manny70 Posted May 19, 2011 ID:431320 Share Posted May 19, 2011 I kept getting a IP block saying that its blocking the IP 208.73.210.29. I followed the instructions on http://forums.malwarebytes.org//index.php?showtopic=9573 and heres the results of the DDS.txt, log files, and GMER files..DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24Run by PowerSpec at 15:59:29 on 2011-05-19Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.826 [GMT -6:00].AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\NVIDIA Corporation\Display\NvXDSync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Windows\system32\taskhost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ESET\ESET Smart Security\ekrn.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeC:\Windows\system32\taskeng.exeC:\Windows\RtHDVCpl.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\CyberLink\Shared files\RichVideo.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Microsoft\BingBar\SeaPort.EXEC:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Logitech\Logitech WebCam Software\LWS.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files\Brother\Brmfcmon\BrMfcWnd.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.acC:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\CyberLink\Power2Go\CLMLSvc.exeC:\Program Files\Brother\ControlCenter3\brccMCtl.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\WUDFHost.exeC:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files\CyberLink\Shared files\brs.exeC:\Program Files\Brother\Brmfcmon\BrMfimon.exeC:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Microsoft IntelliPoint\dpupdchk.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exeC:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXEC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Users\PowerSpec\Downloads\dds.scrC:\Windows\system32\WSCRIPT.exe.============== Pseudo HJT Report ===============.uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8uDefault_Search_URL = hxxp://www.google.com/ieuSearch Bar = hxxp://www.google.com/ieuSearch Page = hxxp://www.google.comuStart Page = hxxp://www.yahoo.com/uWindow Title = Windows Internet Explorer provided by Yahoo!mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.commSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmlmSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.comuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dllBHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\videod~1\ARCURL~1.DLLBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dllBHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: ToolbarBHO Class: {9519af7e-638d-4933-bad6-d33d23c79fe5} - c:\progra~1\arcsoft\rawthu~1\EXIFTO~1.DLLBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn5\YTSingleInstance.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dllTB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - c:\progra~1\arcsoft\rawthu~1\EXIFTO~1.DLLTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File{555d4d79-4bd2-4094-a395-cfc534424a05}uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exeuRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startupuRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quietuRun: [DriverScanner] "c:\program files\uniblue\driverscanner\launcher.exe" delay 20000 uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hiddenuRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exeuRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimizeduRun: [AdobeBridge] uRun: [Google Update] "c:\users\powerspec\appdata\local\google\update\GoogleUpdate.exe" /cmRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [RtHDVCpl] RtHDVCpl.exemRun: [skytel] Skytel.exemRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbyloginmRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exemRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exemRun: [D-Link D-Link RangeBooster N DWA-140] c:\program files\d-link\d-link rangebooster n dwa-140\AirNCFG.exemRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hidemRun: [MSConfig] "c:\windows\system32\msconfig.exe" /automRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservicemRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -bootmRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUNmRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorunmRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStartmRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"mRun: [updatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrunmRun: [updatePSTShortCut] "c:\program files\cyberlink\blu-ray disc suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\blu-ray disc suite" updatewithcreateonce "software\cyberlink\PowerStarter"mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"mRun: [MDS_Menu] "c:\program files\cyberlink\mediashow4\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\mediashow4" updatewithcreateonce "software\cyberlink\mediashow\4.1"mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exemRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\1.0"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscriptmRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOWStartupFolder: c:\users\powers~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dragon~1.lnk - c:\program files\nuance\naturallyspeaking10\program\natspeak.exeStartupFolder: c:\users\powers~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXEStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXEmPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: EnableLinkedConnections = 1 (0x1)IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000IE: Read EXIF - c:\program files\arcsoft\raw thumbnail viewer\ArcEXIFM.htmIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLLDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dllNotify: igfxcui - igfxdev.