Jump to content

Need help removing malware


Recommended Posts

I downloaded Freecorder 4, not realizing it also downloaded price gong malware with it. I would like help in removing both from my laptop, so hopefully it can be done right the first time. I have attached or pasted the requested logs/files.

Thanks for your help in advance!

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6001

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

3/9/2011 10:54:04 AM

mbam-log-2011-03-09 (10-54-04).txt

Scan type: Quick scan

Objects scanned: 178381

Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by Julie at 11:12:02.03 on Wed 03/09/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.875 [GMT -6:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Windows\system32\taskhost.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\SpywareGuard\sgmain.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\SpywareGuard\sgbhp.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Freecorder\FLVSrvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\conhost.exe

c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files (x86)\AVG\AVG10\avgcsrvx.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Julie\Desktop\Security\dds.scr

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://att.my.yahoo.com/

uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll

mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll

mWinlogon: Userinit=userinit.exe,

BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [<NO NAME>]

mRun: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\Common\eReg.exe

StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYWAR~1.LNK - C:\Program Files (x86)\SpywareGuard\sgmain.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe

mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe

mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

mRun-x64: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-16 55280]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-10 98208]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-8-10 35104]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-8-10 172704]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-10 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-10 158976]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-10 271872]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-8-10 74280]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]

R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]

R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-8-27 34032]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]

R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-5 39832]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-10 136176]

S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-10-9 121416]

S3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-10-9 125512]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2009-10-9 43032]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-8-10 245792]

S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2009-3-31 227840]

S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\System32\drivers\swumxa3.sys [2009-5-4 198528]

.

=============== Created Last 30 ================

.

2011-03-04 15:23:09 -------- d-----w- C:\Users\Julie\AppData\Local\Secunia PSI

2011-03-04 15:22:27 -------- d-----w- C:\Program Files (x86)\Secunia

2011-02-24 09:02:24 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2011-02-24 09:02:24 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2011-02-23 20:49:21 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-02-23 20:49:21 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-02-23 20:49:21 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-02-23 20:49:21 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-02-20 12:58:42 53248 ----a-r- C:\Users\Julie\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-02-20 12:50:54 190992 ----a-w- C:\Windows\System32\BtCoreIf.dll

2011-02-20 12:50:47 95760 ----a-w- C:\Windows\System32\KemXML.dll

2011-02-20 12:50:47 235536 ----a-w- C:\Windows\System32\kemutb.dll

2011-02-20 12:50:47 232976 ----a-w- C:\Windows\System32\KemUtil.dll

2011-02-20 12:50:47 158736 ----a-w- C:\Windows\System32\KemWnd.dll

2011-02-13 00:27:38 -------- d-----w- C:\PROGRA~3\Big Fish Games

2011-02-13 00:27:36 -------- d-----w- C:\Program Files (x86)\bfgclient

2011-02-13 00:26:46 -------- d-----w- C:\BigFishGamesCache

2011-02-10 14:31:39 -------- d-----w- C:\Users\Julie\AppData\Local\Google

2011-02-10 14:30:36 -------- d-----w- C:\Windows\SysWow64\Adobe

2011-02-09 12:24:15 714752 ----a-w- C:\Windows\System32\kerberos.dll

.

==================== Find3M ====================

.

2011-03-04 15:29:21 521448 ----a-w- C:\Windows\System32\deployJava1.dll

2011-02-03 03:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll

2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys

2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll

2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll

2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll

2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll

2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll

2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll

2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll

2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll

2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll

2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll

2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll

2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll

2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll

2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll

2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll

2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll

2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec

2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 11:14:02.68 ===============

ark.zipAttach.zip

Link to post
Share on other sites

Hello jmwcrna! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

I downloaded Freecorder 4, not realizing it also downloaded price gong malware with it.

Why do you think so?

Please, uninstall the following applications:

  1. Conduit Engine
  2. Freecorder
  3. Freecorder Toolbar

You can read, how to do this here:

In your next reply, please post the following logs:

  1. a new fresh DDS log only

Link to post
Share on other sites

Hello jmwcrna! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

Why do you think so?

