Jump to content

My Virus Woes


Recommended Posts

I picked up one of those scamware viruses that makes you think you've got something wrong with your computer and when you click "fix it" (which I apparently did) you install the scamware that presents you with the option to buy the $40 fix.

As instructed, I'm pasting and attaching the appropriate logs. Any help would be greatly appreciated.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_22

Run by Michael at 19:53:17 on 2011-10-13

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.6142.2798 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

FW: Avira FireWall *Enabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\rundll32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe

C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\WinZip\WZQKPICK.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\ehome\ehmsas.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\System32\mobsync.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe

c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cndt

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cndt

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File

uRun: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"

mRun: [KBD] "C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE"

mRun: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

mRun: [basicsmssmenu] "C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"

mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [<NO NAME>]

mRun: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe

mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Copy to &Lightning Note - C:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta

IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta

IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{57EB62FF-F477-4816-80F0-74649375D44B} : DhcpNameServer = 192.168.0.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - C:\Program Files (x86)\Eudora\EuShlExt.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File

mRun-x64: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"

mRun-x64: [KBD] "C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE"

mRun-x64: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun-x64: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

mRun-x64: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

mRun-x64: [basicsmssmenu] "C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"

mRun-x64: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun-x64: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE"

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [(Default)]

mRun-x64: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe

mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe

SEH-X64: Eudora's Shell Extension: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files (x86)\Eudora\EuShlExt.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qhnjww6i.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Wordtracker

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=

FF - component: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qhnjww6i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qhnjww6i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qhnjww6i.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll

FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - plugin: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\qhnjww6i.default\extensions\support@ancestry.com\plugins\npImgCtl.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01);user_pref(general.useragent.extra.zencast, );user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true

============= SERVICES / DRIVERS ===============

.

R1 avfwot;avfwot;C:\Windows\System32\drivers\avfwot.sys [2010-10-25 126792]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/06/05 19:36:19];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-10-21 146928]

R2 AntiVirFirewallService;Avira FireWall;C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2010-10-25 567464]

R2 AntiVirMailService;Avira AntiVir MailGuard;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2010-10-25 340136]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-10-24 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-10-24 269480]

R2 AntiVirWebService;Avira AntiVir WebGuard;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2010-10-25 428200]

R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [2010-9-14 21880]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-11-27 192512]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-4-19 366152]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-9-30 1403200]

R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\system32\DRIVERS\avfwim.sys --> C:\Windows\system32\DRIVERS\avfwim.sys [?]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-2-24 11856]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-4 93184]

S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro35.sys --> C:\Windows\system32\drivers\hitmanpro35.sys [?]

S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-9-9 25888]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 PsSdk41;PsSdk41;\??\C:\Windows\system32\Drivers\pssdk41.sys --> C:\Windows\system32\Drivers\pssdk41.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-10-13 02:46:01 -------- d-----w- C:\Users\Michael\AppData\Roaming\SUPERAntiSpyware.com

2011-10-13 02:45:37 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-10-13 02:45:37 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-10-11 22:08:05 -------- d-----w- C:\Program Files (x86)\GridinSoft Trojan Killer

2011-10-03 18:49:20 -------- d-----w- C:\Users\Michael\AppData\Roaming\HpUpdate

2011-10-03 18:49:08 -------- d-----w- C:\Windows\Hewlett-Packard

2011-09-27 15:08:41 -------- d-----w- C:\Program Files (x86)\TweetDeck

.

==================== Find3M ====================

.

2011-10-13 20:27:37 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys

2011-10-13 16:48:38 2828 --sha-w- C:\ProgramData\KGyGaAvL.sys

2011-10-06 01:14:13 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-21 01:50:38 6918144 ----a-w- C:\Users\Michael\PCPE_3.0.msi

.

============= FINISH: 19:55:44.54 ===============

00:50:05 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 49748, Process: javaw.exe)

01:50:09 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 50199, Process: javaw.exe)

01:50:09 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 50200, Process: javaw.exe)

02:50:05 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 50413, Process: javaw.exe)

03:50:11 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 50663, Process: javaw.exe)

04:50:12 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 50907, Process: javaw.exe)

05:50:05 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 51174, Process: javaw.exe)

05:50:05 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 51175, Process: javaw.exe)

06:50:12 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 51437, Process: javaw.exe)

06:50:12 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 51438, Process: javaw.exe)

07:50:19 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 51773, Process: javaw.exe)

07:50:19 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 51774, Process: javaw.exe)

07:58:13 Michael IP-BLOCK 85.92.159.4 (Type: outgoing, Port: 51862, Process: thunderbird.exe)

08:09:36 Michael IP-BLOCK 85.92.159.4 (Type: outgoing, Port: 52065, Process: thunderbird.exe)

08:09:37 Michael IP-BLOCK 85.92.159.6 (Type: outgoing, Port: 52068, Process: thunderbird.exe)

08:09:37 Michael IP-BLOCK 85.92.159.6 (Type: outgoing, Port: 52069, Process: thunderbird.exe)

08:09:45 Michael IP-BLOCK 85.92.159.6 (Type: outgoing, Port: 52074, Process: firefox.exe)

08:50:11 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 52572, Process: javaw.exe)

09:35:02 Michael IP-BLOCK 91.228.132.56 (Type: outgoing, Port: 53906, Process: firefox.exe)

09:50:16 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 54871, Process: javaw.exe)

09:50:16 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 54872, Process: javaw.exe)

10:50:15 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 55968, Process: javaw.exe)

10:50:15 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 55969, Process: javaw.exe)

11:50:17 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 56916, Process: javaw.exe)

12:50:15 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 57585, Process: javaw.exe)

12:50:15 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 57586, Process: javaw.exe)

13:50:15 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 59593, Process: javaw.exe)

14:50:20 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 61550, Process: javaw.exe)

15:50:19 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 62837, Process: javaw.exe)

15:50:19 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 62838, Process: javaw.exe)

16:50:13 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 64063, Process: javaw.exe)

16:50:13 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 64064, Process: javaw.exe)

17:50:15 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 65265, Process: javaw.exe)

17:50:15 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 65266, Process: javaw.exe)

18:50:20 Michael IP-BLOCK 208.94.234.156 (Type: outgoing, Port: 49570, Process: javaw.exe)

19:52:30 Michael MESSAGE Protection started successfully

19:52:34 Michael MESSAGE IP Protection started successfully

I think I got everything, is there's anything else I need to do, please let me know.

Thanks

Michael

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.