Was being stopped accessig Malwarebyte

Sorcha · July 21, 2012

I seem to have fixed the above but my sons laptop will now now not allow me to download any security system, it lets me download then then attempts to have me find a file toopen then with, any advice would be great thanks!

Oh I should say him and his little friend were looking at porn yesterday, I been having problems since then! Such as not allowing other son on World of Warcraft (fixed) not allowing download of Malware (fixed), not allowingme to run Malware (fixed)

Porn blocker has now been ordered!

Thanks lots! Myfather will be very angry if we need to take this to a shop again, this is his 2nd laptop and he has been warned and warned about downloading and even LOOKING!

sorry about typos, bit stressed been "fixing" since 10.0-am

Maurice Naggar · July 21, 2012

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Sorcha · July 21, 2012

7 threats

trojan.keylog file c:\quoobox\quarantine\c\users\names\A

trojan.MSIL.ND3 file - Ditto

PUP.Bumble.In FIle c\usersboysnames\downloads\7zip-setup

PUP.ToolbarDo File c:\users\boysnames\dowloads\softonicCo

same x 3

Hijack.regedit Registery Value HKCU\SOFTWARE|Microsoft\windows\curr Value System Dir

Came off the scanner nothing will move until i remove these obvioulsy

Sorcha · July 21, 2012

will post next results after scan

Sorcha · July 21, 2012

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-6-5 14544]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-07-21 17:06:33 -------- d-----w- C:\Users\Dylan-liam\AppData\Roaming\Malwarebytes

2012-07-21 17:06:29 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-21 17:06:28 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-21 17:06:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-21 17:01:41 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-21 16:25:04 98816 ----a-w- C:\Windows\sed.exe

2012-07-21 16:25:04 256000 ----a-w- C:\Windows\PEV.exe

2012-07-21 16:25:04 208896 ----a-w- C:\Windows\MBR.exe

2012-07-21 13:09:16 518144 ----a-w- C:\Windows\SWREG.exe

2012-07-21 12:59:47 -------- d-----w- C:\_OTL

2012-07-21 11:42:16 -------- d-----w- C:\VIPRERESCUE

2012-07-21 11:07:03 -------- d-----w- C:\Program Files (x86)\PC Tools Security

2012-07-20 20:25:20 -------- d-----w- C:\Program Files (x86)\Internet Content Filter

2012-07-20 18:43:56 -------- d-----w- C:\Users\Dylan-liam\AppData\Local\Facebook

2012-07-19 22:00:42 -------- d-----w- C:\Users\Dylan-liam\AppData\Local\CyberLink

2012-07-19 20:33:10 -------- d-----w- C:\Users\Dylan-liam\AppData\Local\{C889504A-00AE-4E8A-9D6F-DA0132BC3647}

2012-07-19 20:32:58 -------- d-----w- C:\Users\Dylan-liam\AppData\Local\{5A1680F0-EE61-4FC6-A4AC-4A7AFEE565D4}

2012-07-13 21:29:08 -------- d-----w- C:\Program Files (x86)\GTA Code Creator V0.2

2012-07-13 20:29:50 -------- d-----w- C:\Users\Dylan-liam\AppData\Roaming\Unleashed Games

2012-07-08 18:27:23 -------- d-----w- C:\Windows\SysWow64\AGEIA

2012-07-08 18:26:45 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-07-06 15:12:24 386320 ----a-w- C:\Windows\System32\ICF.dll

2012-07-06 14:43:24 383248 ----a-w- C:\Windows\sediag.exe

2012-07-05 23:17:40 -------- d-----w- C:\Program Files (x86)\Research In Motion Limited

2012-07-05 23:17:40 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion

2012-06-28 16:26:19 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-06-28 15:10:32 -------- d-----w- C:\ProgramData\Blizzard Entertainment

.

==================== Find3M ====================

.

2012-07-21 16:44:25 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-21 16:44:25 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-28 16:26:02 687600 ----a-w- C:\Windows\SysWowcccccccc364\CmdLineExt_x64.dll

2012-06-04 14:07:26 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-06-04 14:07:26 839112 ----a-w- C:\Windows\System32\deployJava1.dll

2012-05-18 18:21:55 3993600 ----a-w- C:\Program Files (x86)\GUT5218.tmp

2012-05-09 20:35:21 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-05-09 13:16:01 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-05-06 18:35:26 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-04-29 13:02:01 1676 ----a-w- C:\Windows\System32\ASOROSet.bin

.

