Tech Support Forum - Inactive Malware Help Topics

Tech Support Forum - Inactive Malware Help Topics http://www.techsupportforum.com/forums/ en Thu, 17 May 2012 07:33:29 GMT vBulletin 60 http://cdn.techsupportforum.com/forums/images/sk/misc/rss.jpg Tech Support Forum - Inactive Malware Help Topics http://www.techsupportforum.com/forums/ THIS VIRUS DOES NOT WANT TO LEAVE http://www.techsupportforum.com/forums/f284/this-virus-does-not-want-to-leave-644525.html Tue, 08 May 2012 22:41:52 GMT Hello Everyone, I was redirected here after I posted for help under the Software part of this forum. My problem is, a popup of (My Computer and My Document) appears on its own immediately I boot my laptop. It is a Gateway LT21 series. I followed the NEW INSTRUCTIONS that led me... Hello Everyone,
I was redirected here after I posted for help under the Software part of this forum. My problem is, a popup of (My Computer and My Document) appears on its own immediately I boot my laptop. It is a Gateway LT21 series. I followed the NEW INSTRUCTIONS that led me to re-post my problem here together with some information. I successfully finished the scan. Here is the DDS log below. Please find also the attached file. Thanks.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by MILDRED at 19:06:54 on 2012-05-08
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1013.484 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Softonic Helper Object: {e87806b5-e908-45fd-af5e-957d83e58e68} - c:\program files\softonic\softonic\1.5.21.0\bh\Softonic.dll
TB: Softonic Toolbar: {5018cfd2-804d-4c99-9f81-25eaea2769de} - c:\program files\softonic\softonic\1.5.21.0\SoftonicTlbr.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [USB Security] c:\program files\usb disk security\USBGuard.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{14DE6D2C-5625-485A-95CB-FB8E29D00A2E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F2B715C5-9C6D-4B30-9901-7D01CE8A34F8} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mildred\appdata\roaming\mozilla\firefox\profiles\08zf2fpy.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-1 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-1 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-1 136176]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-5-2 1343400]
.
=============== Created Last 30 ================
.
2012-05-08 14:53:40 -------- d-----w- c:\windows\system32\appmgmt
2012-05-06 22:21:55 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fa742164-e51a-4903-aae6-3209569ac0f2}\offreg.dll
2012-05-06 21:05:37 409088 ----a-w- c:\windows\system32\systemcpl.dll
2012-05-06 20:48:00 2101760 ----a-w- c:\windows\system32\drivers\athr.sys
2012-05-06 20:47:59 64672 ----a-w- c:\windows\system32\athihvui.dll
2012-05-06 20:47:59 400544 ----a-w- c:\windows\system32\athihvs.dll
2012-05-06 20:47:59 -------- d-----w- c:\windows\system32\nn-NO
2012-05-06 20:16:08 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2012-05-06 20:16:08 32592 ----a-w- c:\windows\system32\msonpmon.dll
2012-05-06 20:11:09 -------- d-----w- c:\windows\PCHEALTH
2012-05-06 20:10:34 -------- d-----w- c:\users\mildred\appdata\local\Adobe
2012-05-06 20:08:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-05-06 20:06:53 -------- d-----w- c:\users\mildred\appdata\local\Microsoft Help
2012-05-06 20:04:15 -------- d-----w- c:\users\mildred\appdata\roaming\Zbshareware Lab
2012-05-06 20:04:15 -------- d-----w- c:\programdata\Zbshareware Lab
2012-05-06 19:59:07 -------- d-----w- c:\program files\PowerISO
2012-05-06 19:54:56 -------- d-----w- c:\program files\USB Disk Security
2012-05-02 07:52:12 -------- d-----w- c:\windows\system32\Wat
2012-05-02 07:30:29 257024 ----a-w- c:\windows\system32\msv1_0.dll
2012-05-02 02:30:18 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-05-02 02:30:18 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-05-02 02:30:18 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-05-02 02:30:18 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-05-02 02:30:18 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-05-02 02:06:23 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-02 02:06:23 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-02 02:06:23 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-02 02:06:23 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-02 02:02:00 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2012-05-02 02:02:00 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-05-02 02:01:19 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 02:01:18 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-02 02:01:04 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2012-05-01 23:22:41 -------- d-----w- c:\program files\Softonic
2012-05-01 23:21:37 -------- d-----w- c:\program files\VideoLAN
2012-05-01 23:14:33 1227776 ----a-w- c:\windows\system32\athr.sys
2012-05-01 23:14:33 -------- d-----w- c:\windows\Options
2012-05-01 23:14:33 -------- d-----w- c:\program files\Atheros
2012-05-01 23:13:51 -------- d-----w- c:\programdata\Atheros
2012-05-01 23:02:37 1006104 ----a-w- c:\windows\system32\igxpun.exe
2012-05-01 23:02:37 -------- d-----w- c:\windows\system32\x64
2012-05-01 22:56:16 -------- d-----w- c:\programdata\Kaspersky Lab
2012-05-01 22:48:47 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-01 22:48:44 292864 ----a-w- c:\windows\system32\apphelp.dll
2012-05-01 22:48:43 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-05-01 22:47:58 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-05-01 22:43:49 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-05-01 22:42:50 749056 ----a-w- c:\windows\system32\schedsvc.dll
2012-05-01 22:41:46 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-05-01 22:40:57 2690560 ----a-w- c:\windows\system32\mstscax.dll
2012-05-01 22:38:22 204288 ----a-w- c:\windows\system32\upnp.dll
2012-05-01 22:37:45 1137664 ----a-w- c:\windows\system32\mfc42.dll
2012-05-01 22:37:44 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2012-05-01 22:37:20 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2012-05-01 22:37:19 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-05-01 22:37:17 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-05-01 22:07:23 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fa742164-e51a-4903-aae6-3209569ac0f2}\mpengine.dll
2012-05-01 22:07:21 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-01 21:59:03 801792 ----a-w- c:\windows\system32\FntCache.dll
2012-05-01 21:59:03 3181568 ----a-w- c:\windows\system32\mf.dll
2012-05-01 21:59:03 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-05-01 21:59:03 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-05-01 21:59:03 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-05-01 21:59:03 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-05-01 21:55:21 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-01 21:55:21 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-01 21:55:21 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-01 21:55:20 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-01 21:55:19 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-01 21:55:19 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-01 21:54:29 132608 ----a-w- c:\windows\system32\cabview.dll
2012-05-01 21:54:02 -------- d-sh--w- c:\windows\Installer
2012-05-01 21:53:44 -------- d-----w- c:\users\mildred\appdata\local\Google
2012-05-01 21:53:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-01 21:53:29 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-01 21:50:06 -------- d-----w- c:\windows\system32\wbem\Performance
2012-04-28 21:38:14 -------- d-----w- c:\windows\Panther
2012-04-28 12:47:21 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2012-05-06 21:05:37 13824 ----a-w- c:\windows\system32\slwga.dll
2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll
.
============= FINISH: 19:08:15.42 ===============