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLLmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe".================= FIREFOX ===================.FF - ProfilePath - c:\users\powerspec\appdata\roaming\mozilla\firefox\profiles\j1imn1e6.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - www.yahoo.comFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=FF - component: c:\program files\arcsoft\raw thumbnail viewer\firefox extension\components\FirefoxMenu.dllFF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dllFF - component: c:\users\powerspec\appdata\roaming\mozilla\firefox\profiles\j1imn1e6.default\extensions\firedownload@mozilla.org\components\firedownload.dllFF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dllFF - plugin: c:\program files\divx\divx plus web player\npdivx32.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dllFF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dllFF - plugin: c:\program files\microsoft\office live\npOLW.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dllFF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dllFF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dllFF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - plugin: c:\users\powerspec\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dllFF - plugin: c:\users\powerspec\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dllFF - plugin: c:\users\powerspec\appdata\roaming\mozilla\plugins\npgoogletalk.dllFF - plugin: c:\users\powerspec\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll.---- FIREFOX POLICIES ----FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true============= SERVICES / DRIVERS ===============.R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-12-29 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-12-29 67656]R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/09/25 19:00:25];c:\program files\cyberlink\powerdvd8\000.fcl [2010-1-12 87536]R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-2-6 727720]R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-2-6 38240]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]R3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2010-10-1 52096]R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2009-8-6 750592]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate1cac8862024ef01;Google Update Service (gupdate1cac8862024ef01);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 133104]S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-23 363344]S2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 133104]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-23 20952]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]S3 Mrvleap;MARVELL EAP Driver;c:\windows\system32\drivers\mrveap32.sys [2008-6-2 15360]S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2008-10-8 3328]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-13 15872]S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-12-29 12872]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-13 52224]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-13 1343400].=============== Created Last 30 ================.2011-05-17 14:40:38 7071056 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9fd163b5-149d-4126-84af-ff2771bfc62c}\mpengine.dll2011-05-15 18:14:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-12 16:07:45 123904 ----a-w- c:\windows\system32\poqexec.exe2011-05-11 16:04:27 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe2011-05-11 16:04:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe2011-05-11 02:05:05 -------- d-----w- c:\users\powerspec\appdata\local\DDMSettings2011-05-10 20:01:20 -------- d-----w- c:\users\powerspec\appdata\local\ElevatedDiagnostics2011-05-04 22:27:47 -------- d-----w- c:\program files\common files\DivX Shared2011-04-27 20:34:59 31232 ----a-w- c:\windows\system32\prevhost.exe2011-04-27 20:34:47 1699328 ----a-w- c:\windows\system32\esent.dll2011-04-27 20:34:46 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys2011-04-27 20:34:46 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys2011-04-27 20:34:46 148864 ----a-w- c:\windows\system32\drivers\storport.sys2011-04-27 20:34:46 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys2011-04-27 20:34:46 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys2011-04-27 20:34:45 74240 ----a-w- c:\windows\system32\fsutil.exe2011-04-27 20:34:45 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys2011-04-27 20:34:45 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys2011-04-27 20:34:40 870912 ----a-w- c:\windows\system32\XpsPrint.dll2011-04-27 20:34:37 2616320 ----a-w- c:\windows\explorer.exe2011-04-25 00:22:32 -------- d-----w- c:\program files\iPod2011-04-25 00:22:28 -------- d-----w- c:\program files\iTunes2011-04-25 00:18:07 -------- d-----w- c:\program files\Bonjour2011-04-23 22:23:27 -------- d-----w- c:\users\powerspec\appdata\roaming\Malwarebytes2011-04-23 22:23:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-04-23 22:23:15 -------- d-----w- c:\programdata\Malwarebytes2011-04-23 22:23:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2011-04-23 22:23:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware.==================== Find3M ====================.2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr2011-04-13 16:55:56 152576 ----a-w- c:\windows\system32\msclmd.dll2011-04-06 22:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll2011-04-06 22:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll2011-03-03 05:38:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll2011-03-03 05:36:16 28672 ----a-w- c:\windows\system32\dnscacheugc.exe2011-03-03 03:42:34 2333184 ----a-w- c:\windows\system32\win32k.sys2011-02-24 05:38:54 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll2011-02-23 04:48:17 311808 ----a-w- c:\windows\system32\drivers\srv.sys2011-02-23 04:48:01 310272 ----a-w- c:\windows\system32\drivers\srv2.sys2011-02-23 04:47:54 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys2011-02-23 04:47:45 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys2011-02-23 04:47:40 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys2011-02-23 04:47:36 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-02-23 04:47:33 69632 ----a-w- c:\windows\system32\drivers\bowser.sys2011-02-19 06:30:54 805376 ----a-w- c:\windows\system32\FntCache.dll2011-02-19 06:30:51 1076736 ----a-w- c:\windows\system32\DWrite.dll2011-02-19 06:30:50 739840 ----a-w- c:\windows\system32\d2d1.dll2011-02-19 06:30:46 34304 ----a-w- c:\windows\system32\atmlib.dll2011-02-19 04:34:54 294912 ----a-w- c:\windows\system32\atmfd.dll.============= FINISH: 16:01:17.61 ===============11:05:22 PowerSpec MESSAGE Protection started successfully11:05:27 PowerSpec MESSAGE IP Protection started successfully11:06:36 PowerSpec MESSAGE Scheduled update executed successfully11:08:38 PowerSpec MESSAGE IP Protection stopped11:08:42 PowerSpec MESSAGE Database updated successfully11:08:44 PowerSpec MESSAGE IP Protection started successfully11:31:00 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49276, Process: firefox.exe)11:47:43 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49651, Process: iexplore.exe)11:47:43 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49652, Process: iexplore.exe)12:16:05 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49739, Process: iexplore.exe)12:16:05 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49740, Process: iexplore.exe)12:16:37 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49752, Process: iexplore.exe)12:16:37 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49753, Process: iexplore.exe)12:16:45 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49767, Process: iexplore.exe)12:17:09 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49778, Process: iexplore.exe)12:17:09 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49779, Process: iexplore.exe)12:17:17 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49796, Process: iexplore.exe)12:17:50 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49805, Process: iexplore.exe)12:17:50 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49806, Process: iexplore.exe)12:17:50 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49830, Process: iexplore.exe)12:18:14 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49843, Process: iexplore.exe)12:18:14 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49844, Process: iexplore.exe)12:18:22 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49870, Process: iexplore.exe)15:09:20 PowerSpec MESSAGE Protection started successfully15:09:25 PowerSpec MESSAGE IP Protection started successfully15:16:06 PowerSpec MESSAGE Protection started successfully15:16:10 PowerSpec MESSAGE IP Protection started successfully15:22:59 PowerSpec MESSAGE Protection started successfully15:23:04 PowerSpec MESSAGE IP Protection started successfully15:23:18 PowerSpec IP-BLOCK 204.13.161.51 (Type: outgoing, Port: 49212, Process: firefox.exe)15:35:04 PowerSpec IP-BLOCK 89.248.160.175 (Type: outgoing, Port: 49663, Process: firefox.exe)15:35:04 PowerSpec IP-BLOCK 89.248.160.175 (Type: outgoing, Port: 49664, Process: firefox.exe)15:41:13 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49971, Process: firefox.exe)15:59:43 PowerSpec MESSAGE Protection started successfully15:59:47 PowerSpec MESSAGE IP Protection started successfully16:57:06 PowerSpec IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49235, Process: firefox.exe)Attach.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted May 20, 2011 Staff ID:431785 Share Posted May 20, 2011 Hi and welcome to Malwarebytes.Does the block occur when you try to access a particular site?Please update MBAM, run a Quick Scan, and post its log.Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
manny70 Posted May 21, 2011 Author ID:431952 Share Posted May 21, 2011 Hi and welcome to Malwarebytes.Does the block occur when you try to access a particular site?Please update MBAM, run a Quick Scan, and post its log.Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317It shows up randomly, from what Ive seen. Anyways, I followed your instructions and heres are the logs you requested. Link to post Share on other sites More sharing options...