Please, uninstall the following applications:

  1. Conduit Engine
  2. Freecorder
  3. Freecorder Toolbar

You can read, how to do this here:

In your next reply, please post the following logs:

  1. a new fresh DDS log only

I know it installed with Freecorder because it was the only thing I had downloaded and then suddenly there were these annoying pop-ups. Then I googled it and lots of people had the same thing happen, but had a hard time uninstalling everything. This is my new DDS log:

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by Julie at 21:58:39.42 on Wed 03/09/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.251 [GMT -6:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\SpywareGuard\sgmain.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\SpywareGuard\sgbhp.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\conhost.exe

c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Julie\Desktop\Security\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://att.my.yahoo.com/

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [<NO NAME>]

mRun: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\Common\eReg.exe

StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYWAR~1.LNK - C:\Program Files (x86)\SpywareGuard\sgmain.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe

mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe

mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

mRun-x64: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-16 55280]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-10 98208]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-10 993848]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-10 399416]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-10 689472]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-10 2320920]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-8-10 35104]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-8-10 172704]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-10 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-10 158976]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-10 271872]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-8-10 74280]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]

R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]

R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-8-27 34032]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]

R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-5 39832]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-10 136176]

S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-10-9 121416]

S3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-10-9 125512]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2009-10-9 43032]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-8-10 245792]

S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2009-3-31 227840]

S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\System32\drivers\swumxa3.sys [2009-5-4 198528]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-17 1255736]

.

=============== Created Last 30 ================

.

2011-03-04 15:23:09 -------- d-----w- C:\Users\Julie\AppData\Local\Secunia PSI

2011-03-04 15:22:27 -------- d-----w- C:\Program Files (x86)\Secunia

2011-02-24 09:02:24 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2011-02-24 09:02:24 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2011-02-23 20:49:21 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-02-23 20:49:21 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-02-23 20:49:21 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-02-23 20:49:21 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-02-20 12:58:42 53248 ----a-r- C:\Users\Julie\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-02-20 12:50:54 190992 ----a-w- C:\Windows\System32\BtCoreIf.dll

2011-02-20 12:50:47 95760 ----a-w- C:\Windows\System32\KemXML.dll

2011-02-20 12:50:47 235536 ----a-w- C:\Windows\System32\kemutb.dll

2011-02-20 12:50:47 232976 ----a-w- C:\Windows\System32\KemUtil.dll

2011-02-20 12:50:47 158736 ----a-w- C:\Windows\System32\KemWnd.dll

2011-02-13 00:27:38 -------- d-----w- C:\PROGRA~3\Big Fish Games

2011-02-13 00:26:46 -------- d-----w- C:\BigFishGamesCache

2011-02-10 14:31:39 -------- d-----w- C:\Users\Julie\AppData\Local\Google

2011-02-10 14:30:36 -------- d-----w- C:\Windows\SysWow64\Adobe

2011-02-09 12:24:15 714752 ----a-w- C:\Windows\System32\kerberos.dll

.

==================== Find3M ====================

.

2011-03-04 15:29:21 521448 ----a-w- C:\Windows\System32\deployJava1.dll

2011-02-03 03:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll

2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys

2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll

2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll

2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll

2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll

2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll

2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll

2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll

2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll

2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll

2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll

2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll

2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll

2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll

2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll

2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll

2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll

2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec

2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 21:59:27.19 ===============

Link to post
Share on other sites

It's good to know your opinion, but at the same time it is necessary to know what exactly are your problems. Only annoying pop-ups?

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

In your next reply, please post the following logs:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log only

Link to post
Share on other sites

Sorry, the main symptom besides the pop-ups was very slow loading of pages. Here are the two logs:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6014

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

3/10/2011 7:31:35 PM

mbam-log-2011-03-10 (19-31-35).txt

Scan type: Quick scan

Objects scanned: 178874

Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by Julie at 19:36:05.76 on Thu 03/10/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.468 [GMT -6:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\SpywareGuard\sgmain.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\SpywareGuard\sgbhp.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\conhost.exe

c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\calc.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files (x86)\AVG\AVG10\avgcsrvx.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Julie\Desktop\Security\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://att.my.yahoo.com/

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [<NO NAME>]

mRun: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\Common\eReg.exe

StartupFolder: C:\Users\Julie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYWAR~1.LNK - C:\Program Files (x86)\SpywareGuard\sgmain.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe

mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe

mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

mRun-x64: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-16 55280]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-10 98208]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-10 993848]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-10 399416]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-10 689472]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-10 2320920]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-8-10 35104]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-8-10 172704]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-10 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-10 158976]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-10 271872]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-8-10 74280]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]

R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]

R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-8-27 34032]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]

R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-5 39832]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-10-9 121416]

S3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-10-9 125512]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2009-10-9 43032]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-8-10 245792]

S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2009-3-31 227840]

S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\System32\drivers\swumxa3.sys [2009-5-4 198528]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-17 1255736]

.