Attached Files

Attach.zip (2.0 KB)

]]> Inactive Malware Help Topics skratchet http://www.techsupportforum.com/forums/f284/this-virus-does-not-want-to-leave-644525.html Can no longer connect to internet. http://www.techsupportforum.com/forums/f284/can-no-longer-connect-to-internet-644408.html Tue, 08 May 2012 11:00:42 GMT Yesterday i got a virus. I was looking up some things on wiki when a flash installer popped up. Im usually quite good at knowing when i have a virus but this looked authentic. I had no random popups or anything weird so i let the installer do its thing. After it was done it removed everything... Yesterday i got a virus.

I was looking up some things on wiki when a flash installer popped up. Im usually quite good at knowing when i have a virus but this looked authentic. I had no random popups or anything weird so i let the installer do its thing.

After it was done it removed everything from my desktop and put me on a page about the metropolitan police, paying money to unlock my pc blah blah.
I knew straight away this was utter crap so i restarted the pc and ran spybot S&D, it found some stuff removed it and asked for a restart.

Upon restart windows wouldn't launch and asked for revert to last known working instance, i did. It put me to the point where the flash installer kept popping up.

I got bit defender, it installed and as soon as it was done installing my internet knocked out. it ran a scan and removed a couple trojan viruses.

after finishing i ran a troubleshoot on my connection problem it popped up saying "windows can't communicate with the device or resource (primary dns)" so i started up my lap top (what im using now) it wouldn't connect to my router.

I unplugged it and now i can connect.

After doing some research i reset the dns with cmd and some various other commands, (ipv4 , ipv6) but still my desktop wont connect.
I reset the router to factory settings and still nothing.

I cant connect to anything at all with my desktop, skype, steam, firefox, ventrilo. Nothing.

Usually id wipe the HD but i really don't want to lose everything so fixing it my only choice.
Any help will be appreciated. ]]> Inactive Malware Help Topics chudy181 http://www.techsupportforum.com/forums/f284/can-no-longer-connect-to-internet-644408.html my pc flooding websites. its virus ? http://www.techsupportforum.com/forums/f284/my-pc-flooding-websites-its-virus-644075.html Sun, 06 May 2012 12:50:29 GMT hi . Im facing this problem 1 month .

pleease help me

My english is not best i hope u understand .

Am browsing internet with opera 11.62 and opera after 15 min or after 40 min start downloading and uploading lot of data like 1 gb to website where i am [youtube , twiter etc .] and my internet become laggy . Than i go to my firewall comodo and see what happening . My IP downloading and somethimes also uploading to other IP , and that other IP belong to somethimes youtube somethimes twiter or any other website WHICH am currently browsing, so its look like i have VIRUS .

I have also avira free 2012 . I scan my pc with avira , avira boot rescue , nod , kaspersky , spybot antimalware malwarebites or what ever all this programs find nothing .. i have no infection ... also combofix sayd no infection

Its not even opera problem i run opera xfire steam and icq ... after 30 min icq start downloading data or xfire , AM playing teamfortress 2 on steam server and my ping goes from 30 ms to 500 ms , i minimize game and am uploading and downing to valve tf2 server where am currently playing 300 mb . *** !!!

I formated not whole hdd only C: full format . Restore my system image WHICH i create 1 year ago and 1 year ago there was no problem . After 20 min baaam i download 1.3 gig from pcforum i was just reading new threads and i download 1.3 gig ^^ .

so i restore my 2 years old XP image but to other free virus HDD . old 20 gb ATA hdd . still have problem ...