manny70 Posted May 21, 2011 Author ID:431954 Share Posted May 21, 2011 It shows up randomly, from what Ive seen. Anyways, I followed your instructions and heres are the logs you requested.Sorry. Forgot the attachments.Attach.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted May 25, 2011 Staff ID:433129 Share Posted May 25, 2011 Hi,In the future, please post all logs directly into your reply instead of attaching them. With that said, next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
manny70 Posted May 25, 2011 Author ID:433340 Share Posted May 25, 2011 Hi,In the future, please post all logs directly into your reply instead of attaching them. With that said, next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317Sorry about the attachment problems last time. Anyways, heres the log.txt.ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OKAnd the checkup.txt. Results of screen317's Security Check version 0.99.11 Windows 7 Service Pack 1 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Smart Security McAfee Security Scan Plus WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 24 Out of date Java installed! Adobe Flash Player 10.3.181.14 Adobe Reader 9.4.4 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe ``````````End of Log```````````` Link to post Share on other sites More sharing options...
Staff screen317 Posted May 26, 2011 Staff ID:433740 Share Posted May 26, 2011 Hi,Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):Java Link to post Share on other sites More sharing options...
manny70 Posted May 28, 2011 Author ID:434106 Share Posted May 28, 2011 Hi,Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):Java Link to post Share on other sites More sharing options...
Staff screen317 Posted May 30, 2011 Staff ID:434803 Share Posted May 30, 2011 Hi,Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
manny70 Posted May 31, 2011 Author ID:435180 Share Posted May 31, 2011 Hi,Please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317OK. Here is the ComboFix log.ComboFix 11-05-31.01 - PowerSpec 05/31/2011 13:04:38.2.2 - x86Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.965 [GMT -6:00]Running from: c:\users\PowerSpec\Desktop\ComboFix.exeAV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}FW: ESET Personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\TEMP\logishrd\LVPrcInj01.dll..((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))..2011-05-31 19:18 . 2011-05-31 19:18 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2011-05-31 19:18 . 2011-05-31 19:18 -------- d-----w- c:\users\Default\AppData\Local\temp2011-05-31 15:08 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F90979F-B035-4B9C-B66F-0C470A389E1F}\mpengine.dll2011-05-29 16:50 . 2011-05-31 15:05 -------- d-----w- c:\users\PowerSpec\AppData\Roaming\go2011-05-29 16:50 . 2011-05-31 18:56 -------- d-----w- c:\programdata\Easybits GO2011-05-28 04:56 . 2011-05-28 04:56 -------- d-----w- c:\program files\Common Files\Java2011-05-28 04:55 . 2011-05-28 04:55 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll2011-05-26 17:25 . 2011-05-26 17:25 -------- d-----w- c:\users\PowerSpec\AppData\Local\DDMSettings2011-05-26 17:23 . 2011-05-26 17:23 -------- d-----w- c:\program files\Common Files\DivX Shared2011-05-25 00:04 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys2011-05-22 04:42 . 2011-05-22 04:42 -------- d-----w- c:\users\PowerSpec\AppData\Roaming\FLEXnet2011-05-22 04:41 . 2011-05-22 04:41 -------- d-----w- c:\users\PowerSpec\AppData\Roaming\Nuance2011-05-22 04:39 . 2011-05-22 04:39 -------- d-----w- c:\program files\Common Files\IVA2011-05-22 04:39 . 2011-05-22 04:39 -------- d-----w- c:\program files\Common Files\Nuance2011-05-22 04:37 . 2011-05-22 04:37 -------- d-----w- c:\programdata\Nuance2011-05-15 18:14 . 2011-05-28 05:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-12 16:07 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe2011-05-11 16:04 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe2011-05-11 16:04 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe2011-05-10 20:01 . 2011-05-10 20:01 -------- d-----w- c:\users\PowerSpec\AppData\Local\ElevatedDiagnostics...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-05-28 04:55 . 2010-05-05 18:06 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr2011-04-13 17:01 . 2011-04-13 17:01 86528 ----a-w- c:\windows\system32\iesysprep.dll2011-04-13 17:01 . 2011-04-13 17:01 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2011-04-13 17:01 . 2011-04-13 17:01 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2011-04-13 17:01 . 2011-04-13 17:01 63488 ----a-w- c:\windows\system32\tdc.ocx2011-04-13 17:01 . 2011-04-13 17:01 48640 ----a-w- c:\windows\system32\mshtmler.dll2011-04-13 17:01 . 