Jump to content

After Scanning with Malwarebytes Microsoft office got corrupted..Please help


Recommended Posts

I have scanned with Malware bytes Anti malwares/w and now none of the office files (Excel,MS Word,PPT) arenot able to open.

When I click on Word doc I am getting the message "There is not enough memmory or disk space to run word".

The most recent log is given below.

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.15.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Samuael :: SAMUAEL-PC [administrator]

15/12/2012 9:20:02 PM

mbam-log-2012-12-15 (21-20-02).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 473969

Time elapsed: 1 hour(s), 7 minute(s), 56 second(s)

Memory Processes Detected: 2

C:\Users\Samuael\AppData\Roaming\Tuto4pc\Tuto4pc\UpdateTyutoriyalaStnicHP.exe (PUP.Tuto4PC) -> 716 -> Delete on reboot.

C:\Program Files (x86)\Tuto4pc\tyutoriyala.exe (Trojan.EORezo) -> 3576 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 3

HKLM\SOFTWARE\Tuto4pc (PUP.Tuto4PC) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Tuto4pc (Trojan.EORezo) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tuto4pc_is1 (PUP.Tuto4PC) -> Quarantined and deleted successfully.

Registry Values Detected: 2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|UpdateTutorialsHP (PUP.Tuto4PC) -> Data: C:\Users\Samuael\AppData\Roaming\Tuto4pc\Tuto4pc\UpdateTyutoriyalaStnicHP.exe -runonce -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Tutorials (Trojan.EORezo) -> Data: "C:\Program Files (x86)\Tuto4pc\tyutoriyala.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 19

C:\Users\Samuael\AppData\Roaming\Tuto4pc\Tuto4pc\UpdateTyutoriyalaStnicHP.exe (PUP.Tuto4PC) -> Delete on reboot.

C:\ProgramData\Net Protector\Npbkp\ecfc2fd1e8b051f0ad0660abf2a74fa3_287008.npb (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.

C:\Users\Samuael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\26cdc025-1c2c5427 (Trojan.LameShield) -> Quarantined and deleted successfully.

C:\Users\Samuael\AppData\Roaming\Tuto4pc\Tuto4pc\UpdateTyutoriyalaStnic.exe (PUP.Tuto4PC) -> Quarantined and deleted successfully.

E:\virto2.exe (Trojan.Dropper) -> Delete on reboot.

E:\Generic Host Process\GHP3.exe (Trojan.Agent) -> Delete on reboot.

E:\Generic Host Process\NPORT.EXE (Spyware.Banker) -> Delete on reboot.

E:\Generic Host Process\ghp2.exe (Trojan.Agent) -> Delete on reboot.

E:\_ Utilities\Cleansvc.exe (Trojan.Agent) -> Delete on reboot.

E:\_ Utilities\GHP3.exe (Trojan.Agent) -> Delete on reboot.

E:\_ Utilities\cln_sysvol.exe (Trojan.Vilsel) -> Delete on reboot.

E:\_ Utilities\getlic.exe (Trojan.Agent) -> Delete on reboot.

E:\_ Utilities\nport.exe (Spyware.Banker) -> Delete on reboot.

E:\_ Utilities\oavserv.exe (Trojan.KillAV) -> Delete on reboot.

E:\_ Utilities\react.exe (Trojan.Agent) -> Delete on reboot.

E:\_ Utilities\regwiz.exe (Trojan.Agent) -> Delete on reboot.

E:\_ Utilities\updateset.exe (Trojan.Agent) -> Delete on reboot.

E:\kido\ghp2.exe (Trojan.Agent) -> Delete on reboot.

C:\Program Files (x86)\Tuto4pc\tyutoriyala.exe (Trojan.EORezo) -> Delete on reboot.

(end)

Link to post
Share on other sites

Hello mathsamuel and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and post the log files in your next reply:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Thanks Maniac for Helping me to solve this issue.

Currrently in my PC none of the office files (Excel,MS Word,PPT) are opening.Also I am not able to re install/Recover Previous verisons of MS word/PDF files

As per the instruction the mentioned log are given below

****************************************************************************************************************************************************************************************

Attach.txt

****************************************************************************************************************************************************************************************

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/12/2009 6:34:25 AM

System Uptime: 16/12/2012 8:58:39 PM (2 hours ago)

.

Motherboard: Quanta | | 3627

Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz | CPU | 2200/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 240 GiB total, 102.084 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 2.131 GiB free.

E: is CDROM ()

F: is FIXED (exFAT) - 213 GiB total, 71.472 GiB free.

G: is CDROM (CDFS)

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP366: 11/11/2012 7:23:47 PM - Scheduled Checkpoint

RP367: 20/11/2012 10:06:36 PM - Scheduled Checkpoint

RP368: 27/11/2012 10:09:56 PM - Scheduled Checkpoint

RP369: 05/12/2012 1:07:36 PM - Scheduled Checkpoint

RP370: 12/12/2012 5:43:48 PM - Removed Net Protector 2010

RP371: 12/12/2012 5:44:56 PM - Removed Net Protector 2010

RP372: 13/12/2012 12:44:52 PM - Installed Adobe Reader 9.1 MUI.