THIS IS UNSOLVABLE PROBLEM . i try everything i scan my pc like15 times .

its not that someone flooding me , I flood internet . pls help :nonono: ]]> Inactive Malware Help Topics techenko http://www.techsupportforum.com/forums/f284/my-pc-flooding-websites-its-virus-644075.html HDD Errors http://www.techsupportforum.com/forums/f284/hdd-errors-643853.html Fri, 04 May 2012 19:42:45 GMT Lately I have been having errors with my HDD, it keeps saying Failure is Predicted. After googling my way around for a possible fix I think it could possibly (hopefully!) be fixable. Anyways, here is the required info for my PC, hope you guys can find something I can't...I am not so computer savvy tbh =(.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Stevo at 11:25:05 on 2012-05-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1547 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Games\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Stevo\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Stevo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stevo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stevo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stevo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stevo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stevo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stevo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Stevo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stevo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Steam] "c:\games\steam\steam.exe" -silent
uRun: [Google Update] "c:\users\stevo\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{CB2528B0-3F15-4F3A-986C-AFD4F033C093} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\stevo\appdata\roaming\mozilla\firefox\profiles\zsmuanu0.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111205&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\stevo\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\stevo\appdata\roaming\mozilla\firefox\profiles\zsmuanu0.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-8 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-8 337880]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-4-5 217600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-8 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-4-8 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-8 44768]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-4-8 21992]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2012-1-8 8704]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-4-6 9334784]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-4-5 275968]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-2-23 86544]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot\SDWinSec.exe [2011-7-27 1153368]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-8 253088]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-3-17 129976]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-30 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-29 1343400]
.
=============== Created Last 30 ================
.
2012-05-04 14:46:55 388096 ----a-r- c:\users\stevo\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-05-04 14:46:55 -------- d-----w- c:\program files\HJT
2012-05-04 03:41:20 -------- d-----w- c:\program files\FormatFactory
2012-05-04 02:44:37 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2012-05-04 02:44:35 -------- d-----w- c:\program files\AMD
2012-05-04 02:44:33 -------- d-----w- c:\users\stevo\appdata\local\Downloaded Installations
2012-05-04 02:11:50 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3c1575b0-449a-4fc0-8232-9e465a2ac91d}\mpengine.dll
2012-05-03 23:10:53 -------- d-----w- c:\program files\BitPim
2012-04-25 21:19:47 -------- d-----w- c:\program files\AMD AVT
2012-04-25 21:19:35 -------- d-----w- c:\program files\AMD APP
2012-04-22 15:19:22 -------- d-----w- c:\programdata\Battle.net
2012-04-11 21:40:29 -------- d-----w- c:\users\stevo\appdata\roaming\Hard Disk Sentinel
2012-04-11 21:40:04 -------- d-----w- c:\program files\Hard Disk Sentinel
2012-04-11 20:32:01 -------- d-----w- c:\users\stevo\appdata\local\Google
2012-04-11 07:03:49 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 07:03:49 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 07:03:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 07:03:49 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 07:02:52 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 07:02:50 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-09 00:57:45 -------- d-----w- c:\programdata\UAB
2012-04-09 00:57:43 -------- d-----w- c:\users\stevo\appdata\local\PC_Drivers_Headquarters
2012-04-09 00:57:31 -------- d-----w- c:\programdata\Driver Tool
2012-04-09 00:56:05 -------- d-----w- c:\program files\Driver Tool
2012-04-09 00:49:49 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-04-09 00:49:49 -------- d-----w- c:\program files\CPUID
2012-04-08 20:47:13 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-08 20:47:07 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-08 20:46:38 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-08 20:44:56 41184 ----a-w- c:\windows\avastSS.scr
2012-04-08 20:38:27 -------- d-----w- c:\program files\HD Tune
2012-04-08 20:15:34 -------- d-----w- c:\programdata\AVAST Software
2012-04-08 20:15:33 -------- d-----w- c:\program files\AVAST Software
2012-04-08 20:09:50 -------- d-----w- c:\program files\CCleaner
2012-04-08 20:09:04 -------- d-----w- c:\program files\DiskCheckup
2012-04-08 18:59:17 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-06 05:21:10 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:34:22 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 02:34:04 64512 ----a-w- c:\windows\system32\OpenVideo.dll
2012-04-06 02:33:52 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-04-06 02:32:56 13007872 ----a-w- c:\windows\system32\amdocl.dll
2012-04-06 02:22:00 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:16:52 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16:24 451072 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:15:50 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14:36 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-04-06 02:14:28 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-04-06 01:50:56 19753984 ----a-w- c:\windows\system32\atioglxx.dll
2012-04-06 01:34:50 1831424 ----a-w- c:\windows\system32\atiumdmv.dll
2012-04-06 01:30:14 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-04-06 01:30:06 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-04-06 01:25:30 13764096 ----a-w- c:\windows\system32\aticaldd.dll
2012-04-06 01:11:18 360448 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11:04 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:10:52 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-04-06 01:10:22 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09:02 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06:04 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-04-06 01:06:04 53760 ----a-w- c:\windows\system32\amdpcom32.dll
.
==================== Find3M ====================
.
2012-04-13 22:34:04 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 16:17:09 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-04-06 02:21:52 909312 ----a-w- c:\windows\system32\aticfx32.dll
2012-04-06 02:13:42 6800896 ----a-w- c:\windows\system32\atidxx32.dll
2012-04-06 02:00:08 52736 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:34:04 6203392 ----a-w- c:\windows\system32\atiumdag.dll
2012-04-06 01:22:54 4795904 ----a-w- c:\windows\system32\atiumdva.dll
2012-04-06 01:09:48 41984 ----a-w- c:\windows\system32\atiuxpag.dll
2012-04-06 01:09:34 32256 ----a-w- c:\windows\system32\atiu9pag.dll
2012-03-09 18:06:14 24576 ----a-w- c:\windows\system32\kdbsdk32.dll
2012-02-28 05:38:52 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 03:52:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-23 12:31:58 86544 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 03:03:38 48128 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
============= FINISH: 11:26:37.89 ===============