2011-04-13 17:01 367104 ----a-w- c:\windows\system32\html.iec2011-04-13 17:01 . 2011-04-13 17:01 161792 ----a-w- c:\windows\system32\msls31.dll2011-04-13 17:01 . 2011-04-13 17:01 1126912 ----a-w- c:\windows\system32\wininet.dll2011-04-13 17:01 . 2011-04-13 17:01 110592 ----a-w- c:\windows\system32\IEAdvpack.dll2011-04-13 17:01 . 2011-04-13 17:01 74752 ----a-w- c:\windows\system32\iesetup.dll2011-04-13 17:01 . 2011-04-13 17:01 420864 ----a-w- c:\windows\system32\vbscript.dll2011-04-13 17:01 . 2011-04-13 17:01 35840 ----a-w- c:\windows\system32\imgutil.dll2011-04-13 17:01 . 2011-04-13 17:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb2011-04-13 17:01 . 2011-04-13 17:01 23552 ----a-w- c:\windows\system32\licmgr10.dll2011-04-13 17:01 . 2011-04-13 17:01 1797632 ----a-w- c:\windows\system32\jscript9.dll2011-04-13 17:01 . 2011-04-13 17:01 152064 ----a-w- c:\windows\system32\wextract.exe2011-04-13 17:01 . 2011-04-13 17:01 150528 ----a-w- c:\windows\system32\iexpress.exe2011-04-13 17:01 . 2011-04-13 17:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe2011-04-13 17:01 . 2011-04-13 17:01 1427456 ----a-w- c:\windows\system32\inetcpl.cpl2011-04-13 17:01 . 2011-04-13 17:01 11776 ----a-w- c:\windows\system32\mshta.exe2011-04-13 17:01 . 2011-04-13 17:01 101888 ----a-w- c:\windows\system32\admparse.dll2011-04-13 16:55 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll2011-04-06 22:20 . 2011-04-06 22:20 91424 ----a-w- c:\windows\system32\dnssd.dll2011-04-06 22:20 . 2011-04-06 22:20 107808 ----a-w- c:\windows\system32\dns-sd.exe2011-03-12 17:27 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2011-03-12 11:23 . 2011-04-27 20:34 870912 ----a-w- c:\windows\system32\XpsPrint.dll2011-03-11 05:39 . 2011-04-27 20:34 148864 ----a-w- c:\windows\system32\drivers\storport.sys2011-03-11 05:39 . 2011-04-27 20:34 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys2011-03-11 05:39 . 2011-04-27 20:34 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys2011-03-11 05:39 . 2011-04-27 20:34 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys2011-03-11 05:38 . 2011-04-27 20:34 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys2011-03-11 05:38 . 2011-04-27 20:34 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys2011-03-11 05:38 . 2011-04-27 20:34 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys2011-03-11 05:33 . 2011-04-13 15:56 1164288 ----a-w- c:\windows\system32\mfc42u.dll2011-03-11 05:33 . 2011-04-13 15:56 1137664 ----a-w- c:\windows\system32\mfc42.dll2011-03-11 05:33 . 2011-04-27 20:34 1699328 ----a-w- c:\windows\system32\esent.dll2011-03-11 05:31 . 2011-04-27 20:34 74240 ----a-w- c:\windows\system32\fsutil.exe2011-03-08 05:28 . 2011-04-13 15:56 741376 ----a-w- c:\windows\system32\inetcomm.dll2011-03-03 05:38 . 2011-04-13 15:57 132608 ----a-w- c:\windows\system32\dnsrslvr.dll2011-03-03 05:36 . 2011-04-13 15:57 28672 ----a-w- c:\windows\system32\dnscacheugc.exe2011-03-03 03:42 . 2011-04-13 15:57 2333184 ----a-w- c:\windows\system32\win32k.sys2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll2011-04-30 20:05 . 2011-04-28 16:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-12-11 3193792]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-24 2424192]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-03 15028104]"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-11-14 222496].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]"Skytel"="Skytel.exe" [2007-06-15 1826816]"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]"D-Link D-Link RangeBooster N DWA-140"="c:\program files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe" [2007-08-20 1671168]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-09-25 557056]"UpdatePSTShortCut"="c:\program files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2009-10-23 210216]"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"MDS_Menu"="c:\program files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-17 91432]"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288].c:\users\PowerSpec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-10 525640].