RP373: 13/12/2012 12:47:24 PM - Installed Adobe Reader 9.1 MUI.

RP380: 15/12/2012 8:11:49 AM - Installed Microsoft Works

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

1ClickDownloader

AC3Filter (remove only)

Acrobat.com

Activate Norton Online Backup

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX 64-bit

Adobe Reader 9.2 MUI

Ask Toolbar

Babylon toolbar on IE

Broadcom 802.11 Wireless LAN Adapter

Canon DIGITAL CAMERA Solution Disk Software Guide

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon PowerShot ELPH 100 HS_IXUS 115 HS Camera User Guide

Canon Utilities CameraWindow DC 8

Canon Utilities CameraWindow Launcher

Canon Utilities Movie Uploader for YouTube

Canon Utilities MyCamera

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Choice Guard

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite

DAT TO AVI CONVERTER version 3.2.0.1

DFX for Winamp

Download Updater (AOL LLC)

DriverAgent by eSupport.com

eMusic - 50 Free MP3 offer

ENE CIR Receiver Driver

Facebook Messenger 2.1.4651.0

Facebook Video Calling 1.2.0.287

ffdshow v1.1.3516 [2010-07-25]

Google Chrome

Google Earth Plug-in

Google Talk (remove only)

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Homepage Protection

HP Advisor

HP Customer Experience Enhancements

HP Games

HP MediaSmart DVD

HP MediaSmart Internet TV

HP MediaSmart Live TV

HP MediaSmart Movie Themes

HP MediaSmart Music/Photo/Video

HP MediaSmart SlingPlayer

HP MediaSmart Software Notebook Demo

HP MediaSmart Webcam

HP Quick Launch Buttons

HP Setup

HP Smart Web Printing

HP Support Assistant

HP Update

HP User Guides 0154

HP Wireless Assistant

IDT Audio

Intel® Graphics Media Accelerator Driver

Internet Explorer Toolbar 4.6 by SweetPacks

Java Auto Updater

Java 6 Update 29

Junk Mail filter update

LabelPrint

LightScribe System Software

Macromedia Dreamweaver 8

Macromedia Extension Manager

magicJack

Malwarebytes Anti-Malware version 1.65.1.1000

Max Payne 2

Microsoft Live Search Toolbar

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office Home and Student 60 day trial

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mozilla Firefox (3.5)

MSVC90_x86

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Net Protector 2010

Nokia Connectivity Cable Driver

Nokia Lifeblog 2.1

Nokia MTP driver

Nokia N73 highlights

Nokia Nseries Skin for Microsoft Windows Media Player

Nokia PC Suite

Nokia themes for your device

PC Connectivity Solution

Picasa 2

Power2Go

PowerDirector

PowerRecover

QLBCASL

Realtek 8136 8168 8169 Ethernet Driver

Realtek USB 2.0 Card Reader

Reliance Netconnect+

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Skype Click to Call

Skype™ 6.0

SlingBoxWatchYourTVAnyWhere

soapUI 4.5.0 4.5.0

SweetIM for Messenger 3.7

Synaptics Pointing Device Driver

Tata Photon+

Uninstall AOL Emergency Connect Utility 1.0

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition

Update Manager for SweetPacks 1.0

Veoh Giraffic Video Accelerator

Veoh Video Compass

Viewpoint Media Player

Visual C++ 8.0 Runtime Setup Package (x64)

VLC media player 1.0.3

WampServer 2.0

Winamp (remove only)

Windows Driver Package - Nokia Modem (02/25/2011 4.7)

Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Live Writer

WinRAR archiver

Yontoo 1.10.02

.

==== Event Viewer Messages From Past Week ========

.

16/12/2012 9:00:06 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\Drivers\mchInjDrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

16/12/2012 9:00:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the BBUpdate service to connect.

16/12/2012 9:00:01 PM, Error: Service Control Manager [7000] - The BBUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

16/12/2012 1:07:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect.

16/12/2012 1:07:55 PM, Error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

16/12/2012 1:07:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}

13/12/2012 2:10:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QuestService Service service to connect.

12/12/2012 4:45:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Zero-V AntiVirus Protection service to connect.

12/12/2012 4:45:12 PM, Error: Service Control Manager [7000] - The Zero-V AntiVirus Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/12/2012 4:45:08 PM, Error: Service Control Manager [7000] - The SFilter service failed to start due to the following error: The system cannot find the file specified.

12/12/2012 4:44:52 PM, Error: Service Control Manager [7000] - The NPAV Application Control service failed to start due to the following error: The system cannot find the file specified.

12/12/2012 3:38:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/12/2012 3:38:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/12/2012 3:38:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/12/2012 3:38:22 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21

12/12/2012 3:38:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/12/2012 3:38:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6

12/12/2012 3:29:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: NPPORT64

12/12/2012 3:28:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net Protector Port Firewall service to connect.

12/12/2012 3:28:41 PM, Error: Service Control Manager [7000] - The Net Protector Port Firewall service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/12/2012 2:19:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache NPPORT64 spldr Wanarpv6

12/12/2012 10:24:13 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.