Also I do have access to my Windows 7 disc.

Attached Files

Attach.zip (3.0 KB)

]]> Inactive Malware Help Topics hobbes322 http://www.techsupportforum.com/forums/f284/hdd-errors-643853.html I-play Search engine REMOVAL http://www.techsupportforum.com/forums/f284/i-play-search-engine-removal-643590.html Thu, 03 May 2012 05:05:20 GMT I honestly don't even know how this I-play game thing got on my hp lap-top. I believe i'm running windows. Please help rid of this I-Play ]]> Inactive Malware Help Topics belleluvluv http://www.techsupportforum.com/forums/f284/i-play-search-engine-removal-643590.html Anyone have a clue what these are? http://www.techsupportforum.com/forums/f284/anyone-have-a-clue-what-these-are-643526.html Wed, 02 May 2012 20:29:53 GMT I found these doing a search on processes which start up at boot. Many of them are in Kanji... Image: http://i47.photobucket.com/albums/f164/grumpops/Whatsthis.jpg I found these doing a search on processes which start up at boot.
Many of them are in Kanji...

]]> Inactive Malware Help Topics grumpops http://www.techsupportforum.com/forums/f284/anyone-have-a-clue-what-these-are-643526.html win32/small.ca virus http://www.techsupportforum.com/forums/f284/win32-small-ca-virus-643511.html Wed, 02 May 2012 18:06:31 GMT This morning when I logged onto my computer, i got a message from windows defender saying that my computer was infected with a virus called win32/small.ca. I am also unable to open many of the programs i have on my computer. i click on the desktop icon and am sent to Adobe Lightroom. I have... This morning when I logged onto my computer, i got a message from windows defender saying that my computer was infected with a virus called win32/small.ca. I am also unable to open many of the programs i have on my computer. i click on the desktop icon and am sent to Adobe Lightroom. I have tried accessing the programs from program folders but it still get sent to Lightroom.