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]2006-10-25 15:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 gupdate1cac8862024ef01;Google Update Service (gupdate1cac8862024ef01);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 133104]R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 133104]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]R3 Mrvleap;MARVELL EAP Driver;c:\windows\system32\DRIVERS\mrveap32.sys [2007-10-29 15360]R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2008-10-08 3328]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-05-29 12872]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-16 1343400]S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-05-29 12872]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-29 67656]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/09/25 19:00];c:\program files\CyberLink\PowerDVD8\000.fcl [2010-01-13 05:08 87536]S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 38240]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 363344]S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-08 44432]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 20952]S3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10.sys [2010-10-01 52096]S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28u.sys [2009-08-06 750592]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2009-08-20 19:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder.2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 23:36].2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 23:36].2011-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2005201071-4055058573-3116107030-1000Core.job- c:\users\PowerSpec\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-04 01:32].2011-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2005201071-4055058573-3116107030-1000UA.job- c:\users\PowerSpec\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-04 01:32]..------- Supplementary Scan -------.uDefault_Search_URL = hxxp://www.google.com/ieuStart Page = hxxp://www.yahoo.com/mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmluInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000IE: Read EXIF - c:\program files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htmTCP: DhcpNameServer = 68.87.85.98 68.87.69.146 68.87.85.102FF - ProfilePath - c:\users\PowerSpec\AppData\Roaming\Mozilla\Firefox\Profiles\j1imn1e6.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - www.yahoo.comFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true..[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2005201071-4055058573-3116107030-1000_Classes\VirtualStore\MACHINE\SOFTWARE\781\0265801DB081DE94]@DACL=(02 0000).[HKEY_USERS\S-1-5-21-2005201071-4055058573-3116107030-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Cygnus Solutions\Cygwin]@Class="cygnus"@DACL=(02 0000).[HKEY_USERS\S-1-5-21-2005201071-4055058573-3116107030-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache]@DACL=(02 0000).[HKEY_USERS\S-1-5-21-2005201071-4055058573-3116107030-1000_Classes\VirtualStore\MACHINE\SOFTWARE\S3R521\G8B24K32I2XTCFAD6284]@DACL=(02 0000)"BRW6"=dword:4bd8c2b1.[HKEY_USERS\S-1-5-21-2005201071-4055058573-3116107030-1000_Classes\VirtualStore\MACHINE\SOFTWARE\S3R521\WVS73B3232FHZGYV4866]@DACL=(02 0000)"BRW6"=dword:4bd09b96.[HKEY_USERS\S-1-5-21-2005201071-4055058573-3116107030-1000_Classes\VirtualStore\MACHINE\SOFTWARE\S3R521\YCA24K3B2352EHAD6268]@DACL=(02 0000)"BRW6"=dword:4bc55c8a.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\windows\system32\nvvsvc.exec:\program files\NVIDIA Corporation\Display\NvXDSync.exec:\windows\system32\nvvsvc.exec:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\windows\system32\taskhost.exec:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exec:\program files\CyberLink\Shared files\RichVideo.exec:\program files\Microsoft\BingBar\SeaPort.EXEc:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEc:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exec:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exec:\windows\system32\WUDFHost.exec:\windows\System32\rundll32.exec:\windows\system32\conhost.exec:\program files\Windows Media Player\wmpnetwk.exe.**************************************************************************.Completion time: 2011-05-31 13:31:59 - machine was rebootedComboFix-quarantined-files.txt 2011-05-31 19:31.Pre-Run: 863,213,920,256 bytes freePost-Run: 863,605,948,416 bytes free.- - End Of File - - 95CDACE57C966EEC3833DE5A1109DE38Heres the DDS log..DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25Run by PowerSpec at 13:42:43 on 2011-05-31Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.866 [GMT -6:00].AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\NVIDIA Corporation\Display\NvXDSync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\RtHDVCpl.exeC:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.acC:\Program Files\Common Files\Nuance\dgnsvc.exeC:\Program Files\ESET\ESET Smart Security\ekrn.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Logitech\Logitech WebCam Software\LWS.exeC:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\CyberLink\Shared files\RichVideo.exeC:\Program Files\Microsoft\BingBar\SeaPort.EXEC:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Brother\Brmfcmon\BrMfcWnd.