10/12/2012 12:24:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

10/12/2012 12:24:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

10/12/2012 12:24:35 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/12/2012 12:24:35 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/12/2012 12:23:29 PM, Error: Service Control Manager [7034] - The Veoh Giraffic Video Accelerator service terminated unexpectedly. It has done this 1 time(s).

10/12/2012 12:23:29 PM, Error: Service Control Manager [7034] - The UDisk Monitor service terminated unexpectedly. It has done this 1 time(s).

10/12/2012 12:23:29 PM, Error: Service Control Manager [7034] - The Skype Updater service terminated unexpectedly. It has done this 1 time(s).

10/12/2012 12:23:29 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).

10/12/2012 12:23:29 PM, Error: Service Control Manager [7034] - The NPAV Antivirus Protection service terminated unexpectedly. It has done this 1 time(s).

10/12/2012 12:23:29 PM, Error: Service Control Manager [7034] - The Network Web Monitor service terminated unexpectedly. It has done this 1 time(s).

10/12/2012 12:23:29 PM, Error: Service Control Manager [7034] - The Net Protector Port Firewall service terminated unexpectedly. It has done this 1 time(s).

10/12/2012 12:23:29 PM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).

10/12/2012 12:23:29 PM, Error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).

10/12/2012 12:23:29 PM, Error: Service Control Manager [7034] - The HP Service service terminated unexpectedly. It has done this 1 time(s).

10/12/2012 12:23:29 PM, Error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).

10/12/2012 12:23:29 PM, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).

10/12/2012 12:23:29 PM, Error: Service Control Manager [7034] - The Andrea ST Filters Service service terminated unexpectedly. It has done this 1 time(s).

09/12/2012 9:54:36 PM, Error: Service Control Manager [7034] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).

09/12/2012 9:54:36 PM, Error: Service Control Manager [7034] - The ServiceLayer service terminated unexpectedly. It has done this 1 time(s).

09/12/2012 9:54:36 PM, Error: Service Control Manager [7034] - The Com4QLBEx service terminated unexpectedly. It has done this 1 time(s).

09/12/2012 9:54:36 PM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

09/12/2012 9:44:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: luafv

09/12/2012 9:32:26 AM, Error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: %%-2147467259

09/12/2012 10:38:07 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll

09/12/2012 10:17:51 PM, Error: Service Control Manager [7034] - The Block Level Backup Engine Service service terminated unexpectedly. It has done this 4 time(s).

09/12/2012 10:15:22 PM, Error: Service Control Manager [7034] - The Software Protection service terminated unexpectedly. It has done this 3 time(s).

09/12/2012 10:14:50 PM, Error: Service Control Manager [7034] - The Block Level Backup Engine Service service terminated unexpectedly. It has done this 3 time(s).

09/12/2012 10:12:51 PM, Error: Service Control Manager [7031] - The Block Level Backup Engine Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

09/12/2012 10:12:50 PM, Error: Service Control Manager [7031] - The Block Level Backup Engine Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

09/12/2012 10:12:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Block Level Backup Engine Service service to connect.

09/12/2012 10:12:48 PM, Error: Service Control Manager [7000] - The Block Level Backup Engine Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09/12/2012 10:12:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wbengine with arguments "" in order to run the server: {37734C4D-FFA8-4139-9AAC-60FBE55BF3DF}

09/12/2012 10:10:22 PM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

09/12/2012 10:08:22 PM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

.

==== End Of File ===========================

*******************************************************************************************************************************************************************************************************************************

DDS.txt

*******************************************************************************************************************************************************************************************************************************

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29

Run by Samuael at 22:18:19 on 2012-12-16

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2479 [GMT 5.5:30]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Web Secure\svcsec.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Users\Samuael\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\Samuael\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Users\Samuael\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe

C:\Program Files (x86)\Tata Photon+\Huawei\Tata Photon+.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={22AAD683-E3A9-11E1-BDE8-E40789CDEB5D}

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

uSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} -

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -

TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} -

TB: Veoh Video Compass: {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: AVG Security Toolbar: {A057A204-BACC-4D26-9990-79A187E2698E} -

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [googletalk] C:\Users\Samuael\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

uRun: [Picasa Media Detector] C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe

uRun: [cdloader] "C:\Users\Samuael\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [Facebook Update] "C:\Users\Samuael\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [Mobile Partner] "C:\Program Files (x86)\Tata Photon+\Huawei\Tata Photon+.exe"

uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s

uRun: [Google Update] "C:\Users\Samuael\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [NPAV4] "C:\PROGRA~2\NETPRO~1\NPAV4.exe"

mRun: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

mRun: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

StartupFolder: C:\Users\Samuael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Samuael\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:1

uPolicies-Explorer: HideSCAHealth = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: WallpaperStyle = 2

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Notify: cscdil - wlnotfy.dll

Notify: NPLogon - NPlogon.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Samuael\AppData\Roaming\Mozilla\Firefox\Profiles\r5c906mx.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=112212

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=112212&q=

FF - component: C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFAddOn.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll

FF - component: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - component: C:\Program Files (x86)\Web Search Operator\4.1.0.2080\FF\components\WSOFFAddOn.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: C:\Users\Samuael\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll

FF - plugin: C:\Users\Samuael\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Samuael\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\Samuael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Samuael\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: QuestService: {AAF6454A-4000-4015-84C1-6CD844C06B19} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AAF6454A-4000-4015-84C1-6CD844C06B19}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync

FF - Ext: AOL Toolbar: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1} - %profile%\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}

FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com

.