Here's the DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Ornmadee at 11:18:19 on 2012-05-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1936 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton 360\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton 360\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://start.funmoods.com/?f=1&a=nv1
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\norton 360\engine\5.2.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\norton 360\engine\5.2.1.3\ips\IPSBHO.DLL
BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - c:\program files\incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Codecv Class: {81c43c4f-6052-4731-9cbd-06e2de6767b7} - c:\programdata\codecv\bhoclass.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e78a5c92-6a2b-4369-ab14-0ed3b2b18584} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\norton 360\engine\5.2.1.3\coIEPlg.dll
TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - c:\program files\incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\skype.lnk - c:\windows\installer\{9c538746-c2dc-40fc-b1fb-d4ea7966abeb}\SkypeIcon.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{9A41B2DC-90C9-4085-85F0-42539711E946} : DhcpNameServer = 10.8.8.238 10.8.8.237
TCP: Interfaces\{9A41B2DC-90C9-4085-85F0-42539711E946}\2656C6B696E6534376 : DhcpNameServer = 69.57.56.2 69.57.57.2
TCP: Interfaces\{9A41B2DC-90C9-4085-85F0-42539711E946}\741697027556E646121212 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9A41B2DC-90C9-4085-85F0-42539711E946}\741697027556E64612121212 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9A41B2DC-90C9-4085-85F0-42539711E946}\C696E6B6379737 : DhcpNameServer = 75.153.176.1 75.153.176.9
TCP: Interfaces\{A0018A01-D9C9-4549-A949-8DE749E77E44} : DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ornmadee\appdata\roaming\mozilla\firefox\profiles\ktp4b492.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6OyyoiIoen&&i=26&search=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\ornmadee\appdata\local\facebook\messenger\2.0.4478.0\npFbDesktopPlugin.dll
FF - plugin: c:\users\ornmadee\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100888
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 8297027a000000000000701a0471f69b
FF - user.js: extensions.BabylonToolbar_i.hardId - 8297027a000000000000701a0471f69b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15354
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:21:27
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyyoiIoen&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 8297027a000000000000701a0471f69b
FF - user.js: extensions.incredibar_i.instlDay - 15439
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1417:51:02
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyyoiIoen
FF - user.js: extensions.incredibar_i.upn2n - 92261212925188635
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 15%5F2
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=nv1
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=nv1
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=nv1&q=
FF - user.js: extensions.funmoods_i.id - 8297027a000000000000701a0471f69b
FF - user.js: extensions.funmoods_i.instlDay - 15460
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1618:41:06
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
FF - user.js: extensions.autoDisableScopes - 14
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502010.003\symds.sys [2012-4-4 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502010.003\symefa.sys [2012-4-4 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20120413.001\BHDrvx86.sys [2012-4-19 821880]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120501.001\IDSvix86.sys [2012-5-1 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502010.003\ironx86.sys [2012-4-4 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0502010.003\symnets.sys [2012-4-4 299640]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 N360;Norton 360;c:\program files\norton 360\norton 360\engine\5.2.1.3\ccsvchst.exe [2012-4-4 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-5 106104]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2011-2-2 7168]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-26 1011232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-30 136176]