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exeC:\Program Files\CyberLink\Power2Go\CLMLSvc.exeC:\Program Files\Brother\ControlCenter3\brccMCtl.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\WUDFHost.exeC:\Program Files\Brother\Brmfcmon\BrMfimon.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exeC:\Program Files\CyberLink\Shared files\brs.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Microsoft IntelliPoint\dpupdchk.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exeC:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXEC:\Program Files\Skype\Phone\Skype.exeC:\ProgramData\FLEXnet\Connect\11\ISUSPM.exeC:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Nero\Update\NASvc.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Users\PowerSpec\Downloads\dds.scrC:\Windows\system32\WSCRIPT.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uDefault_Search_URL = hxxp://www.google.com/ieuStart Page = hxxp://www.yahoo.com/mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmluInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dllBHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dllBHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\videod~1\ARCURL~1.DLLBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dllBHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: ToolbarBHO Class: {9519af7e-638d-4933-bad6-d33d23c79fe5} - c:\progra~1\arcsoft\rawthu~1\EXIFTO~1.DLLBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn5\YTSingleInstance.dllTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dllTB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - c:\progra~1\arcsoft\rawthu~1\EXIFTO~1.DLLTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File{555d4d79-4bd2-4094-a395-cfc534424a05}uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exeuRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quietuRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hiddenuRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exeuRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimizeduRun: [iSUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -schedulermRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [RtHDVCpl] RtHDVCpl.exemRun: [skytel] Skytel.exemRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbyloginmRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exemRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exemRun: [D-Link D-Link RangeBooster N DWA-140] c:\program files\d-link\d-link rangebooster n dwa-140\AirNCFG.exemRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hidemRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservicemRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -bootmRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUNmRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorunmRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStartmRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"mRun: [updatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrunmRun: [updatePSTShortCut] "c:\program files\cyberlink\blu-ray disc suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\blu-ray disc suite" updatewithcreateonce "software\cyberlink\PowerStarter"mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"mRun: [MDS_Menu] "c:\program files\cyberlink\mediashow4\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\mediashow4" updatewithcreateonce "software\cyberlink\mediashow\4.1"mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exemRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\1.0"mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscriptmRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking11\Ereg.inimRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOWmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"StartupFolder: c:\users\powers~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXEStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXEmPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: EnableLinkedConnections = 1 (0x1)IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000IE: Read EXIF - c:\program files\arcsoft\raw thumbnail viewer\ArcEXIFM.htmIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLLDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cabDPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dllNotify: igfxcui - igfxdev.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLLmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe".================= FIREFOX ===================.FF - ProfilePath - c:\users\powerspec\appdata\roaming\mozilla\firefox\profiles\j1imn1e6.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - www.yahoo.comFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=.---- FIREFOX POLICIES ----FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true.