Jump to content

Recommended Posts

I kept getting a IP block saying that its blocking the IP 208.73.210.29. I followed the instructions on http://forums.malwarebytes.org//index.php?showtopic=9573 and heres the results of the DDS.txt, log files, and GMER files.

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by PowerSpec at 15:59:29 on 2011-05-19

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.826 [GMT -6:00]

.

AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\CyberLink\Shared files\brs.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\PowerSpec\Downloads\dds.scr

C:\Windows\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

uDefault_Search_URL = hxxp://www.google.com/ie

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.yahoo.com/

uWindow Title = Windows Internet Explorer provided by Yahoo!

mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll

BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\videod~1\ARCURL~1.DLL

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: ToolbarBHO Class: {9519af7e-638d-4933-bad6-d33d23c79fe5} - c:\progra~1\arcsoft\rawthu~1\EXIFTO~1.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll

TB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - c:\progra~1\arcsoft\rawthu~1\EXIFTO~1.DLL

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet

uRun: [DriverScanner] "c:\program files\uniblue\driverscanner\launcher.exe" delay 20000

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [AdobeBridge]

uRun: [Google Update] "c:\users\powerspec\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [skytel] Skytel.exe

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [D-Link D-Link RangeBooster N DWA-140] c:\program files\d-link\d-link rangebooster n dwa-140\AirNCFG.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"

mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"

mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"

mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart

mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"

mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun

mRun: [updatePSTShortCut] "c:\program files\cyberlink\blu-ray disc suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\blu-ray disc suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [MDS_Menu] "c:\program files\cyberlink\mediashow4\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\mediashow4" updatewithcreateonce "software\cyberlink\mediashow\4.1"

mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"

mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\1.0"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

StartupFolder: c:\users\powers~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dragon~1.lnk - c:\program files\nuance\naturallyspeaking10\program\natspeak.exe

StartupFolder: c:\users\powers~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Read EXIF - c:\program files\arcsoft\raw thumbnail viewer\ArcEXIFM.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\powerspec\appdata\roaming\mozilla\firefox\profiles\j1imn1e6.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - component: c:\program files\arcsoft\raw thumbnail viewer\firefox extension\components\FirefoxMenu.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - component: c:\users\powerspec\appdata\roaming\mozilla\firefox\profiles\j1imn1e6.default\extensions\firedownload@mozilla.org\components\firedownload.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\powerspec\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\users\powerspec\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\users\powerspec\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\powerspec\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

============= SERVICES / DRIVERS ===============

.

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-12-29 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-12-29 67656]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/09/25 19:00:25];c:\program files\cyberlink\powerdvd8\000.fcl [2010-1-12 87536]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-2-6 727720]

R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-2-6 38240]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]

R3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2010-10-1 52096]

R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2009-8-6 750592]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1cac8862024ef01;Google Update Service (gupdate1cac8862024ef01);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 133104]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-23 363344]

S2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 133104]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-23 20952]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 Mrvleap;MARVELL EAP Driver;c:\windows\system32\drivers\mrveap32.sys [2008-6-2 15360]

S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2008-10-8 3328]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-13 15872]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-12-29 12872]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-13 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-13 1343400]

.

=============== Created Last 30 ================

.

2011-05-17 14:40:38 7071056 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9fd163b5-149d-4126-84af-ff2771bfc62c}\mpengine.dll

2011-05-15 18:14:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-12 16:07:45 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-05-11 16:04:27 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-05-11 16:04:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-11 02:05:05 -------- d-----w- c:\users\powerspec\appdata\local\DDMSettings

2011-05-10 20:01:20 -------- d-----w- c:\users\powerspec\appdata\local\ElevatedDiagnostics

2011-05-04 22:27:47 -------- d-----w- c:\program files\common files\DivX Shared

2011-04-27 20:34:59 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-04-27 20:34:47 1699328 ----a-w- c:\windows\system32\esent.dll

2011-04-27 20:34:46 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-04-27 20:34:46 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-04-27 20:34:46 148864 ----a-w- c:\windows\system32\drivers\storport.sys

2011-04-27 20:34:46 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-04-27 20:34:46 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-04-27 20:34:45 74240 ----a-w- c:\windows\system32\fsutil.exe

2011-04-27 20:34:45 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-04-27 20:34:45 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-04-27 20:34:40 870912 ----a-w- c:\windows\system32\XpsPrint.dll