S2 ScanQuery Service;ScanQuery Service;"c:\programdata\scanquery\scanquery123.exe" "c:\program files\scanquery\scanquery.dll" bawacecob ayanonowon --> c:\programdata\scanquery\scanquery123.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-30 136176]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-11 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-31 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-05-01 23:48:29 -------- d-----w- c:\users\ornmadee\appdata\local\{65D398AA-EA51-45A5-A19C-79F589679AF9}
2012-05-01 23:48:18 -------- d-----w- c:\users\ornmadee\appdata\local\{124123C6-1FBF-4539-8703-B33925EA28FC}
2012-05-01 23:31:21 -------- dc----w- c:\program files\uTorrent
2012-05-01 23:31:07 -------- d-----w- c:\users\ornmadee\appdata\roaming\uTorrent
2012-05-01 22:49:43 -------- d-----w- c:\users\ornmadee\appdata\local\{DAF3A075-BF7C-4729-A554-1FE872ABEEBD}
2012-05-01 22:49:31 -------- d-----w- c:\users\ornmadee\appdata\local\{D96E2CAD-6085-4796-8BC0-38C1627DC026}
2012-05-01 19:47:03 -------- d-----w- c:\users\ornmadee\appdata\local\{7900340A-43EB-4FC5-A16A-64F710F4D4FC}
2012-05-01 19:46:43 -------- d-----w- c:\users\ornmadee\appdata\local\{AA383651-65D0-45AA-AFDE-107244EE992E}
2012-05-01 18:07:12 -------- d-----w- c:\users\ornmadee\appdata\local\{F7F75538-CD9B-4022-9F97-2C9F21796BF4}
2012-05-01 18:06:52 -------- d-----w- c:\users\ornmadee\appdata\local\{6BF59304-229D-470A-86B8-FCF857F51F71}
2012-05-01 02:46:53 -------- d-----w- c:\users\ornmadee\appdata\local\{862698CE-9A6C-4764-8A1C-E029AA940FB4}
2012-05-01 02:46:39 -------- d-----w- c:\users\ornmadee\appdata\local\{CBA06D55-E634-4E7E-AB7B-ECDCE39589E6}
2012-04-30 22:51:40 -------- d-----w- c:\users\ornmadee\appdata\local\{DAB6795C-7AC2-43AB-958B-2CDADD3FCEEC}
2012-04-30 22:51:27 -------- d-----w- c:\users\ornmadee\appdata\local\{AF59BA1D-8C99-4B3C-BE3A-57E2F11ED15F}
2012-04-30 20:56:02 -------- d-----w- c:\users\ornmadee\appdata\local\{2EDB9019-3ABB-4134-B621-178294DD185F}
2012-04-30 20:55:42 -------- d-----w- c:\users\ornmadee\appdata\local\{2F8C0548-F58E-4BC7-B676-CD907889CC6E}
2012-04-30 19:58:43 -------- d-----w- c:\users\ornmadee\appdata\local\{0775D4F5-3F9C-4489-9E2F-F778570AD202}
2012-04-30 19:58:33 -------- d-----w- c:\users\ornmadee\appdata\local\{D6AADFD1-0FD8-425E-904A-6DDBA2DAE86C}
2012-04-30 17:45:30 -------- d-----w- c:\users\ornmadee\appdata\local\{91ACCFE7-9D31-470B-AF1D-C1EEE3C95705}
2012-04-30 17:45:08 -------- d-----w- c:\users\ornmadee\appdata\local\{799EA360-11AB-4E7A-8FBE-3DA308A1A673}
2012-04-30 17:10:15 -------- d-----w- c:\users\ornmadee\appdata\local\{C4AF8748-3703-4EBE-A2F3-64F827435B08}
2012-04-30 02:13:36 -------- d-----w- c:\users\ornmadee\appdata\local\{31AE90E0-8111-45C4-9D90-17871CCFBDBA}
2012-04-30 02:13:23 -------- d-----w- c:\users\ornmadee\appdata\local\{2B9C6A44-8661-4906-A044-054E16CB1EDF}
2012-04-30 00:54:36 -------- d-----w- c:\users\ornmadee\appdata\roaming\SystemUpdaterApp
2012-04-30 00:48:35 -------- d-----w- c:\users\ornmadee\appdata\local\qBittorrent
2012-04-30 00:48:34 -------- d-----w- c:\users\ornmadee\appdata\roaming\qBittorrent
2012-04-30 00:46:25 -------- dc----w- c:\program files\OApps
2012-04-30 00:45:58 -------- dc----w- c:\program files\intellidownload
2012-04-30 00:41:40 -------- d-----w- c:\programdata\Tarma Installer
2012-04-29 21:40:34 -------- d-----w- c:\users\ornmadee\appdata\local\{41F390A1-4262-42AC-887F-8D31CC98C168}
2012-04-29 21:40:20 -------- d-----w- c:\users\ornmadee\appdata\local\{8AFCA3D1-F99E-4C76-9FC1-822B5778B42F}
2012-04-29 16:55:26 -------- d-----w- c:\users\ornmadee\appdata\local\{CAAC1043-3B80-47A7-B076-C843CD33DE98}
2012-04-29 16:55:14 -------- d-----w- c:\users\ornmadee\appdata\local\{3D2436DB-3F3F-4B7B-9457-C4065B2F1236}
2012-04-29 16:43:11 -------- d-----w- c:\users\ornmadee\appdata\local\{8CF2CC25-E0D3-469C-ABB0-D1F981B5FB6F}
2012-04-29 16:42:59 -------- d-----w- c:\users\ornmadee\appdata\local\{60D0EEE5-6A7E-4E53-9938-7A587E9AC1BB}
2012-04-29 16:14:22 -------- d-----w- c:\users\ornmadee\appdata\local\{1AF9A681-6691-41D3-9EE0-D041A5DCC16F}
2012-04-29 16:14:10 -------- d-----w- c:\users\ornmadee\appdata\local\{AE9A6722-1E55-4E03-BA8E-8362F353CB05}
2012-04-29 05:19:23 -------- d-----w- c:\users\ornmadee\appdata\local\{3457EDF7-6B0A-4936-922C-4DA14695116D}
2012-04-29 05:19:08 -------- d-----w- c:\users\ornmadee\appdata\local\{EBC2DEE6-9902-4380-AF74-43F6CF6F17AA}
2012-04-28 15:37:49 -------- d-----w- c:\users\ornmadee\appdata\local\{6D3E2AB7-1B16-4EC3-BEF8-9E1E7375BD03}