---- FIREFOX POLICIES ----

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: extentions.y2layers.installId - e656bab8-ceb8-48a5-a144-5a2e1276cd16

FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,dropdowndeals,twittube

.

FF - user.js: extensions.autoDisableScopes - 14

.

============= SERVICES / DRIVERS ===============

.

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-8-25 89600]

R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-9 30520]

R2 Network Web Monitor;Network Web Monitor;C:\Program Files (x86)\Web Secure\svcsec.exe [2010-12-12 258048]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]

R2 UDisk Monitor;UDisk Monitor;C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe [2011-11-12 405504]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-9 228408]

R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]

R3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2010-7-12 114304]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-5-26 138752]

S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2011-12-5 95416]

S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-12-13 21712]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-25 216576]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-25 233472]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2011-12-5 203320]

S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudobex.sys [2011-12-5 203320]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-22 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-30 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-11 389120]

S3 ztemtusbser;ZTEMT Legacy Serial Communication;C:\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys [2011-11-12 120704]

S3 zteusbser;ZTE USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\ztemtusbser.sys [2010-2-21 118784]

.

=============== File Associations ===============

.

FileExt: .scr: scrfile="%1" %*

.

=============== Created Last 30 ================

.

2012-12-13 18:29:15 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS

2012-12-13 18:29:15 -------- d-----w- C:\Users\Samuael\AppData\Local\eSupport.com

2012-12-12 06:59:02 -------- d-----w- C:\Users\Samuael\AppData\Roaming\Malwarebytes

2012-12-12 06:58:35 -------- d-----w- C:\ProgramData\Malwarebytes

2012-12-12 06:58:34 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-12 06:58:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-09 16:23:31 -------- d-----w- C:\ProgramData\C4EC4F14FE28194C0000C4EB8A301FF8

2012-11-22 05:30:31 -------- d-----r- C:\Program Files (x86)\Skype

.

==================== Find3M ====================

.

.

============= FINISH: 22:19:11.42 ===============

******************************************************************************************************************************************************************************************************************************

Link to post
Share on other sites

Let's first clean your system.

Step 1

Please uninstall the following applications:

Ask Toolbar

Babylon toolbar on IE

Internet Explorer Toolbar 4.6 by SweetPacks

Viewpoint Media Player

Yontoo 1.10.02

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

Please download Malwarebytes Anti-Rootkit from here.

  1. Unzip the contents to a folder in a convenient location.
  2. Open the folder where the contents were unzipped and run mbar.exe ( right click and select Run as adminsistrator for Vista and Windows 7)
  3. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  4. Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  5. Wait while the system shuts down and the cleanup process is performed.
  6. Please post the two logs produced.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • Malwarebytes Anti-Rootkit log
  • a new fresh DDS log

Link to post
Share on other sites

Thanks Maniac for the good support

As per the instruction the mentioned log are given below

****************************************************************************************************************************************************************************************

Junkware Removal Tool log

****************************************************************************************************************************************************************************************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.1.7 (12.16.2012:1)

OS: Windows 7 Home Premium x64

Ran by Samuael on 17/12/2012 at 23:20:45.67

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\sweetim

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\sweetpacks communicator

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{00000000-6e41-4fd3-8538-502f5495e5fc}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\babylon

Successfully deleted: [Registry Key] hkey_current_user\software\babylontoolbar

Successfully deleted: [Registry Key] hkey_local_machine\software\babylontoolbar

Successfully deleted: [Registry Key] hkey_current_user\software\conduit

Successfully deleted: [Registry Key] hkey_local_machine\software\iminent

Successfully deleted: [Registry Key] hkey_current_user\software\softonic

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim

Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\dnu.exe

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctl

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctl.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctlsecondary

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axmetastream.metastreamctlsecondary.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdate

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloaduibrowser

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloaduibrowser.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloadupdcontroller

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dnupdater.downloadupdcontroller.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sim-packages

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers.1

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\active setup\installed components\{03f998b2-0e00-11d3-a498-00104b6eb52e}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\active setup\installed components\{1b00725b-c455-4de6-bfb6-ad540ad427cd}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\app paths\sweetim.exe

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{abd3b5e1-b268-407b-a150-2641dab8d898}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{abd3b5e1-b268-407b-a150-2641dab8d898}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}

Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd"

Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd.1"

Successfully deleted: [Registry Key] "hkey_current_user\software\apn"

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"

Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"

Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"

~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll"

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.xpt"

Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\ProgramData\installmate"

Successfully deleted: [Folder] "C:\ProgramData\sweetim"

