Jump to content

Hosts file keeps getting something added onto it


Recommended Posts

Hi there, so today while surfing the web I got infected by the Security Shield virus. After scanning my computer with MalwareBytes it detected 3 items and I deleted it. I was also aware that the Security Shield virus or rogue, was redirecting me onto different sites when I went and search on Google. It doesn't redirect me anymore but I notice that my Host file as some weird addons that keeps getting add to it. I'll copy it here the original and how it keeps getting changed evertime I go to a site even after I delete it.

Original:

# Copyright © 1993-2009 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.

# 127.0.0.1 localhost

# ::1 localhost

Constantly changed version:

# Copyright © 1993-2009 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.

# 127.0.0.1 localhost

# ::1 localhost

216.239.32.20 www.google.ae # bck9

216.239.32.20 www.google.at # bck9

216.239.32.20 www.google.be # bck9

216.239.32.20 www.google.ca # bck9

216.239.32.20 www.google.ch # bck9

216.239.32.20 www.google.cl # bck9

216.239.32.20 www.google.co.il # bck9

216.239.32.20 www.google.co.in # bck9

216.239.32.20 www.google.co.jp # bck9

216.239.32.20 www.google.co.kr # bck9

216.239.32.20 www.google.co.nz # bck9

216.239.32.20 www.google.co.uk # bck9

216.239.32.20 www.google.co.ve # bck9

216.239.32.20 www.google.co.za # bck9

216.239.32.20 www.google.com # bck9

216.239.32.20 www.google.com.ar # bck9

216.239.32.20 www.google.com.au # bck9

216.239.32.20 www.google.com.br # bck9

216.239.32.20 www.google.com.co # bck9

216.239.32.20 www.google.com.gr # bck9

216.239.32.20 www.google.com.hk # bck9

216.239.32.20 www.google.com.mx # bck9

216.239.32.20 www.google.com.my # bck9

216.239.32.20 www.google.com.pe # bck9

216.239.32.20 www.google.com.ph # bck9

216.239.32.20 www.google.com.pk # bck9

216.239.32.20 www.google.com.sg # bck9

216.239.32.20 www.google.com.tr # bck9

216.239.32.20 www.google.com.tw # bck9

216.239.32.20 www.google.com.ua # bck9

216.239.32.20 www.google.de # bck9

216.239.32.20 www.google.dk # bck9

216.239.32.20 www.google.es # bck9

216.239.32.20 www.google.fi # bck9

216.239.32.20 www.google.fr # bck9

216.239.32.20 www.google.it # bck9

216.239.32.20 www.google.lt # bck9

216.239.32.20 www.google.lv # bck9

216.239.32.20 www.google.nl # bck9

216.239.32.20 www.google.pl # bck9

216.239.32.20 www.google.pt # bck9

216.239.32.20 www.google.ro # bck9

216.239.32.20 www.google.ru # bck9

I am not sure if it was Security Shield that caused this, I hope there isn't any spyware from it still hidden inside my computer. I am not sure what these extra tags does but its annoying me. Can someone help? Is it safe or not and what is this actually doing.

Thank you!

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Administrator Yang at 16:50:48 on 2012-07-15

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1756 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe

C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

C:\Program Files (x86)\Notepad++\notepad++.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Windows\system32\notepad.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [AdobeBridge]

uRun: [WorkForce 435(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHRA.EXE /FU "C:\Users\ADMINI~1\AppData\Local\Temp\E_S91F2.tmp" /EF "HKCU"

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [bible360] rundll32.exe "C:\Users\Administrator Yang\AppData\Local\BigHugeEngine\Bible360\tvzjqlnhf.dll",CreateInstance

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun: [<NO NAME>]

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"

mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7E112DA7-8C88-4DBF-81F3-ABCF04B9E49D} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7E112DA7-8C88-4DBF-81F3-ABCF04B9E49D}\140707C65602E4564777F627B602666326667373 : DhcpNameServer = 10.0.1.1

TCP: Interfaces\{7E112DA7-8C88-4DBF-81F3-ABCF04B9E49D}\144545438343 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{7E112DA7-8C88-4DBF-81F3-ABCF04B9E49D}\7516E6760214962707F62747 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7E112DA7-8C88-4DBF-81F3-ABCF04B9E49D}\B6F6269656235353 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{87C2AAF6-0AB3-4CC2-A933-B0B32E79E5ED} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO-X64: TSBHO Class - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun-x64: [(Default)]

