Jump to content

I think I have virus or malware or something - Please help! Thank you very much!


Recommended Posts

Hi there,

Something is definitely wrong with my notebook. The whole system hangs almost every time I turn it on without too long chrome / itunes use. It has been like this for months, I finally fed up and beef up my courage and here I am asking for help before my last resort is to reinstall the whole thing. Thank you for your help in advance!

Here are my logs.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by user at 22:49:03 on 2011-09-30

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3949.2201 [GMT 8:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\SysWOW64\ZoneLabs\vsmon.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\Explorer.EXE

C:\Program Files\P4G\BatteryLife.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\WindowsMobile\wmdcBase.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = hxxp://asus.msn.com

mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Open FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d44} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll

BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll

TB: FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d41} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [QQ2009] "C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe" /background

mRun: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"

mRun: [updatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TCP: Interfaces\{831981FC-F306-4A11-8F27-D9CCBC39E34F} : NameServer = 168.95.192.1 168.95.1.1

TCP: Interfaces\{8C54271A-DCE8-425F-AE94-2CCC0905D2CF}\55D223 : DhcpNameServer = 192.168.2.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Open FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll

BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll

BHO-X64: ZoneAlarm Security - No File

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO-X64: Google Dictionary Compression sdch - No File

TB-X64: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll

TB-X64: FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll

mRun-x64: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"

mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files\itunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-9-5 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-9-5 269480]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-13 366152]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-13 2314240]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-13 135664]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-13 135664]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]

S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2010-12-13 332272]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-7 118672]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2011-09-30 14:45:06 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{792C645B-BA1C-4C77-951F-B0E688ED4B19}\offreg.dll

2011-09-30 14:22:16 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{792C645B-BA1C-4C77-951F-B0E688ED4B19}\mpengine.dll

2011-09-19 17:05:11 -------- d-----w- C:\Users\user\AppData\Local\UDNLibBook

2011-09-16 08:53:40 -------- d-s---w- C:\ComboFix

2011-09-09 01:52:46 -------- d-sh--w- C:\$RECYCLE.BIN

2011-09-07 12:34:20 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes

2011-09-07 12:34:11 -------- d-----w- C:\ProgramData\Malwarebytes

2011-09-07 12:34:08 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-09-07 12:34:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2011-09-05 10:08:39 -------- d-----w- C:\Program Files\iTunes

2011-09-05 10:08:39 -------- d-----w- C:\Program Files\iPod

2011-09-05 10:08:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-09-05 10:08:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-09-05 10:08:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-09-05 10:08:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-09-05 10:08:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-09-05 10:08:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-09-05 10:08:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-09-05 10:07:34 -------- d-----w- C:\Program Files\Bonjour

2011-09-05 10:07:34 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-09-05 08:13:50 -------- d-----w- C:\Users\user\AppData\Roaming\Avira

2011-09-05 08:00:02 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2011-09-05 08:00:01 -------- d-----w- C:\ProgramData\Avira

2011-09-05 08:00:01 -------- d-----w- C:\Program Files (x86)\Avira

2011-09-05 07:46:50 1611 ----a-w- C:\Users\user\mvps.bat

2011-09-05 07:10:35 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL

2011-09-05 07:10:35 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2011-09-05 07:10:28 -------- d-----w- C:\Program Files (x86)\SpywareBlaster

2011-09-04 22:09:07 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-04 20:33:37 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2011-09-04 20:33:37 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2011-09-04 20:33:37 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2011-09-04 20:33:12 -------- d-----w- C:\Program Files (x86)\iTunes

2011-09-04 04:20:09 -------- d-----w- C:\Users\user\AppData\Local\2DBoy

2011-09-04 04:20:09 -------- d-----w- C:\ProgramData\2DBoy

2011-09-04 03:30:24 -------- d-----w- C:\ProgramData\Oberon Media

2011-09-04 01:43:58 -------- d-----w- C:\Users\user\AppData\Local\Microsoft Games

