&ds=ts026&v=11.1.0.7〈=en&pr=sa&d=2012-06-30%2012%3A44%3A26&sap=ku&q=

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.id - c02de8f30000000000000021851d7055

FF - user.js: extensions.BabylonToolbar_i.hardId - c02de8f30000000000000021851d7055

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15525

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:44:39

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=010712_1

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyDtC0DyBtDyDyD0Ezz0FtAtN0D0Tzu0CtCzzyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=18690824

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyDtC0DyBtDyDyD0Ezz0FtAtN0D0Tzu0CtCzzyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=18690824

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyDtC0DyBtDyDyD0Ezz0FtAtN0D0Tzu0CtCzzyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=18690824&q=

FF - user.js: extensions.funmoods.id - 0021851D7055E8F3

FF - user.js: extensions.funmoods.instlDay - 15525

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2210:47:37

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - adknlg

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - adknlg

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

.

============= SERVICES / DRIVERS ===============

.

R2 GsServer;GoodSync Server;c:\program files\siber systems\goodsync\Gs-Server.exe [2012-6-25 3361496]

R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-6-3 69640]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-7-3 1262400]

R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-6-20 361472]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]

R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-7-1 935480]

R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S1 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]

S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]

S2 WSWNDA3100;WSWNDA3100;c:\program files\netgear\wnda3100v2\WifiSvc.exe [2012-1-21 272864]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-28 250056]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-2-9 1691480]

S3 AQFileRestore;AQFileRestore;c:\windows\system32\drivers\aqfilerestore.sys --> c:\windows\system32\drivers\AQFileRestore.sys [?]

S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2012-1-21 1024768]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-1-30 45288]

S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\STK02NW2.sys [2010-2-25 101520]

S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 7\DfSdkS.exe [2011-4-11 406016]

S3 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]

S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [2011-1-30 12416]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]

S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2012-3-7 1034240]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]

S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-3-30 12984]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]

S4 Bulk1528;SPCA1528 Still Camera Service; [x]

S4 Ca1528av;SPCA1528 Video Camera Service; [x]

.

=============== Created Last 30 ================

.

2012-07-05 16:03:49 -------- d-sha-r- C:\cmdcons

2012-07-05 16:01:57 98816 ----a-w- c:\windows\sed.exe

2012-07-05 16:01:57 518144 ----a-w- c:\windows\SWREG.exe

2012-07-05 16:01:57 256000 ----a-w- c:\windows\PEV.exe

2012-07-05 16:01:57 208896 ----a-w- c:\windows\MBR.exe

2012-07-04 20:44:08 -------- d-----w- c:\windows\pss

2012-07-04 20:41:19 -------- d-----w- c:\documents and settings\hem\local settings\application data\LogMeIn Rescue Applet

2012-07-04 17:31:09 -------- d-----w- c:\documents and settings\hem\application data\AVPro

2012-07-04 17:30:59 -------- d-----w- c:\documents and settings\hem\application data\PC Antivirus

2012-07-04 17:30:56 6197048 ----a-w- c:\windows\uninstac.exe

2012-07-04 17:30:53 582992 ----a-w- c:\windows\system32\sbap.dll

2012-07-04 17:30:53 308560 ----a-w- c:\windows\system32\vipre.dll

2012-07-04 17:30:53 160768 ----a-w- c:\windows\system32\unrar.dll

2012-07-04 17:30:53 1332560 ----a-w- c:\windows\system32\sbte.dll

2012-07-04 17:30:52 -------- d-----w- c:\program files\PC Antivirus

2012-07-04 17:30:52 -------- d-----w- c:\documents and settings\all users\application data\AVC1Data

2012-07-04 17:27:50 -------- d-----w- c:\program files\PC Cleaners

2012-07-04 17:20:03 -------- d-----w- c:\documents and settings\hem\application data\PC Cleaners

2012-07-04 17:19:58 4106512 ----a-w- c:\windows\uninst.exe

2012-07-04 17:19:58 -------- d-----w- c:\documents and settings\hem\application data\PCPro

2012-07-04 17:19:56 -------- d-----w- c:\documents and settings\all users\application data\PC1Data

2012-07-04 14:49:07 -------- d-----w- c:\documents and settings\hem\application data\Funmoods

2012-07-04 14:47:24 -------- d-----w- c:\program files\OApps

2012-07-04 14:44:33 -------- d-----w- c:\program files\Playbryte

2012-07-04 14:44:33 -------- d-----w- c:\documents and settings\hem\application data\Go PDF Reader