============= SERVICES / DRIVERS ===============.R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-12-29 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-12-29 67656]R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/09/25 19:00:25];c:\program files\cyberlink\powerdvd8\000.fcl [2010-1-12 87536]R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-2-6 727720]R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-2-6 38240]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-23 363344]R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-23 20952]R3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2010-10-1 52096]R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2009-8-6 750592]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate1cac8862024ef01;Google Update Service (gupdate1cac8862024ef01);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 133104]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 133104]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]S3 Mrvleap;MARVELL EAP Driver;c:\windows\system32\drivers\mrveap32.sys [2008-6-2 15360]S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2008-10-8 3328]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-13 15872]S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-12-29 12872]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-13 52224]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-13 1343400].=============== Created Last 30 ================.2011-05-31 19:20:58 -------- d-----w- C:\$RECYCLE.BIN2011-05-31 19:01:41 98816 ----a-w- c:\windows\sed.exe2011-05-31 19:01:41 518144 ----a-w- c:\windows\SWREG.exe2011-05-31 19:01:41 256512 ----a-w- c:\windows\PEV.exe2011-05-31 19:01:41 208896 ----a-w- c:\windows\MBR.exe2011-05-31 15:08:21 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8f90979f-b035-4b9c-b66f-0c470a389e1f}\mpengine.dll2011-05-29 16:50:27 -------- d-----w- c:\users\powerspec\appdata\roaming\go2011-05-29 16:50:25 -------- d-----w- c:\programdata\Easybits GO2011-05-28 04:55:29 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll2011-05-26 17:25:43 -------- d-----w- c:\users\powerspec\appdata\local\DDMSettings2011-05-26 17:23:40 -------- d-----w- c:\program files\common files\DivX Shared2011-05-25 00:04:24 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys2011-05-22 04:42:01 -------- d-----w- c:\users\powerspec\appdata\roaming\FLEXnet2011-05-22 04:41:59 -------- d-----w- c:\users\powerspec\appdata\roaming\Nuance2011-05-22 04:39:31 -------- d-----w- c:\program files\common files\IVA2011-05-22 04:39:13 -------- d-----w- c:\program files\common files\Nuance2011-05-22 04:37:10 -------- d-----w- c:\programdata\Nuance2011-05-15 18:14:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-12 16:07:45 123904 ----a-w- c:\windows\system32\poqexec.exe2011-05-11 16:04:27 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe2011-05-11 16:04:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe2011-05-10 20:01:20 -------- d-----w- c:\users\powerspec\appdata\local\ElevatedDiagnostics.==================== Find3M ====================.2011-05-28 04:55:13 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr2011-04-13 16:55:56 152576 ----a-w- c:\windows\system32\msclmd.dll2011-04-06 22:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll2011-04-06 22:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe2011-03-12 11:23:45 870912 ----a-w- c:\windows\system32\XpsPrint.dll2011-03-11 05:39:05 148864 ----a-w- c:\windows\system32\drivers\storport.sys2011-03-11 05:39:00 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys2011-03-11 05:39:00 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys2011-03-11 05:39:00 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys2011-03-11 05:38:51 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys2011-03-11 05:38:37 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys2011-03-11 05:38:37 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll2011-03-11 05:33:09 1699328 ----a-w- c:\windows\system32\esent.dll2011-03-11 05:31:07 74240 ----a-w- c:\windows\system32\fsutil.exe2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll2011-03-03 05:38:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll2011-03-03 05:36:16 28672 ----a-w- c:\windows\system32\dnscacheugc.exe2011-03-03 03:42:34 2333184 ----a-w- c:\windows\system32\win32k.sys.============= FINISH: 13:43:54.82 =============== Link to post Share on other sites More sharing options...
Staff screen317 Posted June 4, 2011 Staff ID:436493 Share Posted June 4, 2011 Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
Staff screen317 Posted June 9, 2011 Staff ID:438863 Share Posted June 9, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts