bts scour/Google Search Redirect Malware

[ObsBlk]

Hello,

I previously responded to someone else's thread, which I now know is the incorrect procedure here. I want to make sure I follow the rules, so I'm starting my own post, even though I don't wish to have a new thread and a thread "bumped" by me. I don't want to come across as someone who is disrespectfully spamming this forum, so I wanted to explictily state my purpose behind starting this thread (when I made the mistake of responding to a thread that was not mine already). Again, I'm really sorry for messing up earlier, and I'm going to be trying my hardest to follow any further instructions I receive the best I can.

Anyways, like many others my computer has managed to get infected with a google search redirecting malware (which Malwarebytes hasn't been able to detect and fix). I'm not sure what other information will be helpful in assisting me, but please let me know what other information I can provide. I will post the DDS logfiles below.

Thank you so much in advance,

John

DDS

---------

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by John Terbot at 17:14:07 on 2012-09-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8075.5660 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

C:\Windows\system32\CxAudMsg64.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\SAsrv.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\rundll32.exe

C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE

C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\rundll32.exe

C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE

C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe

C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Lenovo\System Update\SUService.exe

C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://lenovo.msn.com

uDefault_Page_URL = hxxp://lenovo.msn.com

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Symantec VIP Access Add-On: {c63cd127-a1cb-4d49-a4f7-d6f88a917be6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

uRun: [Google Update] "C:\Users\John Terbot\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler

uRun: [HP Photosmart 6510 series (NET)] "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN25P5521Z05QB:NW" -scfn "HP Photosmart 6510 series (NET)" -

AutoStart 1

mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{3AD1CDC9-AB31-48FB-B4B4-35F73C59A9A9} : DhcpNameServer = 192.168.42.129

TCP: Interfaces\{3DD10257-90A8-4DED-BC94-5A9C23384560} : DhcpNameServer = 192.168.42.129

TCP: Interfaces\{980E39EC-F921-4AE8-8756-E46270938B1B} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{980E39EC-F921-4AE8-8756-E46270938B1B}\16474777966696 : DhcpNameServer = 10.36.16.1 64.134.255.2 64.134.255.10

TCP: Interfaces\{980E39EC-F921-4AE8-8756-E46270938B1B}\3424350275962756C6563737 : DhcpNameServer = 140.254.232.33 140.254.201.4 128.146.117.95

TCP: Interfaces\{980E39EC-F921-4AE8-8756-E46270938B1B}\4416273786 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{980E39EC-F921-4AE8-8756-E46270938B1B}\47572726F6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{980E39EC-F921-4AE8-8756-E46270938B1B}\D4F6F6B696A4F6573756D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{980E39EC-F921-4AE8-8756-E46270938B1B}\F43555D4340274575637470294E6475627E65647 : DhcpNameServer = 140.254.127.108

TCP: Interfaces\{980E39EC-F921-4AE8-8756-E46270938B1B}\F6375777962756C6563737 : DhcpNameServer = 128.146.1.7 128.146.48.7

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll

BHO-X64: IEPlugin - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\John Terbot\AppData\Roaming\Mozilla\Firefox\Profiles\n3ivstc2.default\

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\John Terbot\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\John Terbot\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\John Terbot\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\John Terbot\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

.

============= SERVICES / DRIVERS ===============

.

R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]

R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]

R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2010-12-3 31592]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-8-25 40808]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-12-29 45496]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-8-25 59240]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-12-29 93032]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-25 2009704]

R2 risdxc;risdxc;C:\Windows\system32\DRIVERS\risdxc64.sys --> C:\Windows\system32\DRIVERS\risdxc64.sys [?]

R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2011-8-25 446592]

R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-25 378472]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2010-12-29 114024]

R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-12-29 64440]

R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-4-13 84088]

R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]

R3 BTHprint;Microsoft Bluetooth Printer Class;C:\Windows\system32\DRIVERS\bthprint.sys --> C:\Windows\system32\DRIVERS\bthprint.sys [?]

R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 LenovoRd;LenovoRd;C:\Windows\system32\Drivers\LenovoRd.sys --> C:\Windows\system32\Drivers\LenovoRd.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]

R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-26 116648]

S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-3 116072]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-3 250056]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]

S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-8-25 477032]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-26 116648]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]

S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-8-25 79208]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-09-17 20:30:15 -------- d-----w- C:\022190cde2cf097be06991

2012-09-13 18:30:58 -------- d-----w- C:\Users\John Terbot\AppData\Roaming\HpUpdate