2011-09-04 00:33:20 -------- d-----w- C:\Users\user\AppData\Local\Tencent

2011-09-04 00:32:19 -------- d-----w- C:\ProgramData\Tencent

2011-09-04 00:20:47 106496 ----a-r- C:\Users\user\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe

2011-09-04 00:20:46 61440 ----a-r- C:\Users\user\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe

2011-09-04 00:20:46 61440 ----a-r- C:\Users\user\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe

2011-09-04 00:20:46 106496 ----a-r- C:\Users\user\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe

2011-09-04 00:20:46 106496 ----a-r- C:\Users\user\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe

2011-09-04 00:20:33 -------- d-----w- C:\Program Files (x86)\Tencent

2011-09-04 00:20:33 -------- d-----w- C:\Program Files (x86)\Common Files\Tencent

2011-09-04 00:19:34 18760 ----a-w- C:\Windows\SysWow64\QQVistaHelper.dll

2011-09-04 00:19:34 -------- d-----w- C:\Users\user\AppData\Roaming\Tencent

.

==================== Find3M ====================

.

2011-08-08 08:00:00 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-16 14:17:06 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-12 03:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-07-12 03:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-07-12 03:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-07-12 03:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll

2011-07-12 03:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-07-12 03:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-07-12 03:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-07-12 03:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-07-05 10:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-07-05 10:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

.

============= FINISH: 22:49:53.88 ===============

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7807

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

9/27/2011 10:18:46 PM

mbam-log-2011-09-27 (22-18-46).txt

Scan type: Full scan (C:\|)

Objects scanned: 324983

Time elapsed: 41 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Attach.zip

Link to post
Share on other sites

Hello and Welcome to the forum.

Looks like you're running 2 anti-virus programs.

AV: Microsoft Security Essentials

AV: AntiVir

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Please do not delete anything unless instructed to.

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove either:

AntiVir

Microsoft Security Essentials

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Reboot and "copy/paste" a new DDS log file into this thread.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Hi Larry,

Thank you for your reply.

I thought if I disabled Antivirus would be ok. But I guess not.

After uninstalled for an hr after reboot. System seems ok so far! I am very happy about that!

Here is the DDS logs you requested. Thank you very much!

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by user at 22:22:15 on 2011-10-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3949.2062 [GMT

8:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-

5901B49A85B7}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-

DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-

6273CF1DCF0A}

FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\SysWOW64\ZoneLabs\vsmon.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS

\LMS.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client

\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client

\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization

Handler\CVHSVC.EXE

C:\Program Files\Elantech\ETDCtrl.exe

C:\Windows\WindowsMobile\wmdcBase.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\SRS Labs\SRS Premium Sound Control Panel

\SRSPremiumPanel_64.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Tencent\QQ\Bin\TXPlatform.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

C:\Windows\system32\lpksetup.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\DllHost.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

c:\program files (x86)\avira\antivir desktop\avhlp.exe

c:\program files (x86)\avira\antivir desktop\ApnStub.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = hxxp://asus.msn.com

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-

5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:

\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEHelperShim.dll

BHO: Open FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d44} - C:

\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll

BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:

\ProgramData\Partner\Partner.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6}

- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll

BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} -

C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-

1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion

\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:

\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-

76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component

\fastsearch_B7C5AC242193BB3E.dll

TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} -

C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll

TB: FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d41} - C:\Program

Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash

/minimized

uRun: [QQ2009] "C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe" /background

mRun: [RemoteControl9] "C:\Program Files (x86)\Cyberlink

\PowerDVD9\PDVD9Serv.exe"

mRun: [updatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite

\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite"

UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint

\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink

\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go

\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go"

UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-

Static\CLIStart.exe" MSRun

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media

\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey

\HControlUser.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console

3\wcourier.exe

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm

\zlclient.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe"

mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform

\NokiaMServer /watchfiles startup

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -

atboottime

mRun: [iTunesHelper] "C:\Program Files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes'

Anti-Malware\mbamgui.exe" /starttray

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard

\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files

\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup

\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software

\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup

\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-

AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-

65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion

\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-

E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-

AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll

TCP: Interfaces\{8C54271A-DCE8-425F-AE94-2CCC0905D2CF}\55D223 :