2011-04-27 20:34:37 2616320 ----a-w- c:\windows\explorer.exe

2011-04-25 00:22:32 -------- d-----w- c:\program files\iPod

2011-04-25 00:22:28 -------- d-----w- c:\program files\iTunes

2011-04-25 00:18:07 -------- d-----w- c:\program files\Bonjour

2011-04-23 22:23:27 -------- d-----w- c:\users\powerspec\appdata\roaming\Malwarebytes

2011-04-23 22:23:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-23 22:23:15 -------- d-----w- c:\programdata\Malwarebytes

2011-04-23 22:23:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-23 22:23:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-13 16:55:56 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-04-06 22:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 22:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-03 05:38:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-03-03 05:36:16 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-03-03 03:42:34 2333184 ----a-w- c:\windows\system32\win32k.sys

2011-02-24 05:38:54 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-23 04:48:17 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-23 04:48:01 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-02-23 04:47:54 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-02-23 04:47:45 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-02-23 04:47:40 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-02-23 04:47:36 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-23 04:47:33 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-02-19 06:30:54 805376 ----a-w- c:\windows\system32\FntCache.dll

2011-02-19 06:30:51 1076736 ----a-w- c:\windows\system32\DWrite.dll

2011-02-19 06:30:50 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-02-19 06:30:46 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-19 04:34:54 294912 ----a-w- c:\windows\system32\atmfd.dll

.

============= FINISH: 16:01:17.61 ===============

11:05:22 PowerSpec MESSAGE Protection started successfully

11:05:27 PowerSpec MESSAGE IP Protection started successfully

11:06:36 PowerSpec MESSAGE Scheduled update executed successfully

11:08:38 PowerSpec MESSAGE IP Protection stopped

11:08:42 PowerSpec MESSAGE Database updated successfully

11:08:44 PowerSpec MESSAGE IP Protection started successfully

11:31:00 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49276, Process: firefox.exe)

11:47:43 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49651, Process: iexplore.exe)

11:47:43 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49652, Process: iexplore.exe)

12:16:05 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49739, Process: iexplore.exe)

12:16:05 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49740, Process: iexplore.exe)

12:16:37 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49752, Process: iexplore.exe)

12:16:37 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49753, Process: iexplore.exe)

12:16:45 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49767, Process: iexplore.exe)

12:17:09 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49778, Process: iexplore.exe)

12:17:09 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49779, Process: iexplore.exe)

12:17:17 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49796, Process: iexplore.exe)

12:17:50 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49805, Process: iexplore.exe)

12:17:50 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49806, Process: iexplore.exe)

12:17:50 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49830, Process: iexplore.exe)

12:18:14 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49843, Process: iexplore.exe)

12:18:14 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49844, Process: iexplore.exe)

12:18:22 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49870, Process: iexplore.exe)

15:09:20 PowerSpec MESSAGE Protection started successfully

15:09:25 PowerSpec MESSAGE IP Protection started successfully

15:16:06 PowerSpec MESSAGE Protection started successfully

15:16:10 PowerSpec MESSAGE IP Protection started successfully

15:22:59 PowerSpec MESSAGE Protection started successfully

15:23:04 PowerSpec MESSAGE IP Protection started successfully

15:23:18 PowerSpec IP-BLOCK 204.13.161.51 (Type: outgoing, Port: 49212, Process: firefox.exe)

15:35:04 PowerSpec IP-BLOCK 89.248.160.175 (Type: outgoing, Port: 49663, Process: firefox.exe)

15:35:04 PowerSpec IP-BLOCK 89.248.160.175 (Type: outgoing, Port: 49664, Process: firefox.exe)

15:41:13 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49971, Process: firefox.exe)

15:59:43 PowerSpec MESSAGE Protection started successfully

15:59:47 PowerSpec MESSAGE IP Protection started successfully

16:57:06 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49235, Process: firefox.exe)

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Does the block occur when you try to access a particular site?

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Does the block occur when you try to access a particular site?

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

It shows up randomly, from what Ive seen. Anyways, I followed your instructions and heres are the logs you requested.

Link to post
Share on other sites

  • Staff

Hi,

In the future, please post all logs directly into your reply instead of attaching them. With that said, next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi,

In the future, please post all logs directly into your reply instead of attaching them. With that said, next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Sorry about the attachment problems last time. Anyways, heres the log.txt.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

And the checkup.txt.

Results of screen317's Security Check version 0.99.11

Windows 7 Service Pack 1 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Smart Security

McAfee Security Scan Plus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 24

Out of date Java installed!

