Jump to content

Need Infection Help !


Recommended Posts

Need help from an Expert.

I had a bug that hid my programs and tried to make me buy their clean up program. Part of the problem has been removed

but I'm still getting redirects, popups and occasional internet radio.

thanks,

John

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/30/2010 10:10:58 AM

System Uptime: 11/11/2011 10:03:07 AM (8 hours ago)

.

Motherboard: Dell Inc. | | 029DYC

Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | U2E1 | 929/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 218.912 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: facap, FastAccess Video Capture

Device ID: ROOT\IMAGE\0000

Manufacturer: Sensible Vision

Name: facap, FastAccess Video Capture

PNP Device ID: ROOT\IMAGE\0000

Service: FACAP

.

==== System Restore Points ===================

.

RP132: 11/7/2011 3:54:38 PM - Scheduled Checkpoint

RP133: 11/9/2011 7:38:50 AM - ComboFix created restore point

RP134: 11/11/2011 12:19:07 PM - ComboFix created restore point

.

==== Installed Programs ======================

.

7-Zip 4.65

aaa

ABBYY FineReader 6.0 Sprint

Adobe AIR

Adobe Reader 9.2

Adobe Shockwave Player 11.5

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

Auto Traffic Xploit Keyword Tool

Automotix (remove only)

Bing Bar

CherryPicker

CoffeeCup Free HTML Editor

Compatibility Pack for the 2007 Office system

Content Notifier

Core FTP LE

D3DX10

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Webcam Central

DHTML Editing Component

Directory Submitter 1.0.29

Domain Name Dominator

Domain Samurai

Elite Proxy Switcher 1.10

Facebook iframe Made EZ

Fast Content Producer

Fences

FileZilla Client 3.5.2

Google Chrome

Google Instant Scraper version 1.2

Google Maps Scraper - Demo

GoToAssist 8.0.0.514

GoToMeeting 5.0.0.799

Hot Item Finder

HTML Executable

Instant Blog Feeder Demo v2.01

InstantBannerPRO v2.01

Intel® Graphics Media Accelerator Driver

iolo technologies' System Mechanic

Java Auto Updater

Java 6 Update 22

Jing

Junk Mail filter update

Kcast for Windows 7

Keyword Blueprint 2

Keyword Swarm

Live! Cam Avatar Creator

LoJack Factory Installer

Malwarebytes' Anti-Malware version 1.51.2.1300

Market Samurai

MassArticleCreator

MassArticleSubmitter

Memeo AutoSync

Memeo Instant Backup

Memeo Send

Memeo Share

Micro Niche Finder 5.0

Microsoft adCenter Desktop

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2007

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 Browser

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Works

Mozilla Firefox 8.0 (x86 en-US)

MPT Domain Tool 1.0

MPT Keyword Tool 1.0

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OpenOffice.org 3.3

PowerDVD DX

PromoSoft 1.81

Proxy Scraper

QuickTime

Roxio Burn

Seagate Dashboard

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Excel 2010 (KB2553070)

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2584066)

Security Update for Microsoft PowerPoint 2010 (KB2519975)

Security Update for Microsoft Publisher 2010 (KB2409055)

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Word 2010 (KB2345000)

SEO Link Robot

SEO SpyGlass

SEO TrackBacks Suite

Setup1

Sick Submitter

Skype Click to Call

Skype™ 5.5

SocialBot

Speed Typing

Spelling Dictionaries Support For Adobe Reader 9

Spin Writer Pro version 1.6

Submitter

TextPad 5

TheBestSpinner

TimeLeft

Traffic Equalizer

Ultimate Diamond Backlinks

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Office 2010 (KB2413186)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2523113)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft OneNote 2010 (KB2493983)

Update for Microsoft Outlook Social Connector (KB2583935)

VIPRE Antivirus

Viral Article Publisher

Web CEO 8.1

WEB20Bot

Website Indexer

WildTangent Games

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Wondershare PPT2Video Pro 6.1.10

Word Wizard

Xara Xtreme 5

Xara Xtreme Pro 5

XHeader

XMind

Your Local Shortcut

.

==== Event Viewer Messages From Past Week ========

.

11/8/2011 9:53:40 PM, Error: Service Control Manager [7022] - The iolo System Service service hung on starting.

11/8/2011 10:20:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

11/8/2011 10:20:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

11/6/2011 6:30:46 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

11/6/2011 2:20:03 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

11/11/2011 6:23:21 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

11/11/2011 12:57:05 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/11/2011 12:54:05 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

11/11/2011 10:07:02 AM, Error: Service Control Manager [7023] - The Background Intelligent Transfer Service service terminated with the following error: Access is denied.

11/10/2011 7:12:51 AM, Error: Service Control Manager [7034] - The lxeb_device service terminated unexpectedly. It has done this 1 time(s).

11/10/2011 4:54:34 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the SftService service.

11/10/2011 1:59:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/10/2011 1:59:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/10/2011 1:59:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/10/2011 1:59:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/10/2011 1:59:45 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21

11/10/2011 1:59:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElRawDisk spldr Wanarpv6

11/10/2011 1:22:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

11/10/2011 1:08:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22

Run by John at 18:32:34 on 2011-11-11

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.1344 [GMT -8:00]

.

AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe

C:\Windows\system32\spool\DRIVERS\x64\3\lxebserv.exe

C:\Windows\system32\lxebcoms.exe

C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\DRIVERS\o2flash.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe

C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Invention Pilot\Speed Typing\STyping.exe

C:\Program Files (x86)\TechSmith\Jing\Jing.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Memeo\Memeo Send\MemeoSend.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe

C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe

C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

uInternet Settings,ProxyServer = 171.66.3.181:3128

uInternet Settings,ProxyOverride = <local>;*.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [speed Typing] "C:\Program Files (x86)\Invention Pilot\Speed Typing\STyping.exe"

uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui

mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent

mRun: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent

mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui

mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe"

mRun: [FAStartup]

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TimeLeft.lnk - C:\Program Files (x86)\TimeLeft3\TimeLeft.exe

StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_uninst_.lnk - C:\Users\John\AppData\Local\Temp\_uninst_.bat

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{825E93D2-38BE-4C33-BDC1-753D8A9F7F60} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{825E93D2-38BE-4C33-BDC1-753D8A9F7F60}\5534448435D27455543545 : DhcpNameServer = 68.87.76.182 68.87.78.134 8.8.8.8

TCP: Interfaces\{825E93D2-38BE-4C33-BDC1-753D8A9F7F60}\564646F6E6E616 : DhcpNameServer = 192.168.1.2 68.94.156.1 68.94.157.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

BHO-X64: FAIESSO Helper Object - No File

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui

mRun-x64: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent

mRun-x64: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent

mRun-x64: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui

mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe"

mRun-x64: [FAStartup]

mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1lze15yw.default\

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=

FF - prefs.js: network.proxy.http - 211.222.202.109

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.ssl - 72.44.82.146

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\John\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]

R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-8-29 101720]

R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-4-30 89600]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-2-22 2409800]

R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-8-25 722616]

R2 lxeb_device;lxeb_device;C:\Windows\system32\lxebcoms.exe -service --> C:\Windows\system32\lxebcoms.exe -service [?]

R2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxebserv.exe [2011-5-9 45736]

R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-1-24 25824]

R2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);C:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-3-30 57617752]

R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2011-9-6 2804280]

R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]

R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2011-9-6 181584]

R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-20 1692480]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys --> C:\Windows\system32\DRIVERS\o2mdgx64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560]

S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 61976]

S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]

S4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);C:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-11-11 23:22:38 -------- d-sh--w- C:\$RECYCLE.BIN

2011-11-11 21:32:56 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-11 20:17:06 -------- d-----w- C:\ComboFix

2011-11-10 01:29:35 -------- d-----w- C:\Users\John\AppData\Roaming\YourLocalShorcut

2011-11-10 01:29:30 -------- d-----w- C:\Program Files (x86)\ Your Local Shortcut

2011-11-09 15:38:13 98816 ----a-w- C:\Windows\sed.exe

2011-11-09 15:38:13 518144 ----a-w- C:\Windows\SWREG.exe

2011-11-09 15:38:13 256000 ----a-w- C:\Windows\PEV.exe

2011-11-09 15:38:13 208896 ----a-w- C:\Windows\MBR.exe

2011-11-09 04:23:51 -------- d-----w- C:\ProgramData\Kaspersky Lab

2011-11-04 20:46:04 -------- d-----w- C:\Program Files (x86)\Market Samurai

2011-10-28 04:38:08 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2011-10-28 04:38:08 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2011-10-28 04:38:08 144384 ----a-w- C:\Windows\System32\cdd.dll

2011-10-25 18:38:07 -------- d-----w- C:\Program Files (x86)\KeywordBlueprint2

2011-10-24 02:23:53 -------- d-----w- C:\Program Files (x86)\Aruhat Technologies Pvt. Ltd

2011-10-22 01:05:11 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-10-22 01:04:48 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-10-22 01:04:19 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-10-21 19:34:27 -------- d-----w- C:\Users\John\AppData\Local\{2865715D-57F6-4183-B334-D5D5F0DCC203}

2011-10-21 19:34:15 -------- d-----w- C:\Users\John\AppData\Local\{B9AAC002-5CE9-4226-81BA-E62FCBA3D5E3}

2011-10-19 16:50:17 -------- d-----w- C:\Users\John\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1

2011-10-14 14:40:33 -------- d-----w- C:\Users\John\AppData\Local\{62C2AE11-9588-4AB3-9A6F-FE6F66095388}

2011-10-14 13:23:24 -------- d-----w- C:\Users\John\AppData\Local\{2D588960-01EB-4D40-8DA7-035C971A51E6}

2011-10-14 13:22:08 -------- d-----w- C:\Users\John\AppData\Local\{B53D1843-D3DF-45B0-852A-EDC4214FF009}

2011-10-14 13:21:56 -------- d-----w- C:\Users\John\AppData\Local\{4C6DD6EB-B4AB-4F69-902F-F716F600B91B}

2011-10-14 07:09:56 -------- d-----w- C:\Users\John\AppData\Local\{4DB9D253-8ED7-4FE4-A69B-7DC00E3B8DAE}

.

==================== Find3M ====================

.

2011-10-28 04:18:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-06 19:30:48 45904 ----a-w- C:\Windows\SysWow64\sbbd.exe

2011-09-06 19:30:48 45904 ----a-w- C:\Windows\System32\sbbd.exe

2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys

2011-08-30 00:36:34 71256 ----a-w- C:\Windows\System32\drivers\sbapifs.sys

2011-08-30 00:36:34 55384 ----a-w- C:\Windows\System32\drivers\sbredrv.sys

2011-08-30 00:36:34 101720 ----a-w- C:\Windows\SysWow64\drivers\SBREDrv.sys

2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax

2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax

2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax

2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax

2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax

2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax

.

============= FINISH: 18:40:55.47 ===============

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.