2012-07-04 14:44:28 -------- d-----w- c:\documents and settings\hem\local settings\application data\Playbryte

2012-07-03 15:46:26 -------- d-----w- c:\windows\system32\winrm

2012-07-03 15:46:22 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2012-07-03 15:03:28 45056 ----a-w- c:\windows\system32\unredmon.exe

2012-07-03 15:03:28 116224 ----a-w- c:\windows\system32\redmonnt.dll

2012-07-03 15:02:54 -------- d-----w- c:\documents and settings\hem\local settings\application data\Giant Savings

2012-07-03 15:02:53 -------- d-----w- c:\program files\BabylonToolbar

2012-07-03 15:02:52 -------- d-----w- c:\documents and settings\hem\application data\BabylonToolbar

2012-07-03 15:02:50 -------- d-----w- c:\program files\Giant Savings

2012-07-03 15:00:03 -------- d-----w- c:\documents and settings\hem\application data\Babylon

2012-07-03 15:00:03 -------- d-----w- c:\documents and settings\all users\application data\Babylon

2012-07-02 02:35:14 -------- d-----w- c:\documents and settings\hem\local settings\application data\AVG Secure Search

2012-07-01 17:00:46 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search

2012-06-30 16:56:20 65640 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll

2012-06-30 16:56:20 25548 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT

2012-06-30 16:56:20 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll

2012-06-30 16:44:26 -------- d-----w- c:\documents and settings\hem\application data\AVG Secure Search

2012-06-30 16:44:23 -------- d-----w- c:\program files\common files\AVG Secure Search

2012-06-30 16:44:21 -------- d-----w- c:\program files\AVG Secure Search

2012-06-30 16:44:17 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2012-06-21 23:50:00 -------- d-----w- c:\documents and settings\hem\application data\FileOpen

2012-06-21 23:50:00 -------- d-----w- c:\documents and settings\all users\application data\FileOpen

2012-06-21 23:48:46 -------- d-----w- c:\documents and settings\hem\application data\Downloaded Installations

2012-06-20 11:59:48 -------- d-----w- c:\program files\ATT

2012-06-20 11:44:33 -------- d-----w- c:\documents and settings\hem\local settings\application data\ATTYToolbar

2012-06-20 11:44:33 -------- d-----w- c:\documents and settings\all users\application data\ATTYToolbar

2012-06-20 11:44:29 -------- d-----w- c:\program files\Yahoo!

2012-06-19 23:22:02 -------- d-----w- c:\program files\ATT-HSI

2012-06-19 23:21:50 -------- d-----w- c:\program files\common files\Motive

2012-06-13 05:22:39 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-06-06 21:45:45 -------- d-----w- c:\program files\Dropbox

.

==================== Find3M ====================

.

2012-07-05 15:20:58 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2012-07-03 21:14:54 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin

2012-07-03 21:14:54 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-07-03 21:00:33 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin

2012-06-23 16:25:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-23 16:25:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 01:25:46 69640 ----a-w- c:\windows\system32\NLSSRV32.EXE

2012-06-03 19:08:00 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys

2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll

2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe

2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe

2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec

2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

============= FINISH: 12:41:23.15 ===============

ATTACH.TXT LOG:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by HEM at 12:41:08 on 2012-07-05

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2233 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\3COM\3Com Wireless 108 Mbps 11g USB Utility \lcs.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Citrix\GoToMyPC\g2svc.exe

C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe

C:\Program Files\Citrix\GoToMyPC\g2comm.exe

C:\Program Files\Citrix\GoToMyPC\g2pre.exe

C:\Program Files\Citrix\GoToMyPC\g2tray.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\NLSSRV32.EXE

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Motive\pcCMService.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\UMonit.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\WINDOWS\STK02N\STK02NM.exe

C:\Documents and Settings\HEM\Application Data\Dropbox\bin\Dropbox.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyDtC0DyBtDyDyD0Ezz0FtAtN0D0Tzu0CtCzzyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=18690824

uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn\YTNavAssist.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll

BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: PC Antivirus Web Protection BHO: {c11cbda9-6702-469e-9ce1-64e3971a6b44} - c:\program files\pc antivirus\pf.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll

BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll

TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll"

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [uMonit] c:\windows\system32\UMonit.exe

mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking11\Ereg.ini

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\ConduitEngine /f

StartupFolder: c:\docume~1\hem\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\hem\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stk02n~1.lnk - c:\windows\stk02n\STK02NM.exe

uPolicies-explorer: NoThumbnailCache = 1 (0x1)

mPolicies-explorer: NoResolveTrack = 1 (0x1)