Adobe Flash Player 10.3.181.14

Adobe Reader 9.4.4

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java

Link to post
Share on other sites

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java

Link to post
Share on other sites

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

OK. Here is the ComboFix log.

ComboFix 11-05-31.01 - PowerSpec 05/31/2011 13:04:38.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.965 [GMT -6:00]

Running from: c:\users\PowerSpec\Desktop\ComboFix.exe

AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

FW: ESET Personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}

SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))

.

.

2011-05-31 19:18 . 2011-05-31 19:18 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-05-31 19:18 . 2011-05-31 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-31 15:08 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F90979F-B035-4B9C-B66F-0C470A389E1F}\mpengine.dll

2011-05-29 16:50 . 2011-05-31 15:05 -------- d-----w- c:\users\PowerSpec\AppData\Roaming\go

2011-05-29 16:50 . 2011-05-31 18:56 -------- d-----w- c:\programdata\Easybits GO

2011-05-28 04:56 . 2011-05-28 04:56 -------- d-----w- c:\program files\Common Files\Java

2011-05-28 04:55 . 2011-05-28 04:55 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-05-26 17:25 . 2011-05-26 17:25 -------- d-----w- c:\users\PowerSpec\AppData\Local\DDMSettings

2011-05-26 17:23 . 2011-05-26 17:23 -------- d-----w- c:\program files\Common Files\DivX Shared

2011-05-25 00:04 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-05-22 04:42 . 2011-05-22 04:42 -------- d-----w- c:\users\PowerSpec\AppData\Roaming\FLEXnet

2011-05-22 04:41 . 2011-05-22 04:41 -------- d-----w- c:\users\PowerSpec\AppData\Roaming\Nuance

2011-05-22 04:39 . 2011-05-22 04:39 -------- d-----w- c:\program files\Common Files\IVA

2011-05-22 04:39 . 2011-05-22 04:39 -------- d-----w- c:\program files\Common Files\Nuance

2011-05-22 04:37 . 2011-05-22 04:37 -------- d-----w- c:\programdata\Nuance

2011-05-15 18:14 . 2011-05-28 05:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-12 16:07 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-05-11 16:04 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-05-11 16:04 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-10 20:01 . 2011-05-10 20:01 -------- d-----w- c:\users\PowerSpec\AppData\Local\ElevatedDiagnostics

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-28 04:55 . 2010-05-05 18:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-13 17:01 . 2011-04-13 17:01 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-04-13 17:01 . 2011-04-13 17:01 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-04-13 17:01 . 2011-04-13 17:01 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-04-13 17:01 . 2011-04-13 17:01 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-04-13 17:01 . 2011-04-13 17:01 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-04-13 17:01 . 2011-04-13 17:01 367104 ----a-w- c:\windows\system32\html.iec

2011-04-13 17:01 . 2011-04-13 17:01 161792 ----a-w- c:\windows\system32\msls31.dll

2011-04-13 17:01 . 2011-04-13 17:01 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-04-13 17:01 . 2011-04-13 17:01 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-04-13 17:01 . 2011-04-13 17:01 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-04-13 17:01 . 2011-04-13 17:01 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-04-13 17:01 . 2011-04-13 17:01 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-04-13 17:01 . 2011-04-13 17:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-04-13 17:01 . 2011-04-13 17:01 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-13 17:01 . 2011-04-13 17:01 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-04-13 17:01 . 2011-04-13 17:01 152064 ----a-w- c:\windows\system32\wextract.exe

2011-04-13 17:01 . 2011-04-13 17:01 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-04-13 17:01 . 2011-04-13 17:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-04-13 17:01 . 2011-04-13 17:01 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-13 17:01 . 2011-04-13 17:01 11776 ----a-w- c:\windows\system32\mshta.exe

2011-04-13 17:01 . 2011-04-13 17:01 101888 ----a-w- c:\windows\system32\admparse.dll

2011-04-13 16:55 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-04-06 22:20 . 2011-04-06 22:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 22:20 . 2011-04-06 22:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-03-12 17:27 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-12 11:23 . 2011-04-27 20:34 870912 ----a-w- c:\windows\system32\XpsPrint.dll

2011-03-11 05:39 . 2011-04-27 20:34 148864 ----a-w- c:\windows\system32\drivers\storport.sys