DhcpNameServer = 192.168.2.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:

\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files

(x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -

C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Open FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D44} -

C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll

BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:

\ProgramData\Partner\Partner.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-

5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll

BHO-X64: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546}

- C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll

BHO-X64: ZoneAlarm Security - No File

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-

AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion

\companioncore.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:

\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-

76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component

\fastsearch_B7C5AC242193BB3E.dll

BHO-X64: Google Dictionary Compression sdch - No File

TB-X64: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546}

- C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll

TB-X64: FVD Suite Toolbar: {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:

\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll

mRun-x64: [RemoteControl9] "C:\Program Files (x86)\Cyberlink

\PowerDVD9\PDVD9Serv.exe"

mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite

\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite"

UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint

\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink

\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go

\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go"

UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE

\Core-Static\CLIStart.exe" MSRun

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media

\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK

Hotkey\HControlUser.exe

mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console

3\wcourier.exe

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go

\CLMLSvc.exe"

mRun-x64: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm

\zlclient.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe"

mRun-x64: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia

\MPlatform\NokiaMServer /watchfiles startup

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe"

/min

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -

atboottime

mRun-x64: [iTunesHelper] "C:\Program Files\itunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files

(x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe

\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files

\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS

\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files

(x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows

\system32\FBAgent.exe [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows

\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files

(x86)\Avira\AntiVir Desktop\sched.exe [2011-9-5 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir

Desktop\avguard.exe [2011-9-5 269480]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX

\ASMMAP64.sys [2009-7-3 15416]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:

\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common

Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20

821664]

R2 sftlist;Application Virtualization Client;C:\Program Files

(x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14

508264]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS

\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:

\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:

\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows

\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys

[?]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys -->

C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows

\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys

[?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows

\system32\DRIVERS\Impcd.sys [?]

R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows

\system32\DRIVERS\jmcr.sys [?]

R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows

\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows

\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:

\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:

\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows

\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files

(x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14

219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

[2010-3-19 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN

v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

[2010-3-19 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google

\Update\GoogleUpdate.exe [2010-12-13 135664]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-

Malware\mbamservice.exe [2011-9-13 366152]

S2 UNS;Intel® Management & Security Application User Notification

Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components

\UNS\UNS.exe [2010-12-13 2314240]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys

--> C:\Windows\system32\drivers\btusbflt.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS

\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows

\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows

Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google

\Update\GoogleUpdate.exe [2010-12-13 135664]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys -->

C:\Windows\system32\drivers\mbam.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common

Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-

1-10 4925184]

S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe

[2010-12-13 332272]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows

\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys

[?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe

\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:

\Windows\system32\drivers\tsusbflt.sys [?]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe

[2009-8-7 118672]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers

\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows

\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe

[?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files

\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2011-10-03 14:21:47 -------- d-----w- C:\Users\user

\AppData\Local\Adobe

2011-10-01 05:49:44 -------- d-----w- C:\Users\user

\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2011-10-01 05:49:44 -------- d-----w- C:\Users\user

\AppData\Roaming\Adobe Mini Bridge CS5.1

2011-10-01 03:32:33 -------- d-----w- C:\ProgramData

\regid.1986-12.com.adobe

2011-09-19 17:05:11 -------- d-----w- C:\Users\user

\AppData\Local\UDNLibBook

2011-09-16 08:53:40 -------- d-s---w- C:\ComboFix

2011-09-09 01:52:46 -------- d-sh--w- C:\$RECYCLE.BIN

2011-09-07 12:34:20 -------- d-----w- C:\Users\user

\AppData\Roaming\Malwarebytes

2011-09-07 12:34:11 -------- d-----w- C:\ProgramData

\Malwarebytes

2011-09-07 12:34:08 25416 ----a-w- C:\Windows

\System32\drivers\mbam.sys

2011-09-07 12:34:08 -------- d-----w- C:\Program Files

(x86)\Malwarebytes' Anti-Malware

2011-09-05 17:04:56 183696 ----a-w- C:\Program Files

(x86)\Internet Explorer\Plugins\nppdf32.dll

2011-09-05 10:08:39 -------- d-----w- C:\Program Files

\iTunes

2011-09-05 10:08:39 -------- d-----w- C:\Program Files

\iPod

2011-09-05 10:08:10 159744 ----a-w- C:\Program Files

(x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-09-05 10:08:10 159744 ----a-w- C:\Program Files

(x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-09-05 10:08:10 159744 ----a-w- C:\Program Files

(x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-09-05 10:08:10 159744 ----a-w- C:\Program Files

(x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-09-05 10:08:10 159744 ----a-w- C:\Program Files

(x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-09-05 10:08:10 159744 ----a-w- C:\Program Files

(x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-09-05 10:08:10 159744 ----a-w- C:\Program Files

(x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-09-05 10:07:34 -------- d-----w- C:\Program Files

\Bonjour

2011-09-05 10:07:34 -------- d-----w- C:\Program Files

(x86)\Bonjour

2011-09-05 08:13:50 -------- d-----w- C:\Users\user

\AppData\Roaming\Avira

2011-09-05 08:00:02 88288 ----a-w- C:\Windows

\System32\drivers\avgntflt.sys

2011-09-05 08:00:01 -------- d-----w- C:\ProgramData

\Avira

2011-09-05 08:00:01 -------- d-----w- C:\Program Files

(x86)\Avira

2011-09-05 07:46:50 1611 ----a-w- C:\Users\user\mvps.bat

2011-09-05 07:10:35 118784 ----a-w- C:\Windows

\SysWow64\MSSTDFMT.DLL

2011-09-05 07:10:35 1071088 ----a-w- C:\Windows

\SysWow64\MSCOMCTL.OCX

2011-09-05 07:10:28 -------- d-----w- C:\Program Files

(x86)\SpywareBlaster

2011-09-04 22:09:07 414368 ----a-w- C:\Windows

\SysWow64\FlashPlayerCPLApp.cpl

2011-09-04 20:33:37 34152 ----a-w- C:\Windows

\System32\drivers\GEARAspiWDM.sys

2011-09-04 20:33:37 126312 ----a-w- C:\Windows

\System32\GEARAspi64.dll

2011-09-04 20:33:37 107368 ----a-w- C:\Windows

\SysWow64\GEARAspi.dll

2011-09-04 20:33:12 -------- d-----w- C:\Program Files

(x86)\iTunes

2011-09-04 04:20:09 -------- d-----w- C:\ProgramData

\2DBoy

2011-09-04 03:30:24 -------- d-----w- C:\ProgramData

\Oberon Media

2011-09-04 01:43:58 -------- d-----w- C:\Users\user

\AppData\Local\Microsoft Games

2011-09-04 00:33:20 -------- d-----w- C:\Users\user

\AppData\Local\Tencent

2011-09-04 00:32:19 -------- d-----w- C:\ProgramData

\Tencent

2011-09-04 00:20:47 106496 ----a-r- C:\Users\user\AppData

\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-

DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe

2011-09-04 00:20:46 61440 ----a-r- C:\Users\user\AppData

\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-

DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe

2011-09-04 00:20:46 61440 ----a-r- C:\Users\user\AppData

\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-

DE66C2C97C3E}\ARPPRODUCTICON.exe

2011-09-04 00:20:46 106496 ----a-r- C:\Users\user\AppData

\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-

DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe

2011-09-04 00:20:46 106496 ----a-r- C:\Users\user\AppData

\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-

DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe

2011-09-04 00:20:33 -------- d-----w- C:\Program Files

(x86)\Tencent

2011-09-04 00:20:33 -------- d-----w- C:\Program Files

(x86)\Common Files\Tencent

2011-09-04 00:19:34 18760 ----a-w- C:\Windows

\SysWow64\QQVistaHelper.dll

2011-09-04 00:19:34 -------- d-----w- C:\Users\user

\AppData\Roaming\Tencent

.