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun-x64: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"

mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

Hosts: 216.239.32.20 www.google.ae # bck9

Hosts: 216.239.32.20 www.google.at # bck9

Hosts: 216.239.32.20 www.google.be # bck9

Hosts: 216.239.32.20 www.google.ca # bck9

Hosts: 216.239.32.20 www.google.ch # bck9

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Administrator Yang\AppData\Roaming\Mozilla\Firefox\Profiles\rhrkd2cp.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Windows\system32\npmproxy.dll

FF - plugin: C:\Windows\system32\npOGPPlugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 bckd;bckd;C:\Windows\system32\drivers\bckd.sys --> C:\Windows\system32\drivers\bckd.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-26 89600]

R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2012-2-13 2122000]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-8-24 514232]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-25 260424]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-19 13592]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-26 2413056]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 655944]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-6-20 2666880]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-19 2656280]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-6-14 1098296]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/06/03 12:33:32;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-2-8 244720]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 113120]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 wmamp3DriverV32;wmamp3DriverV32;C:\Windows\system32\drivers\wmamp3DriverV32.sys --> C:\Windows\system32\drivers\wmamp3DriverV32.sys [?]

.

=============== Created Last 30 ================

.

2012-07-15 21:39:41 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E27C4892-9CC6-4533-8FBC-63CC63E9DC78}\mpengine.dll

2012-07-14 20:14:57 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-12 08:23:53 -------- d-----w- C:\Users\Administrator Yang\AppData\Local\Bible360

2012-07-12 08:23:08 -------- d-----w- C:\ProgramData\Bible360

2012-07-12 08:23:08 -------- d-----w- C:\Program Files (x86)\Immersion Digital

2012-07-11 10:07:38 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 08:50:11 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-09 22:03:54 -------- d-----w- C:\Program Files (x86)\LOLReplay

2012-07-08 12:10:07 -------- d-----w- C:\Users\Administrator Yang\AppData\Local\SKIDROW

2012-07-08 11:20:07 -------- d-----w- C:\Users\Administrator Yang\AppData\Local\Skyrim

2012-07-08 11:10:36 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim

2012-07-08 08:02:29 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-07-08 08:02:29 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-07-07 10:10:57 -------- d-----w- C:\Users\Administrator Yang\AppData\Roaming\Xfire

2012-07-07 10:10:55 -------- d-----w- C:\ProgramData\Xfire

2012-07-06 00:36:54 -------- d-----w- C:\ProgramData\NexonUS

2012-07-06 00:36:54 -------- d-----w- C:\Nexon

2012-07-05 22:49:48 -------- d-----w- C:\Users\Administrator Yang\AppData\Local\Apple Computer

2012-07-05 22:48:44 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-07-05 22:47:55 -------- d-----w- C:\Users\Administrator Yang\AppData\Local\Apple

2012-07-05 22:47:17 -------- d-----w- C:\Program Files\Bonjour

2012-07-05 22:47:17 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-07-04 06:32:32 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F1EB2A2-4E48-43D8-8D97-D2A44BD4FFFE}\gapaengine.dll

2012-07-02 21:36:23 -------- d-----w- C:\Users\Administrator Yang\AppData\Local\Eclipse

2012-06-29 22:57:19 -------- d-----w- C:\Program Files\Blue Coat K9 Web Protection

2012-06-28 01:21:37 -------- d-----w- C:\Windows\SysWow64\xlive

2012-06-28 01:21:30 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2012-06-27 23:48:31 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-06-27 23:48:29 -------- d-----w- C:\Program Files (x86)\Steam

2012-06-23 21:39:48 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant

2012-06-23 00:11:04 -------- d-----w- C:\Users\Administrator Yang\AppData\Local\CyberLink

2012-06-22 21:29:06 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-22 21:28:59 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-22 21:28:49 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-22 21:28:49 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-21 02:25:19 -------- d-----w- C:\Users\Administrator Yang\AppData\Local\AuthenTec

2012-06-20 23:19:30 -------- d-----w- C:\Users\Administrator Yang\AppData\Roaming\TeamViewer

2012-06-20 23:12:20 -------- d-----w- C:\Program Files (x86)\TeamViewer

2012-06-20 04:23:06 -------- d-----w- C:\Users\Administrator Yang\AppData\Roaming\LolClient

2012-06-18 00:28:33 -------- d-----w- C:\Users\Administrator Yang\AppData\Local\Hewlett-Packard_Developme

2012-06-16 00:17:26 28096 ----a-w- C:\Windows\System32\xfcodec64.dll

2012-06-16 00:17:24 42432 ----a-w- C:\Windows\SysWow64\xfcodec.dll

.