2011-03-11 05:39 . 2011-04-27 20:34 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-03-11 05:39 . 2011-04-27 20:34 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-03-11 05:39 . 2011-04-27 20:34 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-03-11 05:38 . 2011-04-27 20:34 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-03-11 05:38 . 2011-04-27 20:34 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-03-11 05:38 . 2011-04-27 20:34 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-03-11 05:33 . 2011-04-13 15:56 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-11 05:33 . 2011-04-13 15:56 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-03-11 05:33 . 2011-04-27 20:34 1699328 ----a-w- c:\windows\system32\esent.dll

2011-03-11 05:31 . 2011-04-27 20:34 74240 ----a-w- c:\windows\system32\fsutil.exe

2011-03-08 05:28 . 2011-04-13 15:56 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-03 05:38 . 2011-04-13 15:57 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-03-03 05:36 . 2011-04-13 15:57 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-03-03 03:42 . 2011-04-13 15:57 2333184 ----a-w- c:\windows\system32\win32k.sys

2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll

2011-04-30 20:05 . 2011-04-28 16:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-12-11 3193792]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-24 2424192]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-03 15028104]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-11-14 222496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]

"Skytel"="Skytel.exe" [2007-06-15 1826816]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"D-Link D-Link RangeBooster N DWA-140"="c:\program files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe" [2007-08-20 1671168]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-09-25 557056]

"UpdatePSTShortCut"="c:\program files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2009-10-23 210216]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"MDS_Menu"="c:\program files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-17 91432]

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]

"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

.

c:\users\PowerSpec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-10 525640]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 15:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1cac8862024ef01;Google Update Service (gupdate1cac8862024ef01);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 133104]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 133104]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 Mrvleap;MARVELL EAP Driver;c:\windows\system32\DRIVERS\mrveap32.sys [2007-10-29 15360]

R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2008-10-08 3328]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-05-29 12872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-16 1343400]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-05-29 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-29 67656]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/09/25 19:00];c:\program files\CyberLink\PowerDVD8\000.fcl [2010-01-13 05:08 87536]

S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]

S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 38240]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 363344]

S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-08 44432]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 20952]

S3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10.sys [2010-10-01 52096]

S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28u.sys [2009-08-06 750592]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 19:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 23:36]

.

2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 23:36]

.

2011-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2005201071-4055058573-3116107030-1000Core.job

- c:\users\PowerSpec\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-04 01:32]

.

2011-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2005201071-4055058573-3116107030-1000UA.job

- c:\users\PowerSpec\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-04 01:32]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Read EXIF - c:\program files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm

TCP: DhcpNameServer = 68.87.85.98 68.87.69.146 68.87.85.102

FF - ProfilePath - c:\users\PowerSpec\AppData\Roaming\Mozilla\Firefox\Profiles\j1imn1e6.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2005201071-4055058573-3116107030-1000_Classes\VirtualStore\MACHINE\SOFTWARE\781\0265801DB081DE94]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2005201071-4055058573-3116107030-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Cygnus Solutions\Cygwin]

@Class="cygnus"

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2005201071-4055058573-3116107030-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2005201071-4055058573-3116107030-1000_Classes\VirtualStore\MACHINE\SOFTWARE\S3R521\G8B24K32I2XTCFAD6284]

@DACL=(02 0000)

"BRW6"=dword:4bd8c2b1

.

[HKEY_USERS\S-1-5-21-2005201071-4055058573-3116107030-1000_Classes\VirtualStore\MACHINE\SOFTWARE\S3R521\WVS73B3232FHZGYV4866]

@DACL=(02 0000)

"BRW6"=dword:4bd09b96

.

[HKEY_USERS\S-1-5-21-2005201071-4055058573-3116107030-1000_Classes\VirtualStore\MACHINE\SOFTWARE\S3R521\YCA24K3B2352EHAD6268]

@DACL=(02 0000)

"BRW6"=dword:4bc55c8a

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\Display\NvXDSync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\program files\Microsoft\BingBar\SeaPort.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\WUDFHost.exe

c:\windows\System32\rundll32.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2011-05-31 13:31:59 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-31 19:31

.

Pre-Run: 863,213,920,256 bytes free

Post-Run: 863,605,948,416 bytes free

.

- - End Of File - - 95CDACE57C966EEC3833DE5A1109DE38

Heres the DDS log.

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25

Run by PowerSpec at 13:42:43 on 2011-05-31

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.866 [GMT -6:00]

.

AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\Common Files\Nuance\dgnsvc.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\CyberLink\Shared files\brs.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\Skype\Phone\Skype.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Nero\Update\NASvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\PowerSpec\Downloads\dds.scr

C:\Windows\system32\WSCRIPT.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Search_URL = hxxp://www.google.com/ie

uStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll

BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\videod~1\ARCURL~1.DLL

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: ToolbarBHO Class: {9519af7e-638d-4933-bad6-d33d23c79fe5} - c:\progra~1\arcsoft\rawthu~1\EXIFTO~1.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll

TB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - c:\progra~1\arcsoft\rawthu~1\EXIFTO~1.DLL

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [iSUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [skytel] Skytel.exe

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [D-Link D-Link RangeBooster N DWA-140] c:\program files\d-link\d-link rangebooster n dwa-140\AirNCFG.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"

mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"

mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"

mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart

mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"

mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun

mRun: [updatePSTShortCut] "c:\program files\cyberlink\blu-ray disc suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\blu-ray disc suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [MDS_Menu] "c:\program files\cyberlink\mediashow4\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\mediashow4" updatewithcreateonce "software\cyberlink\mediashow\4.1"

mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"

mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\1.0"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking11\Ereg.ini

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\powers~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Read EXIF - c:\program files\arcsoft\raw thumbnail viewer\ArcEXIFM.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\powerspec\appdata\roaming\mozilla\firefox\profiles\j1imn1e6.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

============= SERVICES / DRIVERS ===============

.

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-12-29 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-12-29 67656]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/09/25 19:00:25];c:\program files\cyberlink\powerdvd8\000.fcl [2010-1-12 87536]

R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-2-6 727720]

R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-2-6 38240]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-23 363344]

R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-23 20952]

R3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2010-10-1 52096]

R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2009-8-6 750592]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1cac8862024ef01;Google Update Service (gupdate1cac8862024ef01);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 133104]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 133104]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 Mrvleap;MARVELL EAP Driver;c:\windows\system32\drivers\mrveap32.sys [2008-6-2 15360]

S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2008-10-8 3328]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-13 15872]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-12-29 12872]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-13 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-13 1343400]

.

=============== Created Last 30 ================

.

2011-05-31 19:20:58 -------- d-----w- C:\$RECYCLE.BIN

2011-05-31 19:01:41 98816 ----a-w- c:\windows\sed.exe

2011-05-31 19:01:41 518144 ----a-w- c:\windows\SWREG.exe

2011-05-31 19:01:41 256512 ----a-w- c:\windows\PEV.exe

2011-05-31 19:01:41 208896 ----a-w- c:\windows\MBR.exe

2011-05-31 15:08:21 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8f90979f-b035-4b9c-b66f-0c470a389e1f}\mpengine.dll

2011-05-29 16:50:27 -------- d-----w- c:\users\powerspec\appdata\roaming\go

2011-05-29 16:50:25 -------- d-----w- c:\programdata\Easybits GO

2011-05-28 04:55:29 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-05-26 17:25:43 -------- d-----w- c:\users\powerspec\appdata\local\DDMSettings

2011-05-26 17:23:40 -------- d-----w- c:\program files\common files\DivX Shared

2011-05-25 00:04:24 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-05-22 04:42:01 -------- d-----w- c:\users\powerspec\appdata\roaming\FLEXnet

2011-05-22 04:41:59 -------- d-----w- c:\users\powerspec\appdata\roaming\Nuance

2011-05-22 04:39:31 -------- d-----w- c:\program files\common files\IVA

2011-05-22 04:39:13 -------- d-----w- c:\program files\common files\Nuance

2011-05-22 04:37:10 -------- d-----w- c:\programdata\Nuance

2011-05-15 18:14:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-12 16:07:45 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-05-11 16:04:27 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-05-11 16:04:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-10 20:01:20 -------- d-----w- c:\users\powerspec\appdata\local\ElevatedDiagnostics

.

==================== Find3M ====================

.

2011-05-28 04:55:13 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-13 16:55:56 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-04-06 22:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 22:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-03-12 11:23:45 870912 ----a-w- c:\windows\system32\XpsPrint.dll

2011-03-11 05:39:05 148864 ----a-w- c:\windows\system32\drivers\storport.sys

2011-03-11 05:39:00 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-03-11 05:39:00 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-03-11 05:39:00 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-03-11 05:38:51 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-03-11 05:38:37 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-03-11 05:38:37 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-03-11 05:33:09 1699328 ----a-w- c:\windows\system32\esent.dll

2011-03-11 05:31:07 74240 ----a-w- c:\windows\system32\fsutil.exe

2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-03 05:38:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-03-03 05:36:16 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-03-03 03:42:34 2333184 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 13:43:54.82 ===============

Link to post
Share on other sites

  • Staff

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.