==================== Find3M ====================

.

2011-08-08 08:00:00 74752 ----a-w- C:\Windows

\SysWow64\ff_vfw.dll

2011-07-22 05:42:23 2303488 ----a-w- C:\Windows

\System32\jscript9.dll

2011-07-22 05:36:16 1389056 ----a-w- C:\Windows

\System32\wininet.dll

2011-07-22 05:32:40 2382848 ----a-w- C:\Windows

\System32\mshtml.tlb

2011-07-22 02:54:43 1797632 ----a-w- C:\Windows

\SysWow64\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- C:\Windows

\SysWow64\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- C:\Windows

\SysWow64\mshtml.tlb

2011-07-16 14:17:06 151552 ----a-w- C:\Windows

\SysWow64\ac3acm.acm

2011-07-16 05:41:50 362496 ----a-w- C:\Windows

\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows

\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows

\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows

\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows

\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows

\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch

\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows

\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows

\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows

\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows

\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows

\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-

ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-

ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-

ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-

ms-win-core-util-l1-1-0.dll

2011-07-12 03:34:00 96104 ----a-w- C:\Windows\System32\dns-

sd.exe

2011-07-12 03:34:00 85864 ----a-w- C:\Windows

\System32\dnssd.dll

2011-07-12 03:34:00 61288 ----a-w- C:\Windows

\System32\jdns_sd.dll

2011-07-12 03:34:00 212840 ----a-w- C:\Windows

\System32\dnssdX.dll

2011-07-12 03:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-

sd.exe

2011-07-12 03:20:54 73064 ----a-w- C:\Windows

\SysWow64\dnssd.dll

2011-07-12 03:20:54 50536 ----a-w- C:\Windows

\SysWow64\jdns_sd.dll

2011-07-12 03:20:54 178536 ----a-w- C:\Windows

\SysWow64\dnssdX.dll

2011-07-09 05:26:20 2048 ----a-w- C:\Windows

\System32\tzres.dll

2011-07-09 04:29:46 2048 ----a-w- C:\Windows

\SysWow64\tzres.dll

2011-07-09 02:46:28 288768 ----a-w- C:\Windows

\System32\drivers\mrxsmb10.sys

.

============= FINISH: 22:23:18.08 ===============

Attach1.zip

Link to post
Share on other sites

Click: Start > All Programs> Accessories

Open Notepad, click on Format and uncheck Word Wrap.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Hi Larry,

Sorry about the word wrap. I should mention that I followed the "I'm infected - What do I do now?" instruction and disabled CD-ROM Emulation Software DeFogger.

The notebook is working ok so far.

I have updated the MBAM and the scan shows an adware. Here is the log. Thank you!

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7856

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

10/4/2011 6:02:18 AM

mbam-log-2011-10-04 (06-02-04).txt

Scan type: Full scan (C:\|D:\|Q:\|)

Objects scanned: 345692

Time elapsed: 50 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

d:\must programs for 64bit win7\etc\http__mediadownloadhr_codecs_klite_codec_pack_64bit_510exe.exe (Adware.MediaGet) -> No action taken.

Link to post
Share on other sites

Good job thumbup.gif

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

    •Free browser plug-in for Internet Explorer and Firefox

    •Real-time safety ratings

    •Ideal for Facebook, Twitter and LinkedIn

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Hi Larry,

Thank you for your response.

I did the defogger.

I have Firewall Zonealarm.

I did the IE Security, all is correct, but I couldn't find Installation of desktop items . I have IE9, maybe it's under a different name or I just missed it.

And does it also cover Chrome settings?

I installed M86 SecureBrowsing, I find this is very useful plugin. Thank you for the tip.

I did Java and Windows Update.

I browsed through the articles you suggested and I will read and follow in details later.

But what about Adware.MediaGet that MBAM picked up? Do you mean the malware could be attached itself on any program, so there is no point to remove it? Sorry, I am a little confused on that part. Please kindly explain. Thank you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.