==================== Find3M ====================

.

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-23 21:13:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-23 21:13:49 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-03 19:31:35 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2012-06-03 19:31:34 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-25 21:02:52 43800 ----a-w- C:\Windows\System32\drivers\Accelerometer.sys

2012-04-25 21:02:52 31000 ----a-w- C:\Windows\System32\hpservice.exe

2012-04-25 21:02:52 30488 ----a-w- C:\Windows\System32\drivers\hpdskflt.sys

2012-04-25 21:02:52 21272 ----a-w- C:\Windows\System32\accelerometerdll.DLL

2012-04-25 21:02:52 18200 ----a-w- C:\Windows\System32\HPMDPCoInst12.dll

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-17 22:05:15 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 16:51:44.31 ===============

I don't know how to zip a file so (Attach)

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 11/25/2011 7:55:37 AM

System Uptime: 7/15/2012 3:49:49 PM (1 hours ago)

.

Motherboard: Hewlett-Packard | | 1802

Processor: Intel® Core i7-2670QM CPU @ 2.20GHz | CPU1 |

1980/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 579 GiB total, 487.691 GiB free.

D: is FIXED (NTFS) - 17 GiB total, 1.845 GiB free.

E: is CDROM ()

F: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Loopback Adapter

Device ID: ROOT\NET\0000

Manufacturer: Microsoft

Name: Microsoft Loopback Adapter

PNP Device ID: ROOT\NET\0000

Service: msloop

.

==== System Restore Points ===================

.

RP171: 7/8/2012 1:02:35 AM - Windows Update

RP172: 7/11/2012 3:00:17 AM - Windows Update

RP173: 7/12/2012 1:19:09 AM - Windows Update

RP174: 7/12/2012 3:00:12 AM - Windows Update

RP175: 7/13/2012 3:00:14 AM - Windows Update

RP176: 7/14/2012 3:00:15 AM - Windows Update

RP177: 7/15/2012 4:19:33 PM - Removed Skype™ 5.10

RP178: 7/15/2012 4:20:29 PM - Removed Skype Click to Call

.

==== Hosts File Hijack ======================

.