2012-04-28 15:37:36 -------- d-----w- c:\users\ornmadee\appdata\local\{B5C7F973-8C17-4FD7-8B47-80613C23BAD3}
2012-04-28 00:39:44 -------- d-----w- c:\users\ornmadee\appdata\local\{48793938-DBB5-4D9C-8D62-961631341922}
2012-04-28 00:39:31 -------- d-----w- c:\users\ornmadee\appdata\local\{5C77043E-06A2-4D69-B3DD-AF0B5973BD42}
2012-04-27 19:59:51 -------- d-----w- c:\users\ornmadee\appdata\local\{A13CB559-CCE6-4B68-8E7B-E72CBE1E82A7}
2012-04-27 19:59:31 -------- d-----w- c:\users\ornmadee\appdata\local\{EC84E17F-8348-4B07-8671-314DB423B128}
2012-04-27 16:40:58 -------- d-----w- c:\users\ornmadee\appdata\local\{8FCEAB29-5C41-4AD0-B003-EC8BBCBC2802}
2012-04-27 16:40:37 -------- d-----w- c:\users\ornmadee\appdata\local\{62C1D96E-268E-4BFF-8538-50C44BB0EB24}
2012-04-27 13:58:56 -------- d-----w- c:\users\ornmadee\appdata\local\{9E205D2B-385D-44F2-9802-3225892C9E93}
2012-04-27 13:58:44 -------- d-----w- c:\users\ornmadee\appdata\local\{1C5019F4-44E0-42D3-962D-E49446A6E2A1}
2012-04-26 16:05:42 -------- d-----w- c:\users\ornmadee\appdata\local\{7EFCECBC-9F92-4AD1-89FD-541E704A1F74}
2012-04-26 16:05:21 -------- d-----w- c:\users\ornmadee\appdata\local\{1079EF49-2E61-48A1-93BF-9B5D546FE27B}
2012-04-26 15:25:18 -------- d-----w- c:\users\ornmadee\appdata\local\{1C3AE374-AAFA-476A-8546-D476FD5C6E46}
2012-04-26 15:24:58 -------- d-----w- c:\users\ornmadee\appdata\local\{A6299306-1DC4-4EEA-AA23-41227D5ECFD9}
2012-04-26 14:04:06 -------- d-----w- c:\users\ornmadee\appdata\local\{74A793C0-F605-4DD5-8E5D-FA87C7F875B0}
2012-04-26 14:03:51 -------- d-----w- c:\users\ornmadee\appdata\local\{461679C0-A4AA-427F-877B-7F90A90F06B3}
2012-04-25 21:00:25 -------- d-----w- c:\users\ornmadee\appdata\local\{59209FDA-1586-41B8-95E1-52A983E9D068}
2012-04-25 21:00:05 -------- d-----w- c:\users\ornmadee\appdata\local\{1832305E-2F85-4640-B238-6A6A18DCFE55}
2012-04-25 16:40:27 -------- d-----w- c:\users\ornmadee\appdata\local\{340B5F29-ABF4-4214-A975-171A55D920D2}
2012-04-25 16:40:07 -------- d-----w- c:\users\ornmadee\appdata\local\{5D6D8620-93B0-41BE-BC7D-CF9140ECD1DE}
2012-04-25 14:22:10 -------- d-----w- c:\users\ornmadee\appdata\local\{8DEF1737-9BDD-4F9A-8752-C41362E8976E}
2012-04-25 14:22:07 -------- d-----w- c:\users\ornmadee\appdata\local\{69D3C682-DDD9-4820-B8FB-B7CC15D9AE38}
2012-04-25 02:18:30 -------- d-----w- c:\users\ornmadee\appdata\local\{D291BAE0-77F6-4A9C-82A0-FA27BC9A0D02}
2012-04-25 02:18:27 -------- d-----w- c:\users\ornmadee\appdata\local\{A50CA0EC-D8CA-463F-A7D7-F6C8CFD0F6CC}
2012-04-24 22:45:12 -------- d-----w- c:\users\ornmadee\appdata\local\{9566A63C-2009-45CD-ADED-82A2E45FD3BD}
2012-04-24 22:45:09 -------- d-----w- c:\users\ornmadee\appdata\local\{8ECA7C9D-7A45-4BC7-8C47-A6BC7609D9F0}
2012-04-24 18:11:52 -------- d-----w- c:\users\ornmadee\appdata\local\{8B817CBE-B697-472D-A168-5BFC657E9975}
2012-04-24 18:11:48 -------- d-----w- c:\users\ornmadee\appdata\local\{45812650-6A8C-4DE6-AC7A-C02AC016CF52}
2012-04-24 18:10:11 -------- d-----w- c:\users\ornmadee\appdata\local\{F8D4E185-B244-450F-A857-6CAF3610A8EF}
2012-04-24 18:10:07 -------- d-----w- c:\users\ornmadee\appdata\local\{50900FEF-3574-44C1-AC85-603C07E2676A}
2012-04-23 02:28:19 -------- d-----w- c:\users\ornmadee\appdata\local\{02A7548E-F19D-48B9-AB50-E9A7C4BFA30A}
2012-04-23 02:28:15 -------- d-----w- c:\users\ornmadee\appdata\local\{5380766E-C888-4D16-B5BF-ED6479277C70}
2012-04-22 15:24:03 -------- d-----w- c:\users\ornmadee\appdata\local\{24B88CE5-4CC3-4D35-9B69-DA8EC56E402E}
2012-04-22 15:23:58 -------- d-----w- c:\users\ornmadee\appdata\local\{5CD83617-DCB1-4608-9DF8-3210EE2C5E3C}
2012-04-22 00:46:11 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2012-04-21 21:49:06 -------- d-----w- c:\users\ornmadee\appdata\local\{78887A4E-13CB-4FDB-AA5A-512C9E8102BF}
2012-04-21 21:48:58 -------- d-----w- c:\users\ornmadee\appdata\local\{A9540FF5-EDC4-422E-9B77-6866ED6943F8}
2012-04-21 16:59:38 -------- d-----w- c:\users\ornmadee\appdata\local\{592BE848-C1E8-4959-8D51-A5334F94CCFE}
2012-04-21 16:59:33 -------- d-----w- c:\users\ornmadee\appdata\local\{39857602-89FF-4295-80CB-7484C6345DC3}
2012-04-20 21:48:40 -------- d-----w- c:\users\ornmadee\appdata\local\{00713082-B010-42D6-A3A8-C1184F3FE7F0}
2012-04-20 21:48:35 -------- d-----w- c:\users\ornmadee\appdata\local\{DB4E0EA1-89FB-4C49-9B2E-773BB6378956}