=============== Created Last 30 ================

.

2011-03-04 15:23:09 -------- d-----w- C:\Users\Julie\AppData\Local\Secunia PSI

2011-03-04 15:22:27 -------- d-----w- C:\Program Files (x86)\Secunia

2011-02-24 09:02:24 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2011-02-24 09:02:24 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2011-02-23 20:49:21 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-02-23 20:49:21 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-02-23 20:49:21 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-02-23 20:49:21 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-02-20 12:58:42 53248 ----a-r- C:\Users\Julie\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-02-20 12:50:54 190992 ----a-w- C:\Windows\System32\BtCoreIf.dll

2011-02-20 12:50:47 95760 ----a-w- C:\Windows\System32\KemXML.dll

2011-02-20 12:50:47 235536 ----a-w- C:\Windows\System32\kemutb.dll

2011-02-20 12:50:47 232976 ----a-w- C:\Windows\System32\KemUtil.dll

2011-02-20 12:50:47 158736 ----a-w- C:\Windows\System32\KemWnd.dll

2011-02-13 00:27:38 -------- d-----w- C:\PROGRA~3\Big Fish Games

2011-02-13 00:26:46 -------- d-----w- C:\BigFishGamesCache

2011-02-10 14:31:39 -------- d-----w- C:\Users\Julie\AppData\Local\Google

2011-02-10 14:30:36 -------- d-----w- C:\Windows\SysWow64\Adobe

2011-02-09 12:24:15 714752 ----a-w- C:\Windows\System32\kerberos.dll

.

==================== Find3M ====================

.

2011-03-04 15:29:21 521448 ----a-w- C:\Windows\System32\deployJava1.dll

2011-02-03 03:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll

2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys

2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll

2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll

2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll

2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll

2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll

2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll

2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll

2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll

2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll

2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll

2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll

2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll

2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll

2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll

2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll

2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll

2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec

2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 19:37:06.94 ===============

Link to post
Share on other sites

Thanks!

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    ----------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  • Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Will be leaving for Spring Break this morning, internet access may be iffy in the mts. I'll keep trying, but it may take me a day or two between posts. Thank you. . .

ComboFix 11-03-11.02 - Julie 03/12/2011 8:13.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.244 [GMT -6:00]

Running from: c:\users\Julie\Desktop\Combo-Fix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Julie\g2mdlhlpx.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-02-12 to 2011-03-12 )))))))))))))))))))))))))))))))

.

.

2011-03-12 14:18 . 2011-03-12 14:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-12 14:10 . 2011-03-12 14:10 -------- d-----w- C:\32788R22FWJFW

2011-03-11 16:10 . 2011-03-11 16:10 -------- d-----w- c:\windows\en

2011-03-11 16:06 . 2011-03-11 16:06 -------- d-----w- c:\program files\Windows Live

2011-03-11 16:05 . 2011-03-11 16:05 -------- d-----w- c:\program files (x86)\MSN Toolbar

2011-03-11 16:04 . 2011-03-11 16:05 -------- d-----w- c:\program files (x86)\Bing Bar Installer

2011-03-11 16:04 . 2009-09-04 23:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll

2011-03-11 16:04 . 2009-09-04 23:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll

2011-03-11 16:04 . 2009-09-04 23:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2011-03-11 16:04 . 2009-09-04 23:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-03-11 16:04 . 2006-11-29 19:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll

2011-03-11 16:04 . 2006-11-29 19:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll

2011-03-11 15:53 . 2011-03-11 15:53 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\74968ec51cbe0042d\InstallManager_WLE_WLE.exe

2011-03-11 15:53 . 2011-03-11 15:53 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\66498a601cbe00422\MeshBetaRemover.exe

2011-03-11 15:52 . 2011-03-11 15:52 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5a1b3fb91cbe0041a\DSETUP.dll

2011-03-11 15:52 . 2011-03-11 15:52 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5a1b3fb91cbe0041a\DXSETUP.exe

2011-03-11 15:52 . 2011-03-11 15:52 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5a1b3fb91cbe0041a\dsetup32.dll

2011-03-11 15:52 . 2011-03-11 15:52 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\578ca54e1cbe00419\DSETUP.dll

2011-03-11 15:52 . 2011-03-11 15:52 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\578ca54e1cbe00419\DXSETUP.exe

2011-03-11 15:52 . 2011-03-11 15:52 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\578ca54e1cbe00419\dsetup32.dll

2011-03-11 15:51 . 2011-03-11 15:51 -------- d-----w- c:\users\Julie\AppData\Local\Windows Live