Hosts: 216.239.32.20 www.google.ae # bck9

Hosts: 216.239.32.20 www.google.at # bck9

Hosts: 216.239.32.20 www.google.be # bck9

Hosts: 216.239.32.20 www.google.ca # bck9

Hosts: 216.239.32.20 www.google.ch # bck9

Hosts: 216.239.32.20 www.google.cl # bck9

Hosts: 216.239.32.20 www.google.co.il # bck9

Hosts: 216.239.32.20 www.google.co.in # bck9

Hosts: 216.239.32.20 www.google.co.jp # bck9

Hosts: 216.239.32.20 www.google.co.kr # bck9

Hosts: 216.239.32.20 www.google.co.nz # bck9

Hosts: 216.239.32.20 www.google.co.uk # bck9

Hosts: 216.239.32.20 www.google.co.ve # bck9

Hosts: 216.239.32.20 www.google.co.za # bck9

Hosts: 216.239.32.20 www.google.com # bck9

Hosts: 216.239.32.20 www.google.com.ar # bck9

Hosts: 216.239.32.20 www.google.com.au # bck9

Hosts: 216.239.32.20 www.google.com.br # bck9

Hosts: 216.239.32.20 www.google.com.co # bck9

Hosts: 216.239.32.20 www.google.com.gr # bck9

Hosts: 216.239.32.20 www.google.com.hk # bck9

Hosts: 216.239.32.20 www.google.com.mx # bck9

Hosts: 216.239.32.20 www.google.com.my # bck9

Hosts: 216.239.32.20 www.google.com.pe # bck9

Hosts: 216.239.32.20 www.google.com.ph # bck9

Hosts: 216.239.32.20 www.google.com.pk # bck9

Hosts: 216.239.32.20 www.google.com.sg # bck9

Hosts: 216.239.32.20 www.google.com.tr # bck9

Hosts: 216.239.32.20 www.google.com.tw # bck9

Hosts: 216.239.32.20 www.google.com.ua # bck9

Hosts: 216.239.32.20 www.google.de # bck9

Hosts: 216.239.32.20 www.google.dk # bck9

Hosts: 216.239.32.20 www.google.es # bck9

Hosts: 216.239.32.20 www.google.fi # bck9

Hosts: 216.239.32.20 www.google.fr # bck9

Hosts: 216.239.32.20 www.google.it # bck9

Hosts: 216.239.32.20 www.google.lt # bck9

Hosts: 216.239.32.20 www.google.lv # bck9

Hosts: 216.239.32.20 www.google.nl # bck9

Hosts: 216.239.32.20 www.google.pl # bck9

Hosts: 216.239.32.20 www.google.pt # bck9

Hosts: 216.239.32.20 www.google.ro # bck9

Hosts: 216.239.32.20 www.google.ru # bck9

.

==== Installed Programs ======================

.

µTorrent

ABBYY FineReader 9.0 Sprint

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 Plugin

Adobe Flash Professional CS6

Adobe Help Manager

Adobe Photoshop CS5.1

Adobe Reader X (10.1.3) MUI

Adobe Shockwave Player 11.5

Alliance of Valiant Arms

Apple Application Support

Apple Software Update

Audacity 2.0

Bandisoft MPEG-1 Decoder

Bible360 [en-us]

CyberLink PowerDVD

CyberLink YouCam

D3DX10

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Energy Star Digital Logo

Epson Connect

Epson FAX Utility

EPSON Scan

EpsonNet Print

ESU for Microsoft Windows 7

Evernote v. 4.2.2

Fraps

Hewlett-Packard ACLM.NET v1.1.2.0

HP Connection Manager

HP Customer Experience Enhancements

HP Documentation

HP DVB-T TV Tuner 8.0.64.43

HP MovieStore

HP On Screen Display

HP Power Manager

HP Quick Launch

HP Setup

HP Setup Manager

HP SimplePass 2011

HP Software Framework

HP Support Assistant

IDT Audio

Intel® Control Center

Intel® Identity Protection Technology 1.2.22.0

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 31

Kingdoms of Amalur Reckoning

LAME v3.99.3 (for Windows)

League of Legends

Malwarebytes Anti-Malware version 1.62.0.1300

MapleStory

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nexon Game Manager

Notepad++

Pando Media Booster

PDF Settings CS5

PDF Settings CS6

PlayReady PC Runtime x86

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

Recovery Manager

Renesas Electronics USB 3.0 Host Controller Driver

RoxioNow Player

Security Update for Microsoft .NET Framework 4 Client Profile

(KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile

(KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile

(KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile

(KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile

(KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile

(KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile

(KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile

(KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile

(KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile

(KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit

Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit

Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit

Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit

Edition

Steam

TeamViewer 7

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit

Edition

VIP Access SDK (1.1.0.4)

Xfire (remove only)

.

==== Event Viewer Messages From Past Week ========

.

7/15/2012 4:14:57 PM, Error: Service Control Manager [7034] - The

Skype C2C Service service terminated unexpectedly. It has done this

1 time(s).

7/15/2012 4:11:49 PM, Error: Microsoft-Windows-DNS-Client [1012] -

There was an error while attempting to read the local hosts file.

7/14/2012 1:05:52 PM, Error: Service Control Manager [7031] - The

Windows Search service terminated unexpectedly. It has done this 1

time(s). The following corrective action will be taken in 30000

milliseconds: Restart the service.

7/14/2012 1:05:52 PM, Error: Service Control Manager [7024] - The

Windows Search service terminated with service-specific error %%-

1073473535.

7/11/2012 10:37:40 PM, Error: Service Control Manager [7011] - A

timeout (30000 milliseconds) was reached while waiting for a

transaction response from the TeamViewer7 service.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against our policy:

http://forums.malwar...showtopic=97700

-----------------------------------------------------------

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.