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: cnet.com\download

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

DPF: Starfield Technologies - hxxp://video.secureserver.net/WSTPlugins/starfield_technologies.CAB

DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://99.28.49.193/webrec.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://65.254.18.46:120/RemoteWeb.cab

DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://66.192.110.33:100/VideoViewer.ocx

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266006557234

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341329730109

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.opentopia.com/support/activex/AxisCamControl.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{87E4B200-38DD-479B-BB2C-A0142A73BAD9} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll

Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\hem\application data\mozilla\firefox\profiles\ajj61eh2.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7B99945dac-158f-4ccd-b30c-95cca09b959f%7D&mid=036c9dd0f4d147d0bd56d168c3f999a6-5465d9b6fc0bf4d5974f78a9f122f84e472db74f&ds=ts026&v=11.1.0.7〈=en&pr=sa&d=2012-06-30%2012%3A44%3A26&sap=hp

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B99945dac-158f-4ccd-b30c-95cca09b959f%7D&mid=036c9dd0f4d147d0bd56d168c3f999a6-5465d9b6fc0bf4d5974f78a9f122f84e472db74f&ds=ts026&v=11.1.0.7〈=en&pr=sa&d=2012-06-30%2012%3A44%3A26&sap=ku&q=

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.id - c02de8f30000000000000021851d7055

FF - user.js: extensions.BabylonToolbar_i.hardId - c02de8f30000000000000021851d7055

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15525

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:44:39

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=010712_1

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyDtC0DyBtDyDyD0Ezz0FtAtN0D0Tzu0CtCzzyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=18690824

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyDtC0DyBtDyDyD0Ezz0FtAtN0D0Tzu0CtCzzyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=18690824

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyDtC0DyBtDyDyD0Ezz0FtAtN0D0Tzu0CtCzzyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=18690824&q=

FF - user.js: extensions.funmoods.id - 0021851D7055E8F3

FF - user.js: extensions.funmoods.instlDay - 15525

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2210:47:37

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - adknlg

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - adknlg

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

.

============= SERVICES / DRIVERS ===============

.

R2 GsServer;GoodSync Server;c:\program files\siber systems\goodsync\Gs-Server.exe [2012-6-25 3361496]

R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-6-3 69640]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-7-3 1262400]

R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-6-20 361472]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]

R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-7-1 935480]

R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S1 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]

S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]

S2 WSWNDA3100;WSWNDA3100;c:\program files\netgear\wnda3100v2\WifiSvc.exe [2012-1-21 272864]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-28 250056]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-2-9 1691480]

S3 AQFileRestore;AQFileRestore;c:\windows\system32\drivers\aqfilerestore.sys --> c:\windows\system32\drivers\AQFileRestore.sys [?]

S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2012-1-21 1024768]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-1-30 45288]

S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\STK02NW2.sys [2010-2-25 101520]

S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 7\DfSdkS.exe [2011-4-11 406016]

S3 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]

S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [2011-1-30 12416]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]

S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2012-3-7 1034240]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]

S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-3-30 12984]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]

S4 Bulk1528;SPCA1528 Still Camera Service; [x]

S4 Ca1528av;SPCA1528 Video Camera Service; [x]

.

=============== Created Last 30 ================

.

2012-07-05 16:03:49 -------- d-sha-r- C:\cmdcons

2012-07-05 16:01:57 98816 ----a-w- c:\windows\sed.exe

2012-07-05 16:01:57 518144 ----a-w- c:\windows\SWREG.exe

2012-07-05 16:01:57 256000 ----a-w- c:\windows\PEV.exe

2012-07-05 16:01:57 208896 ----a-w- c:\windows\MBR.exe

2012-07-04 20:44:08 -------- d-----w- c:\windows\pss

2012-07-04 20:41:19 -------- d-----w- c:\documents and settings\hem\local settings\application data\LogMeIn Rescue Applet

2012-07-04 17:31:09 -------- d-----w- c:\documents and settings\hem\application data\AVPro

2012-07-04 17:30:59 -------- d-----w- c:\documents and settings\hem\application data\PC Antivirus