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

Successfully deleted: [Folder] "C:\Users\Samuael\AppData\Roaming\babylon"

Successfully deleted: [Folder] "C:\Users\Samuael\AppData\Roaming\tuto4pc"

Successfully deleted: [Folder] "C:\Users\Samuael\appdata\local\babylon"

Successfully deleted: [Folder] "C:\Users\Samuael\appdata\locallow\automated content enhancer"

Successfully deleted: [Folder] "C:\Users\Samuael\appdata\locallow\textual content provider"

Successfully deleted: [Folder] "C:\Users\Samuael\appdata\locallow\web search operator"

Successfully deleted: [Folder] "C:\Program Files (x86)\babylontoolbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"

Successfully deleted: [Folder] "C:\Program Files (x86)\tuto4pc"

Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"

Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"

Successfully deleted: [Folder] "C:\ProgramData\ask"

Successfully deleted: [Folder] "C:\Users\Samuael\appdata\locallow\asktoolbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"

~~~ FireFox

Successfully deleted: [File] C:\user.js

Successfully deleted: [File] C:\Users\Samuael\AppData\Roaming\mozilla\firefox\profiles\r5c906mx.default\user.js

Successfully deleted: [File] C:\Users\Samuael\AppData\Roaming\mozilla\firefox\profiles\r5c906mx.default\searchplugins\sweetim.xml

Successfully deleted: [Folder] C:\Users\Samuael\AppData\Roaming\mozilla\firefox\profiles\r5c906mx.default\extensions\ffxtlbr@babylon.com

Successfully deleted: [Folder] C:\Users\Samuael\AppData\Roaming\mozilla\firefox\profiles\r5c906mx.default\extensions\oneclickdownload@oneclickdownload.com

Successfully deleted: [Folder] C:\Users\Samuael\AppData\Roaming\mozilla\firefox\profiles\r5c906mx.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}

Successfully deleted: [Folder] C:\Users\Samuael\AppData\Roaming\mozilla\firefox\profiles\r5c906mx.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}

Successfully deleted the following from C:\Users\Samuael\AppData\Roaming\mozilla\firefox\profiles\r5c906mx.default\prefs.js

user_pref("aol_toolbar.buttons.layout", "aol_mail;weather_4982;shoutcast_radio_5302;ebay_5016;");

user_pref("aol_toolbar.firsttime.showwindow", false);

user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.3");

user_pref("aol_toolbar.metrics.activestampdate", "12");

user_pref("aol_toolbar.metrics.activestampmonth", "5");

user_pref("aol_toolbar.metrics.activestampyear", "2012");

user_pref("aol_toolbar.metrics.originalDate", "24");

user_pref("aol_toolbar.metrics.originalHours", "24");

user_pref("aol_toolbar.metrics.originalMinutes", "47");

user_pref("aol_toolbar.metrics.originalMonth", "7");

user_pref("aol_toolbar.metrics.originalSeconds", "20");

user_pref("aol_toolbar.metrics.originalYear", "2011");

user_pref("aol_toolbar.search.populateoncomplete", false);

user_pref("aol_toolbar.search.searchtype", "web");

user_pref("aol_toolbar.search.source", "tb50ffTB50CL");

user_pref("aol_toolbar.surf.date", "18");

user_pref("aol_toolbar.surf.lastDate", "12");

user_pref("aol_toolbar.surf.lastMonth", "5");

user_pref("aol_toolbar.surf.lastYear", "2012");

user_pref("aol_toolbar.surf.mURL", "");

user_pref("aol_toolbar.surf.mURLh", "0");

user_pref("aol_toolbar.surf.mURLw", "0");

user_pref("aol_toolbar.surf.mURLx", "0");

user_pref("aol_toolbar.surf.mURLy", "0");

user_pref("aol_toolbar.surf.milestone", "-1");

user_pref("aol_toolbar.surf.month", "18");

user_pref("aol_toolbar.surf.prevMonth", "59");

user_pref("aol_toolbar.surf.show", true);

user_pref("aol_toolbar.surf.total", "359");

user_pref("aol_toolbar.surf.week", "18");

user_pref("aol_toolbar.surf.year", "76");

user_pref("aol_toolbar.upgrade.showwindow", false);

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar.aflt", "babsst");

user_pref("extensions.BabylonToolbar.babExt", "");

user_pref("extensions.BabylonToolbar.babTrack", "affID=100888");

user_pref("extensions.BabylonToolbar.bbDpng", 12);

user_pref("extensions.BabylonToolbar.dfltLng", "en");

user_pref("extensions.BabylonToolbar.dfltSrch", false);

user_pref("extensions.BabylonToolbar.hmpg", false);

user_pref("extensions.BabylonToolbar.id", "c4e4194c000000000000000000000000");

user_pref("extensions.BabylonToolbar.instlDay", "15397");

user_pref("extensions.BabylonToolbar.instlRef", "sst");

user_pref("extensions.BabylonToolbar.lastDP", 12);

user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.179:04:28");

user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.5");

user_pref("extensions.BabylonToolbar.newTab", true);

user_pref("extensions.BabylonToolbar.newTabUrl", "http://search.babylon.com/?babsrc=NT_bb");

user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.propectorlck", 78085033);

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.ptch_0717", true);

user_pref("extensions.BabylonToolbar.smplGrp", "none");

user_pref("extensions.BabylonToolbar.srcExt", "ss");

user_pref("extensions.BabylonToolbar.tlbrId", "base");

user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");

user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.179:04:28");

user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100888");

user_pref("extensions.BabylonToolbar_i.hardId", "c4e4194c000000000000000000000000");

user_pref("extensions.BabylonToolbar_i.id", "c4e4194c000000000000000000000000");

user_pref("extensions.BabylonToolbar_i.instlDay", "15397");

user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

user_pref("extensions.BabylonToolbar_i.newTab", false);

user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.179:04:28");

user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

user_pref("extensions.enabledItems", "{8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5290,{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.3,{E889F097-B0BE-471B-89AD-B86B6F04B506}:

user_pref("sweetim.toolbar.previous.browser.startup.homepage", "http://www.theprizeday.com/today.php|http://www.aol.com");

user_pref("sweetim.toolbar.urls.homepage", "http://home.sweetim.com/?crg=3.1010000.10011&barid={22AAD683-E3A9-11E1-BDE8-E40789CDEB5D}");

user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "AOL Search");