2012-09-13 18:30:55 778088 ------w- C:\Windows\System32\HPDiscoPMA511.dll

2012-09-13 18:30:29 -------- d-----w- C:\Program Files (x86)\HP

2012-09-13 18:29:30 -------- d-----w- C:\Program Files\HP

2012-09-13 18:24:05 -------- d-----w- C:\Users\John Terbot\AppData\Local\HP

2012-09-13 17:41:32 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-08-30 20:25:44 33856 ---ha-w- C:\Windows\System32\hamachi.sys

2012-08-30 20:25:42 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2012-08-30 20:25:08 -------- d-----w- C:\Users\John Terbot\AppData\Roaming\Macrovision

2012-08-29 17:30:34 -------- d-----w- C:\Users\John Terbot\AppData\Roaming\MathWorks

2012-08-29 17:18:30 -------- d-----w- C:\Program Files\MATLAB

2012-08-29 17:10:08 -------- d-----w- C:\Windows\SysWow64\E177E04D548C4006A465EEB92D3DE021

2012-08-29 17:10:06 -------- d-----w- C:\Users\John Terbot\AppData\Local\Programs

2012-08-29 17:09:56 -------- d-----w- C:\Program Files (x86)\Minitab 15

2012-08-29 17:08:59 -------- d-----w- C:\Users\John Terbot\AppData\Local\Downloaded Installations

2012-08-29 16:45:10 -------- d-----w- C:\Program Files (x86)\MATLAB

2012-08-28 23:45:50 -------- d-----w- C:\Users\John Terbot\AppData\Roaming\LolClient

2012-08-28 23:13:35 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll

2012-08-28 23:13:35 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll

2012-08-28 23:13:34 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll

2012-08-28 23:10:09 -------- d-----w- C:\Riot Games

2012-08-28 21:54:36 -------- d-----w- C:\Program Files (x86)\League of legends

2012-08-28 21:45:44 -------- d-----w- C:\Users\John Terbot\AppData\Local\PMB Files

2012-08-28 21:45:43 -------- d-----w- C:\ProgramData\PMB Files

2012-08-28 21:45:28 -------- d-----w- C:\Program Files (x86)\Pando Networks

2012-08-26 16:34:52 -------- d-s---w- C:\Users\John Terbot\Google Drive

.

==================== Find3M ====================

.

2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-16 18:35:38 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-16 18:35:37 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-22 01:12:58 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys

.

============= FINISH: 17:14:55.21 ===============

Attach

--------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 9/8/2011 1:56:39 PM

System Uptime: 9/17/2012 4:22:33 PM (1 hours ago)

.

Motherboard: LENOVO | | 4177CTO

Processor: Intel® Core i7-2620M CPU @ 2.70GHz | CPU | 783/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 346 GiB total, 33.467 GiB free.

G: is CDROM (CDFS)

Q: is FIXED (NTFS) - 16 GiB total, 0.021 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}

_VID&0001000F_PID&0000\8&A7F0BC1&0&8C541DD5C973_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}

_VID&0001000F_PID&0000\8&A7F0BC1&0&8C541DD5C973_C00000000

Service:

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}

_VID&0001000F_PID&0000\8&A7F0BC1&0&8C541DD5C973_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}

_VID&0001000F_PID&0000\8&A7F0BC1&0&8C541DD5C973_C00000000

Service:

.

==== System Restore Points ===================

.

RP151: 9/15/2012 4:11:08 AM - Scheduled Checkpoint

RP152: 9/17/2012 4:31:31 PM - Removed iTunes

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.0

Alarm

Apple Application Support

Apple Software Update

Aquaria

Audacity 1.3.13 (Unicode)

Audiosurf

Bing Bar

BioShock

Borderlands

Burn.Now 4.5

Character Builder

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Corel Burn.Now Lenovo Edition

Corel DVD MovieFactory 7

Corel DVD MovieFactory Lenovo Edition

Corel WinDVD

Create Recovery Media

D3DX10

Direct DiscRecorder

DivX Web Player

Dota 2

eLicenser Control

Fallout 3 - Game of the Year Edition

Goodnight Timer 1.1

Google Chrome

Google Drive

Google Talk Plugin

Google Update Helper

HP Photosmart 6510 series Help

HP Update

Inside a Star-filled Sky

Integrated Camera Driver Installer Package Ver.1.1.0.1147

Integrated Camera TWAIN

Intel® Control Center

Intel® Identity Protection Technology 1.1.2.0

Intel® Processor Graphics

Java Auto Updater

Java 6 Update 31

JMP 9

JMPProfilerCoreSetup

JMPProfilerGUISetup

Junk Mail filter update

Jurassic Park Operation Genesis

Keyboard Synthesizer

League of Legends

Lenovo Registration

Lenovo User Guide

Lenovo Warranty Information

Lenovo Welcome

LogMeIn Hamachi

Malwarebytes Anti-Malware version 1.65.0.1400

Mesh Runtime

Message Center Plus

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Pandora's Box

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft XNA Framework Redistributable 4.0