2012-07-04 17:30:56 6197048 ----a-w- c:\windows\uninstac.exe

2012-07-04 17:30:53 582992 ----a-w- c:\windows\system32\sbap.dll

2012-07-04 17:30:53 308560 ----a-w- c:\windows\system32\vipre.dll

2012-07-04 17:30:53 160768 ----a-w- c:\windows\system32\unrar.dll

2012-07-04 17:30:53 1332560 ----a-w- c:\windows\system32\sbte.dll

2012-07-04 17:30:52 -------- d-----w- c:\program files\PC Antivirus

2012-07-04 17:30:52 -------- d-----w- c:\documents and settings\all users\application data\AVC1Data

2012-07-04 17:27:50 -------- d-----w- c:\program files\PC Cleaners

2012-07-04 17:20:03 -------- d-----w- c:\documents and settings\hem\application data\PC Cleaners

2012-07-04 17:19:58 4106512 ----a-w- c:\windows\uninst.exe

2012-07-04 17:19:58 -------- d-----w- c:\documents and settings\hem\application data\PCPro

2012-07-04 17:19:56 -------- d-----w- c:\documents and settings\all users\application data\PC1Data

2012-07-04 14:49:07 -------- d-----w- c:\documents and settings\hem\application data\Funmoods

2012-07-04 14:47:24 -------- d-----w- c:\program files\OApps

2012-07-04 14:44:33 -------- d-----w- c:\program files\Playbryte

2012-07-04 14:44:33 -------- d-----w- c:\documents and settings\hem\application data\Go PDF Reader

2012-07-04 14:44:28 -------- d-----w- c:\documents and settings\hem\local settings\application data\Playbryte

2012-07-03 15:46:26 -------- d-----w- c:\windows\system32\winrm

2012-07-03 15:46:22 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2012-07-03 15:03:28 45056 ----a-w- c:\windows\system32\unredmon.exe

2012-07-03 15:03:28 116224 ----a-w- c:\windows\system32\redmonnt.dll

2012-07-03 15:02:54 -------- d-----w- c:\documents and settings\hem\local settings\application data\Giant Savings

2012-07-03 15:02:53 -------- d-----w- c:\program files\BabylonToolbar

2012-07-03 15:02:52 -------- d-----w- c:\documents and settings\hem\application data\BabylonToolbar

2012-07-03 15:02:50 -------- d-----w- c:\program files\Giant Savings

2012-07-03 15:00:03 -------- d-----w- c:\documents and settings\hem\application data\Babylon

2012-07-03 15:00:03 -------- d-----w- c:\documents and settings\all users\application data\Babylon

2012-07-02 02:35:14 -------- d-----w- c:\documents and settings\hem\local settings\application data\AVG Secure Search

2012-07-01 17:00:46 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search

2012-06-30 16:56:20 65640 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll

2012-06-30 16:56:20 25548 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT

2012-06-30 16:56:20 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll

2012-06-30 16:44:26 -------- d-----w- c:\documents and settings\hem\application data\AVG Secure Search

2012-06-30 16:44:23 -------- d-----w- c:\program files\common files\AVG Secure Search

2012-06-30 16:44:21 -------- d-----w- c:\program files\AVG Secure Search

2012-06-30 16:44:17 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2012-06-21 23:50:00 -------- d-----w- c:\documents and settings\hem\application data\FileOpen

2012-06-21 23:50:00 -------- d-----w- c:\documents and settings\all users\application data\FileOpen

2012-06-21 23:48:46 -------- d-----w- c:\documents and settings\hem\application data\Downloaded Installations

2012-06-20 11:59:48 -------- d-----w- c:\program files\ATT

2012-06-20 11:44:33 -------- d-----w- c:\documents and settings\hem\local settings\application data\ATTYToolbar

2012-06-20 11:44:33 -------- d-----w- c:\documents and settings\all users\application data\ATTYToolbar

2012-06-20 11:44:29 -------- d-----w- c:\program files\Yahoo!

2012-06-19 23:22:02 -------- d-----w- c:\program files\ATT-HSI

2012-06-19 23:21:50 -------- d-----w- c:\program files\common files\Motive

2012-06-13 05:22:39 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-06-06 21:45:45 -------- d-----w- c:\program files\Dropbox

.

==================== Find3M ====================

.

2012-07-05 15:20:58 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2012-07-03 21:14:54 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin

2012-07-03 21:14:54 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-07-03 21:00:33 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin

2012-06-23 16:25:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-23 16:25:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 01:25:46 69640 ----a-w- c:\windows\system32\NLSSRV32.EXE

2012-06-03 19:08:00 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys

2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll

2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe

2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe

2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec

2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

============= FINISH: 12:41:23.15 ===============

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

How many anti-virus programs are you running?

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.