user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");

user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "http://search.aol.com/aolcom/search?invocationType=tb50ffTB50CL-chromesbox-en-us&query=");

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 17/12/2012 at 23:28:20.65

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

*********************************************************************************************************************************************************************************************************************************

Malwarebytes Anti-Rootkit log

*********************************************************************************************************************************************************************************************************************************

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

Java version: 1.6.0_29

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 2.194000 GHz

Memory total: 4193452032, free: 2587037696

------------ Kernel report ------------

12/17/2012 23:40:04

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\isapnp.sys

\SystemRoot\system32\drivers\mpio.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\intelide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\aliide.sys

\SystemRoot\system32\drivers\amdide.sys

\SystemRoot\system32\drivers\cmdide.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\msdsm.sys

\SystemRoot\system32\drivers\nvraid.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\viaide.sys

\SystemRoot\system32\drivers\iaStorV.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\DRIVERS\lsi_sas.sys

\SystemRoot\system32\DRIVERS\storport.sys

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\HpSAMD.sys

\SystemRoot\system32\DRIVERS\adp94xx.sys

\SystemRoot\system32\DRIVERS\adpahci.sys

\SystemRoot\system32\DRIVERS\adpu320.sys

\SystemRoot\system32\drivers\amdsata.sys

\SystemRoot\system32\DRIVERS\amdsbs.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\DRIVERS\arc.sys

\SystemRoot\system32\DRIVERS\arcsas.sys

\SystemRoot\system32\DRIVERS\elxstor.sys

\SystemRoot\system32\DRIVERS\iirsp.sys

\SystemRoot\system32\DRIVERS\lsi_fc.sys

\SystemRoot\system32\DRIVERS\lsi_sas2.sys

\SystemRoot\system32\DRIVERS\lsi_scsi.sys

\SystemRoot\system32\DRIVERS\megasas.sys

\SystemRoot\system32\DRIVERS\MegaSR.sys

\SystemRoot\system32\DRIVERS\nfrd960.sys

\SystemRoot\system32\drivers\nvstor.sys

\SystemRoot\system32\DRIVERS\ql2300.sys

\SystemRoot\system32\DRIVERS\ql40xx.sys

\SystemRoot\system32\DRIVERS\SiSRaid2.sys

\SystemRoot\system32\DRIVERS\sisraid4.sys

\SystemRoot\system32\DRIVERS\stexstor.sys

\SystemRoot\system32\DRIVERS\vsmraid.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wd.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\system32\drivers\sbp2port.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\system32\DRIVERS\hpdskflt.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\usbuhci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\mouclass.sys

\SystemRoot\system32\DRIVERS\enecir.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\Accelerometer.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\circlass.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\drivers\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\stwrt64.sys

\SystemRoot\system32\DRIVERS\portcls.sys

\SystemRoot\system32\DRIVERS\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\IntcHdmi.sys

\SystemRoot\system32\DRIVERS\hidir.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\drivers\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\exfat.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\ewusbdev.sys

\SystemRoot\system32\DRIVERS\ewusbmdm.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa80049f9510

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\000000b5\

Lower Device Object: 0xfffffa80049f7780

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8004c0b560

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xfffffa8004ad11f0

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2012.12.17.08

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8004c0b560, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004c0b090, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004c0b560, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004c04a80, DeviceName: Unknown, DriverName: \Driver\hpdskflt\

DevicePointer: 0xfffffa8004adf520, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8004ad11f0, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xfffff8a00cb14880, 0xfffffa8004c0b560, 0xfffffa800442c470

Lower DeviceData: 0xfffff8a00fe698c0, 0xfffffa8004ad11f0, 0xfffffa80064a0cf0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 2169E425

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 407552

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 409600 Numsec = 503810048

Partition 2 type is Extended with LBA (0xf)

Partition is NOT ACTIVE.

Partition starts at LBA: 504219648 Numsec = 445786112

Partition 3 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 950005760 Numsec = 26765312

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa80049f9510, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80049f4040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80049f9510, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80049f7780, DeviceName: \Device\000000b5\, DriverName: \Driver\USBSTOR\

------------ End ----------

Done!

Performing system, memory and registry scan...

Read File: File "C:\ProgramData\{10082F3C-B86A-4738-926E-9FF50850E795}\instance.dat" is compressed (flags = 1)

Read File: File "C:\ProgramData\{10082F3C-B86A-4738-926E-9FF50850E795}\Setup.dat" is compressed (flags = 1)

Done!

Scan finished

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

Java version: 1.6.0_29

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 2.194000 GHz

Memory total: 4193452032, free: 2753482752

------------ Kernel report ------------

12/18/2012 00:07:42

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\isapnp.sys