Minitab 15 English

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Pando Media Booster

Pharos

Portal

Portal 2

RapidBoot

RICOH_Media_Driver_v2.14.18.01

Roller Coaster Factory 3

S.T.A.L.K.E.R.: Shadow of Chernobyl

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Sequence

Skype™ 5.8

Songbird 1.10.1 (Build 2160)

Star Wars: Knights of the Old Republic

Steam

Systat 13 Manuals

System Update

Team Fortress 2

Terraria

The Wonderful End of the World

ThinkPad Power Manager

ThinkPad UltraNav Utility

ThinkPad Wireless LAN Adapter Software

Train Simulator 2012

TrueCrypt

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.762

VIPAccess

VLC media player 2.0.3

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR archiver

Zotero Standalone 3.0b3.2 (x86 en-US)

.

==== Event Viewer Messages From Past Week ========

.

9/17/2012 4:25:18 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service

depends the following service: BFE. This service might not be installed.

9/17/2012 4:25:10 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying

Modules service depends the following service: BFE. This service might not be installed.

9/17/2012 4:23:30 PM, Error: Service Control Manager [7023] - The Function Discovery Resource

Publication service terminated with the following error: %%-2147024891

9/17/2012 4:23:30 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service

depends on the Function Discovery Resource Publication service which failed to start because of the

following error: %%-2147024891

9/17/2012 4:23:04 PM, Error: Service Control Manager [7023] - The Computer Browser service

terminated with the following error: The specified service does not exist as an installed service.

9/17/2012 3:26:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was

reached while waiting for a transaction response from the Hamachi2Svc service.

9/12/2012 11:46:46 AM, Error: Service Control Manager [7034] - The Google Update Service (gupdate)

service terminated unexpectedly. It has done this 1 time(s).

9/11/2012 9:07:51 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the

shadow copy storage could not grow due to a user imposed limit.

.

==== End Of File ===========================

[MrCharlie]

Welcome to the forum.

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against the forums policy concerning P2P programs:

http://forums.malwar...showtopic=97700

----------------------------------------

Then........

What browsers are affected??

Next.........

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[ObsBlk]

MrC,

I've uninstalled utorrent, as far as I know I don't have any other P2P programs on my computer. Currently the only applications I have running are firefox and notepad (AFAIK).

The affected browsers are firefox and chrome. I don't use Internet Explorer often, but I checked it just now and it seemed to be unaffected.

RogueKillerLog

-----------------------

RogueKiller V8.0.3 [09/13/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : John Terbot [Admin rights]

Mode : Scan -- Date : 09/17/2012 17:52:39

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤

[RUN][bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : 123KickIt (rundll32.exe "C:\Users\John Terbot\AppData\Local\Adobe\123KickIt\hgouukpe.dll",CreateInstance) -> FOUND

[RUN][bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : 123KickIt (rundll32.exe "C:\Users\John Terbot\AppData\Local\Adobe\123KickIt\hgouukpe.dll",CreateInstance) -> FOUND

[RUN][bLACKLIST DLL] HKUS\S-1-5-21-3807770708-3084149573-1676260614-1000[...]\Run : 123KickIt (rundll32.exe "C:\Users\John Terbot\AppData\Local\Adobe\123KickIt\hgouukpe.dll",CreateInstance) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorUser (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\John Terbot\AppData\Local\{97f539d2-0759-e8f8-4ef1-74b5da168f15}\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\Windows\Installer\{97f539d2-0759-e8f8-4ef1-74b5da168f15}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\Windows\Installer\{97f539d2-0759-e8f8-4ef1-74b5da168f15}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Windows\Installer\{97f539d2-0759-e8f8-4ef1-74b5da168f15}\L --> FOUND

[ZeroAccess][FILE] @ : C:\Users\John Terbot\AppData\Local\{97f539d2-0759-e8f8-4ef1-74b5da168f15}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\Users\John Terbot\AppData\Local\{97f539d2-0759-e8f8-4ef1-74b5da168f15}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Users\John Terbot\AppData\Local\{97f539d2-0759-e8f8-4ef1-74b5da168f15}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++

--- User ---

[MBR] 24e7da95c89d5734d26983bb845e360b

[bSP] b70a6705ceb45ec4c9da898ec92edefa : Linux MBR Code

Partition table:

0 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 763860992 | Size: 87960 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 371778 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do.

MrC

[ObsBlk]

Thanks for your help, I think I'll just go ahead an do a reformat and reinstall.

[MrCharlie]

That's a good decision with the infections you have.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!