============= FINISH: 18:43:29.80 ===============

tricky this.....screen jumping around maybe just the laptop!

Sorcha · July 21, 2012

malaware will not let me post its log now it has just dissapeared??

Maurice Naggar · July 21, 2012

1) Disconnect pc from internet. If possible, unplug the connection to internet.

Then do this way of starting MBAM:

Close any/all open internet browsers. Save any open documents you have open & close programs you started.
Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon
On Windows 7, press Windows-key, then start typing in text box
```
Malwarebytes
```
then select/click Malwarebytes Anti-Malware Chameleon
Once the Help file opens, click on a Chameleon button (starting with #1)
If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
You should see a black Command-prompt-window that remains open and says MBAM-chameleon ver. 1.62 at the top
Press any key to continue as it says in the window {space-bar will do}
If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
Have infinite patience during this process
Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
Once the update completes and it says your database is updated, click on OK button so that process can continue
Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
Once the scan is complete, click on Show Results and remove any threats that are found by clicking Remove Selected
If prompted to restart your computer to complete the removal process, click Yes
If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
After your computer restarts, open Malwarebytes Anti-Malware and perform one last Quick scan to verify that there are no remaining threats

IF you can not run MBAM:

Try to restart the system again. and .... As soon as it begins, tap & retap the F8 Function key on keyboard.

Then from the Advanced Boot Options, select Safe Mode with Networking

Use the Up / Down arrow keys on keyboard and select Safe Mode with Networking

Then have plenty of patience as Windows loads up. It may take 5 minutes or so.

Then once you are in Windows, get back to this forum and attach the log by first clicking "More reply Options" then look for the "attachment" links on the bottom left. You can attach the logs instead of copy and paste.

Sorcha · July 21, 2012

Okay I will do this now.....

Small confusion you start by saying unplug from internet then say it needs internet on to update?

Do I turn it off or on? Thanks !!

Maurice Naggar · July 21, 2012

Sorry, I meant to take out that line ---for your case.

Yes, disconnect from internet and do as much as possible. Whatever MBAM tags, let it put it in Quarantine, other wise, let it delete the items.

and let me know, if you have another (clean one though) pc available where you are.

by the way, give all details on the result of MBAM scan.

Sorcha · July 21, 2012

Blast I just done the opposite i will do it again, here are results (I hope) thanks! yes horrid laptop i cannot work and pc and another laptop, i think!

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.21.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Dylan-liam :: DYLAN-LIAM-PC [administrator]

Protection: Enabled

21/07/2012 19:59:53

mbam-log-2012-07-21 (19-59-53).txt

Scan type: Full scan (C:\|Q:\|)

Scan options disabled: P2P

Objects scanned: 313426

Time elapsed: 21 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Users\Dylan-liam\Downloads\SoftonicDownloader_for_minecraft(1).exe (PUP.ToolbarDownloader) -> No action taken.

C:\Users\Dylan-liam\Downloads\SoftonicDownloader_for_minecraft.exe (PUP.ToolbarDownloader) -> No action taken.

C:\Users\Dylan-liam\Downloads\SoftonicDownloader_for_windows-live-messenger.exe (PUP.ToolbarDownloader) -> No action taken.

C:\Users\Dylan-liam\Downloads\SoftonicDownloader_for_xpadder.exe (PUP.ToolbarDownloader) -> No action taken.

(end)

Maurice Naggar · July 21, 2012

You must select these items and have MBAM remove them. Looks like you will have to re-run the MBAM Chameleon.

Sorcha · July 21, 2012

Latest log and i ran through the 12 (all clear) then scanned and still I have these?

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.21.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Dylan-liam :: DYLAN-LIAM-PC [administrator]

Protection: Enabled

21/07/2012 20:32:55

mbam-log-2012-07-21 (19-59-53).txt

Scan type: Full scan (C:\|Q:\|)

Scan options disabled: P2P

Objects scanned: 313804

Time elapsed: 20 minute(s), 59 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Users\Dylan-liam\Downloads\SoftonicDownloader_for_minecraft(1).exe (PUP.ToolbarDownloader) -> No action taken.

C:\Users\Dylan-liam\Downloads\SoftonicDownloader_for_minecraft.exe (PUP.ToolbarDownloader) -> No action taken.

C:\Users\Dylan-liam\Downloads\SoftonicDownloader_for_windows-live-messenger.exe (PUP.ToolbarDownloader) -> No action taken.