\SystemRoot\system32\drivers\mpio.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\intelide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\aliide.sys

\SystemRoot\system32\drivers\amdide.sys

\SystemRoot\system32\drivers\cmdide.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\msdsm.sys

\SystemRoot\system32\drivers\nvraid.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\viaide.sys

\SystemRoot\system32\drivers\iaStorV.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\DRIVERS\lsi_sas.sys

\SystemRoot\system32\DRIVERS\storport.sys

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\HpSAMD.sys

\SystemRoot\system32\DRIVERS\adp94xx.sys

\SystemRoot\system32\DRIVERS\adpahci.sys

\SystemRoot\system32\DRIVERS\adpu320.sys

\SystemRoot\system32\drivers\amdsata.sys

\SystemRoot\system32\DRIVERS\amdsbs.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\DRIVERS\arc.sys

\SystemRoot\system32\DRIVERS\arcsas.sys

\SystemRoot\system32\DRIVERS\elxstor.sys

\SystemRoot\system32\DRIVERS\iirsp.sys

\SystemRoot\system32\DRIVERS\lsi_fc.sys

\SystemRoot\system32\DRIVERS\lsi_sas2.sys

\SystemRoot\system32\DRIVERS\lsi_scsi.sys

\SystemRoot\system32\DRIVERS\megasas.sys

\SystemRoot\system32\DRIVERS\MegaSR.sys

\SystemRoot\system32\DRIVERS\nfrd960.sys

\SystemRoot\system32\drivers\nvstor.sys

\SystemRoot\system32\DRIVERS\ql2300.sys

\SystemRoot\system32\DRIVERS\ql40xx.sys

\SystemRoot\system32\DRIVERS\SiSRaid2.sys

\SystemRoot\system32\DRIVERS\sisraid4.sys

\SystemRoot\system32\DRIVERS\stexstor.sys

\SystemRoot\system32\DRIVERS\vsmraid.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wd.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\system32\drivers\sbp2port.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\system32\DRIVERS\hpdskflt.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\usbuhci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\mouclass.sys

\SystemRoot\system32\DRIVERS\enecir.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\Accelerometer.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\circlass.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\drivers\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\stwrt64.sys

\SystemRoot\system32\DRIVERS\portcls.sys

\SystemRoot\system32\DRIVERS\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\IntcHdmi.sys

\SystemRoot\system32\DRIVERS\hidir.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\drivers\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\exfat.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\ewusbdev.sys

\SystemRoot\system32\DRIVERS\ewusbmdm.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa80049f9510

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\000000b5\

Lower Device Object: 0xfffffa80049f7780

Lower Device Driver Name: \Driver\USBSTOR\

Device already Exists: 0xfffffa80042be680

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8004c0b560

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xfffffa8004ad11f0

Lower Device Driver Name: \Driver\atapi\

Device already Exists: 0xfffffa80064a0cf0

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8004c0b560, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004c0b090, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004c0b560, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004c04a80, DeviceName: Unknown, DriverName: \Driver\hpdskflt\

DevicePointer: 0xfffffa8004adf520, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8004ad11f0, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xfffff8a003095dd0, 0xfffffa8004c0b560, 0xfffffa800442c470

Lower DeviceData: 0xfffff8a00fb5f6e0, 0xfffffa8004ad11f0, 0xfffffa80064a0cf0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 2169E425

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 407552

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 409600 Numsec = 503810048

Partition 2 type is Extended with LBA (0xf)

Partition is NOT ACTIVE.

Partition starts at LBA: 504219648 Numsec = 445786112

Partition 3 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 950005760 Numsec = 26765312

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa80049f9510, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80049f4040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80049f9510, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80049f7780, DeviceName: \Device\000000b5\, DriverName: \Driver\USBSTOR\

------------ End ----------

Done!

Performing system, memory and registry scan...

Read File: File "C:\ProgramData\{10082F3C-B86A-4738-926E-9FF50850E795}\instance.dat" is compressed (flags = 1)

Read File: File "C:\ProgramData\{10082F3C-B86A-4738-926E-9FF50850E795}\Setup.dat" is compressed (flags = 1)

Done!

Scan finished

*******************************************************************************************************************************************************************************************************************************

DDS log

********************************************************************************************************************************************************************************************************************************

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29

Run by Samuael at 0:25:57 on 2012-12-18

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2495 [GMT 5.5:30]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Web Secure\svcsec.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Users\Samuael\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Users\Samuael\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Tata Photon+\Huawei\Tata Photon+.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\notepad.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Samuael\Desktop\Forum_antivirus_Suggestion\Sug2\mbar\mbar.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

uSearchAssistant = hxxp://www.google.com/ie

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} -

TB: Veoh Video Compass: {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: AVG Security Toolbar: {A057A204-BACC-4D26-9990-79A187E2698E} -

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [googletalk] C:\Users\Samuael\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