2011-03-11 15:45 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll

2011-03-11 15:45 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll

2011-03-11 15:45 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll

2011-03-11 15:45 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-03-11 15:45 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll

2011-03-11 15:45 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-11 15:45 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll

2011-03-11 15:45 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax

2011-03-11 15:45 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll

2011-03-11 15:45 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll

2011-03-11 15:45 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe

2011-03-11 15:45 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe

2011-03-11 15:43 . 2011-03-11 15:43 -------- d-----w- c:\users\Julie\AppData\Local\WindowsUpdate

2011-03-04 17:05 . 2011-03-04 17:05 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2011-03-04 16:48 . 2011-03-04 16:48 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2011-03-04 15:29 . 2011-03-04 15:29 -------- d-----w- c:\program files\Java

2011-03-04 15:23 . 2011-03-04 15:23 -------- d-----w- c:\users\Julie\AppData\Local\Secunia PSI

2011-03-04 15:22 . 2011-03-04 15:22 -------- d-----w- c:\program files (x86)\Secunia

2011-02-24 09:02 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2011-02-24 09:02 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2011-02-23 20:49 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll

2011-02-23 20:49 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-23 20:49 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2011-02-23 20:49 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2011-02-22 06:22 . 2011-02-22 06:22 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-02-20 12:59 . 2011-02-20 12:59 -------- d-----w- c:\users\Julie\AppData\Roaming\Logitech

2011-02-20 12:58 . 2011-02-20 12:58 -------- d-----w- c:\users\Julie\AppData\Roaming\Leadertech

2011-02-20 12:58 . 2011-02-20 12:58 53248 ----a-r- c:\users\Julie\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-02-20 12:58 . 2011-02-20 12:58 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd

2011-02-20 12:50 . 2008-05-02 08:46 190992 ----a-w- c:\windows\system32\BtCoreIf.dll

2011-02-20 12:50 . 2008-05-02 08:47 95760 ----a-w- c:\windows\system32\KemXML.dll

2011-02-20 12:50 . 2008-05-02 08:47 158736 ----a-w- c:\windows\system32\KemWnd.dll

2011-02-20 12:50 . 2008-05-02 08:47 232976 ----a-w- c:\windows\system32\KemUtil.dll

2011-02-20 12:50 . 2008-05-02 08:47 235536 ----a-w- c:\windows\system32\kemutb.dll

2011-02-20 12:50 . 2011-02-20 12:50 -------- d-----w- c:\programdata\Logitech

2011-02-20 12:50 . 2011-02-20 12:51 -------- d-----w- c:\program files\Common Files\Logishrd

2011-02-20 12:50 . 2011-02-20 12:50 -------- d-----w- c:\program files\Logitech

2011-02-20 12:50 . 2011-02-20 12:50 -------- d-----w- c:\users\Julie\AppData\Roaming\InstallShield

2011-02-20 12:49 . 2011-02-20 12:49 -------- d-----w- c:\programdata\LogiShrd

2011-02-15 12:01 . 2011-02-15 12:01 -------- d-----w- c:\users\Mcx1-JULIE-DELL

2011-02-13 00:27 . 2011-03-10 03:35 -------- d-----w- c:\programdata\Big Fish Games

2011-02-13 00:26 . 2011-03-10 03:35 -------- d-----w- C:\BigFishGamesCache

2011-02-10 14:31 . 2011-03-10 03:38 -------- d-----w- c:\users\Julie\AppData\Local\Google

2011-02-10 14:31 . 2011-03-11 17:12 -------- d-----w- c:\program files\Google

2011-02-10 14:31 . 2011-03-11 17:12 -------- d-----w- c:\program files (x86)\Google

2011-02-10 14:30 . 2011-02-10 14:31 -------- d-----w- c:\windows\SysWow64\Adobe

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-04 15:29 . 2010-08-10 08:56 521448 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-15 11:59 . 2010-08-27 17:57 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-02-03 03:40 . 2010-08-10 08:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-01-07 08:06 . 2011-02-09 12:24 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 07:27 . 2011-02-09 12:24 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2011-01-07 05:49 . 2011-02-09 12:24 366080 ----a-w- c:\windows\system32\atmfd.dll

2011-01-07 05:33 . 2011-02-09 12:24 294400 ----a-w- c:\windows\SysWow64\atmfd.dll

2011-01-05 06:20 . 2011-02-09 12:24 612352 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 05:37 . 2011-02-09 12:24 428032 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-01-05 04:00 . 2011-02-09 12:24 3127808 ----a-w- c:\windows\system32\win32k.sys