C:\Users\Dylan-liam\Downloads\SoftonicDownloader_for_xpadder.exe (PUP.ToolbarDownloader) -> No action taken.

(end)

Sorcha · July 21, 2012

I have also managed to down load super anti syware and run that which showed up 500 infections, cleared then, still left with these 4.

Maurice Naggar · July 21, 2012

I intended to tell you earlier ---but doin it now --- while I am helping you, do not download any tools nor run tools on your own.

Let me provide the guidance going forward.

IF SAS is running now, let it finish and then post the log.

Here's what I'd prefer that you do ---- do as much as possible of the following.

Step 1

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Step 2

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 3

To show all files:

Go to your Desktop
Double-Click the Computer icon.
From the menu options, Select Tools, then Folder Options.
Next click the View tab.
Locate and uncheck Hide file extensions for known file types.
Locate and uncheck Hide protected operating system files (Recommended).
Locate and click Show hidden files and folders and drives.
Click Apply > OK.

Step 4

IF you already have DDS, then you do not need to do another download.

Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

Sorcha · July 21, 2012

TMI for today I am afriad, I may do some but may be tomorrow now! Thank you and I will have reports tomorrow!

Maurice Naggar · July 21, 2012

That's fine. Just have confidence & patience and do one thing at a time --- as you can manage.

While it may look like a big bunch, each part takes a a few minutes. Take your time.

If anything is not clear, then stop and ask me.

Sorcha · July 21, 2012

I am losing the will to live it detests RKILL!!!

Sorcha · July 21, 2012

Nope Its not allowing me to save any of tose links at all, even the xplorere ones, they all popped up various screens but were shut down the dylan/liamtext affected a lot of them. That defo me for tonight!

Sorcha · July 21, 2012

latest log is all it will allow.C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Internet Content Filter\mfp.exe

C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bt.yahoo.com/

mStart Page = hxxp://home.sweetim.com/?crg=4.0003002

uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SweetPacks Browser Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe

mRun: [indicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

mRun: [DeskUpdateNotifier] "c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP

mRun: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

mRun: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [iCF] "C:\Program Files (x86)\Internet Content Filter\mfp.exe"

StartupFolder: C:\Users\DYLAN-~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: C:\Windows\SYSWOW64\icf.dll

LSP: xfire_lsp_9028.dll

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{2D7D8AF6-A853-4524-8877-691811231CA5} : DhcpNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{2D7D8AF6-A853-4524-8877-691811231CA5}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23

TCP: Interfaces\{2D7D8AF6-A853-4524-8877-691811231CA5}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23

Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO-X64: Browser Guard BHO - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll

BHO-X64: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO-X64: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

BHO-X64: SWEETIE - No File

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

TB-X64: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll

TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

TB-X64: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe

mRun-x64: [indicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

mRun-x64: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

mRun-x64: [DeskUpdateNotifier] "c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe"

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP

mRun-x64: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

mRun-x64: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [iCF] "C:\Program Files (x86)\Internet Content Filter\mfp.exe"

.

============= SERVICES / DRIVERS ===============

.

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]

R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-4-30 571320]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 fpUpdateSvc;Family Protection Update Service;C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2012-7-21 294672]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-21 655944]

R2 PFNService;PFNService;C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-6-24 330240]

R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2009-7-30 63336]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-29 2314240]

R2 VFPRadioSupportService;Bluetooth Feature Support;C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-12-24 145840]

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\DRIVERS\FUJ02E3.sys --> C:\Windows\system32\DRIVERS\FUJ02E3.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe --> C:\Program Files (x86)\24x7Help\App24x7Svc.exe [?]

S2 AVGIDSAgent;AVGIDSAgent;"C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" --> C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-29 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-29 250056]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-6-4 135584]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-29 136176]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-6-5 14544]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-07-21 20:25:20 386320 ----a-w- C:\Windows\System32\ICF.dll

2012-07-21 20:25:10 420624 ----a-w- C:\Windows\System32\seinst.dll

2012-07-21 20:25:09 338192 ----a-w- C:\Windows\SysWow64\ICF.dll

2012-07-21 20:25:09 325392 ----a-w- C:\Windows\SysWow64\seinst.dll

2012-07-21 20:25:09 284432 ----a-w- C:\Windows\SERecat.exe

2012-07-21 18:00:45 -------- d-----w- C:\Users\Dylan-liam\AppData\Roaming\SUPERAntiSpyware.com

2012-07-21 18:00:39 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-07-21 18:00:39 -------- d-----w- C:\Program Files\SUPERAntiSpyware