uRun: [Picasa Media Detector] C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe

uRun: [Facebook Update] "C:\Users\Samuael\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [Mobile Partner] "C:\Program Files (x86)\Tata Photon+\Huawei\Tata Photon+.exe"

uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s

uRun: [Google Update] "C:\Users\Samuael\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [NPAV4] "C:\PROGRA~2\NETPRO~1\NPAV4.exe"

mRunOnce: [Z1] C:\Users\Samuael\Desktop\Forum_antivirus_Suggestion\Sug2\mbar\mbar.exe /cleanup /s

StartupFolder: C:\Users\Samuael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Samuael\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:1

uPolicies-Explorer: HideSCAHealth = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: WallpaperStyle = 2

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: Interfaces\{59539C22-14B6-454A-AF1A-453717E44AED} : NameServer = 121.242.190.181 121.242.190.210

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Notify: cscdil - wlnotfy.dll

Notify: NPLogon - NPlogon.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Samuael\AppData\Roaming\Mozilla\Firefox\Profiles\r5c906mx.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=112212

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=112212&q=

FF - component: C:\Program Files (x86)\Customized Platform Advancer\4.1.0.1960\FF\components\CPAFFAddOn.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll

FF - component: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - component: C:\Program Files (x86)\Web Search Operator\4.1.0.2080\FF\components\WSOFFAddOn.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: C:\Users\Samuael\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll

FF - plugin: C:\Users\Samuael\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Samuael\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\Samuael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Samuael\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

.

============= SERVICES / DRIVERS ===============

.

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-8-25 89600]

R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-9 30520]

R2 Network Web Monitor;Network Web Monitor;C:\Program Files (x86)\Web Secure\svcsec.exe [2010-12-12 258048]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]

R2 UDisk Monitor;UDisk Monitor;C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe [2011-11-12 405504]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-9 228408]

R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]

R3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2010-7-12 114304]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-5-26 138752]

R3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2012-12-18 36680]

R3 mbamswissarmy;mbamswissarmy;C:\Windows\System32\drivers\mbamswissarmy.sys [2012-12-18 150640]

S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2011-12-5 95416]

S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-12-13 21712]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-25 216576]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-25 233472]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2011-12-5 203320]

S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudobex.sys [2011-12-5 203320]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-22 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-30 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-11 389120]

S3 ztemtusbser;ZTEMT Legacy Serial Communication;C:\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys [2011-11-12 120704]

S3 zteusbser;ZTE USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\ztemtusbser.sys [2010-2-21 118784]

.

=============== File Associations ===============

.

FileExt: .scr: scrfile="%1" %*

.

=============== Created Last 30 ================

.

2012-12-17 18:37:41 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2012-12-17 18:37:41 150640 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys

2012-12-17 17:50:42 -------- d-----w- C:\Windows\ERUNT

2012-12-17 17:49:26 -------- d-----w- C:\JRT

2012-12-13 18:29:15 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS

2012-12-13 18:29:15 -------- d-----w- C:\Users\Samuael\AppData\Local\eSupport.com

2012-12-12 06:59:02 -------- d-----w- C:\Users\Samuael\AppData\Roaming\Malwarebytes

2012-12-12 06:58:35 -------- d-----w- C:\ProgramData\Malwarebytes

2012-12-12 06:58:34 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-12 06:58:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-09 16:23:31 -------- d-----w- C:\ProgramData\C4EC4F14FE28194C0000C4EB8A301FF8

2012-11-22 05:30:31 -------- d-----r- C:\Program Files (x86)\Skype

.

==================== Find3M ====================

.

.

============= FINISH: 0:26:36.38 ===============

***************************************************************************************************************************************************************************************************************************************************

Link to post
Share on other sites

Hi Maniac,

Sorry I guess I missed the Malwarebytes Anti-Rootkit log

Below is the mentioned log.

******************************************************************************************************************************************************************************************************************************

Malwarebytes Anti-Rootkit log

******************************************************************************************************************************************************************************************************************************

Malwarebytes Anti-Rootkit 1.01.0.1011

www.malwarebytes.org

Database version: v2012.12.17.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Samuael :: SAMUAEL-PC [administrator]

18/12/2012 12:19:57 AM

mbar-log-2012-12-18 (00-19-57).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 29980

Time elapsed: 12 minute(s), 2 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Thanks!

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.