2010-12-21 06:16 . 2011-02-09 12:24 97280 ----a-w- c:\windows\system32\wscsvc.dll

2010-12-21 06:16 . 2011-02-09 12:24 62976 ----a-w- c:\windows\system32\wscapi.dll

2010-12-21 06:16 . 2011-02-09 12:24 214016 ----a-w- c:\windows\system32\winsrv.dll

2010-12-21 06:16 . 2011-02-09 12:24 442880 ----a-w- c:\windows\system32\winhttp.dll

2010-12-21 06:16 . 2011-02-09 12:24 1197056 ----a-w- c:\windows\system32\wininet.dll

2010-12-21 06:16 . 2011-02-09 12:24 258048 ----a-w- c:\windows\system32\WebClnt.dll

2010-12-21 06:15 . 2011-02-09 12:24 264192 ----a-w- c:\windows\system32\upnp.dll

2010-12-21 06:15 . 2011-02-09 12:24 15360 ----a-w- c:\windows\system32\slwga.dll

2010-12-21 06:13 . 2011-02-09 12:24 2003968 ----a-w- c:\windows\system32\msxml6.dll

2010-12-21 06:13 . 2011-02-09 12:24 1880576 ----a-w- c:\windows\system32\msxml3.dll

2010-12-21 06:10 . 2011-02-09 12:24 100864 ----a-w- c:\windows\system32\davclnt.dll

2010-12-21 05:38 . 2011-02-09 12:24 51200 ----a-w- c:\windows\SysWow64\wscapi.dll

2010-12-21 05:38 . 2011-02-09 12:24 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2010-12-21 05:38 . 2011-02-09 12:24 350720 ----a-w- c:\windows\SysWow64\winhttp.dll

2010-12-21 05:38 . 2011-02-09 12:24 204800 ----a-w- c:\windows\SysWow64\WebClnt.dll

2010-12-21 05:38 . 2011-02-09 12:24 204288 ----a-w- c:\windows\SysWow64\upnp.dll

2010-12-21 05:38 . 2011-02-09 12:24 14336 ----a-w- c:\windows\SysWow64\slwga.dll

2010-12-21 05:36 . 2011-02-09 12:24 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2010-12-21 05:36 . 2011-02-09 12:24 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2010-12-21 05:34 . 2011-02-09 12:24 80384 ----a-w- c:\windows\SysWow64\davclnt.dll

2010-12-21 00:09 . 2010-08-15 01:14 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2010-12-21 00:08 . 2010-08-15 01:14 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-18 06:11 . 2011-02-10 09:07 57856 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-18 06:11 . 2011-02-09 12:24 714752 ----a-w- c:\windows\system32\kerberos.dll

2010-12-18 05:29 . 2011-02-10 09:07 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2010-12-18 05:29 . 2011-02-09 12:24 541184 ----a-w- c:\windows\SysWow64\kerberos.dll

2010-12-18 04:55 . 2011-02-10 09:07 482816 ----a-w- c:\windows\system32\html.iec

2010-12-18 04:20 . 2011-02-10 09:07 386048 ----a-w- c:\windows\SysWow64\html.iec

2010-12-18 04:13 . 2011-02-10 09:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-12-18 03:47 . 2011-02-10 09:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]

"AT&T Communication Manager"="c:\program files (x86)\AT&T\Communication Manager\ATTCM.exe" [2009-10-09 883272]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]

.

c:\users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

SpywareGuard.lnk - c:\program files (x86)\SpywareGuard\sgmain.exe [2003-8-29 360448]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2010-7-26 546360]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-2-20 1196048]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-10-09 121416]

R3 CAATT;AT&T Con App Svc;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-10-09 125512]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-01-19 315664]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]

R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [x]

R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-03 10038304]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-08 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-08 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-08 413720]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-19 1926928]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://att.my.yahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-03-12 08:21:14

ComboFix-quarantined-files.txt 2011-03-12 14:21

.

Pre-Run: 427,555,708,928 bytes free

Post-Run: 427,137,966,080 bytes free

.

- - End Of File - - 7D0A7444BB2C62B3B2EADD34C212F89C

Link to post
Share on other sites

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

Glad I could help! :)

Last steps:

Step 1

Go to Start => Run... and copy & paste next command in the field:

ComboFix /uninstall

Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

Note: Make sure there's a space between ComboFix and /uninstall

Step 2

Please manually delete DDS and GMER.

Step 3

Keep your software up-to-date:

http://www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :)

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.