2012-04-20 00:46:20 -------- d-----w- c:\users\ornmadee\appdata\local\{70C57038-66F5-41B2-81EA-4377E70DD5F8}
2012-04-20 00:46:17 -------- d-----w- c:\users\ornmadee\appdata\local\{C8B3388E-06BF-40BF-B1FE-EFD52D977B23}
2012-04-19 18:16:47 -------- d-----w- c:\users\ornmadee\appdata\local\{B4435AE3-F579-4BA9-8507-7558EA6BF201}
2012-04-19 15:34:05 -------- d-----w- c:\users\ornmadee\appdata\local\{FA4BAC55-2F36-4C22-8BC6-ECE44CF8879A}
2012-04-19 15:33:45 -------- d-----w- c:\users\ornmadee\appdata\local\{DA5725D9-996C-4248-BB20-D2E7961F8488}
2012-04-19 01:55:49 -------- d-----w- c:\users\ornmadee\appdata\local\{9BE845C5-251C-44F7-B33E-98AA4AECCA5F}
2012-04-19 01:55:34 -------- d-----w- c:\users\ornmadee\appdata\local\{B37C8F20-1891-4A4D-8E4F-41895936A15D}
2012-04-19 01:26:49 -------- d-----w- c:\users\ornmadee\appdata\local\{592E6487-5394-4CFB-BF9D-C2BCFC0770D8}
2012-04-19 01:26:35 -------- d-----w- c:\users\ornmadee\appdata\local\{8A9DA7D5-1788-4343-BD97-3D34EE9F143B}
2012-04-18 20:41:32 -------- d-----w- c:\users\ornmadee\appdata\local\{0203D290-37CB-4BDB-BC26-07B66948B218}
2012-04-18 20:41:12 -------- d-----w- c:\users\ornmadee\appdata\local\{16D20863-1BBC-4EE8-B244-F49F67C7F4FC}
2012-04-18 20:17:15 -------- d-----w- c:\users\ornmadee\appdata\local\{9571B30E-54D9-4DBC-A251-34112B93361E}
2012-04-18 20:16:55 -------- d-----w- c:\users\ornmadee\appdata\local\{4AE42883-05A6-40F4-A8DE-E02B27A58CFA}
2012-04-18 18:03:22 -------- d-----w- c:\users\ornmadee\appdata\local\{2647329C-2CFD-4892-8945-5C46E2EA59DD}
2012-04-18 18:03:01 -------- d-----w- c:\users\ornmadee\appdata\local\{F1E95033-8F55-4898-9A89-9177DDF6E0BD}
2012-04-18 15:20:23 -------- d-----w- c:\users\ornmadee\appdata\local\{EC25DD43-5430-4961-A765-293314D77435}
2012-04-18 15:20:04 -------- d-----w- c:\users\ornmadee\appdata\local\{35FD995A-F5A8-4683-8679-0B3C852C995A}
2012-04-18 13:57:03 -------- d-----w- c:\users\ornmadee\appdata\local\{166DDDD4-C69B-45F1-8F4F-1716DE6AF0A1}
2012-04-18 13:56:50 -------- d-----w- c:\users\ornmadee\appdata\local\{DB0D3982-94F0-4092-B72C-2210B1A04677}
2012-04-18 02:42:30 -------- d-----w- c:\users\ornmadee\appdata\local\{18372F03-BEF5-4038-AAE1-2A100E8E98B7}
2012-04-18 02:42:16 -------- d-----w- c:\users\ornmadee\appdata\local\{20DCFCAF-CA25-46A6-90E1-76AA3080D25C}
2012-04-18 01:28:13 -------- d-----w- c:\users\ornmadee\appdata\local\{49C1EE70-C1CC-44DA-A7B3-7A57564F11C5}
2012-04-18 01:28:00 -------- d-----w- c:\users\ornmadee\appdata\local\{A6FADA53-98B9-4A44-964E-26023E1147EE}
2012-04-17 20:45:30 -------- d-----w- c:\users\ornmadee\appdata\local\{567D2A6C-4764-4948-B561-37FE5CF9EFE5}
2012-04-17 20:45:18 -------- d-----w- c:\users\ornmadee\appdata\local\{ED2FC3CE-3E3E-4DF1-8070-E82C81DB4823}
2012-04-17 20:34:12 -------- d-----w- c:\users\ornmadee\appdata\local\{6BAD204F-1EFF-4BEB-9F81-BCFD66769228}
2012-04-17 20:33:49 -------- d-----w- c:\users\ornmadee\appdata\local\{D358C2DE-E0FC-4EC1-A7EB-4B50D04C44E1}
2012-04-17 19:11:38 -------- d-----w- c:\users\ornmadee\appdata\local\{34BEDB59-0173-494D-BEBB-D66821759B78}
2012-04-17 19:11:27 -------- d-----w- c:\users\ornmadee\appdata\local\{F2446956-E016-4594-86A6-34EE16E89BE4}
2012-04-17 17:04:59 -------- d-----w- c:\users\ornmadee\appdata\local\{E9D54B88-F5E8-42AE-BC38-2816A7728DDB}
2012-04-17 17:04:39 -------- d-----w- c:\users\ornmadee\appdata\local\{3D802334-6864-47CE-8EA4-091AA2B6ECF6}
2012-04-17 15:39:13 -------- d-----w- c:\users\ornmadee\appdata\local\{265F4307-9A76-4A43-A52C-3055F81EFB35}
2012-04-17 15:38:53 -------- d-----w- c:\users\ornmadee\appdata\local\{2F6D3B68-EF93-4131-AC3C-2766E31FA28F}
2012-04-17 14:01:32 -------- d-----w- c:\users\ornmadee\appdata\local\{7437E437-3E6C-44D7-9828-4CA74D0B0F52}
2012-04-17 14:01:17 -------- d-----w- c:\users\ornmadee\appdata\local\{B8D9AC1D-36CC-45E5-9C12-F4A0DB6F0098}
2012-04-16 23:24:06 -------- d-----w- c:\users\ornmadee\appdata\local\{51924071-BB53-4A5B-BF13-8CBE388C29EA}
2012-04-16 23:23:52 -------- d-----w- c:\users\ornmadee\appdata\local\{1EC12E65-FF9C-44CC-9B4B-9D052CE5BE6C}
2012-04-16 16:56:24 -------- d-----w- c:\users\ornmadee\appdata\local\{1A9776BB-8071-40DA-9CE4-34F8566A3187}
2012-04-16 16:56:01 -------- d-----w- c:\users\ornmadee\appdata\local\{0366C164-A574-4053-9957-D04276818337}
2012-04-15 23:55:47 -------- d-----w- c:\users\ornmadee\appdata\local\{6108B5FF-BCEC-48B0-82BE-663B017AFE71}
2012-04-15 23:55:35 -------- d-----w- c:\users\ornmadee\appdata\local\{68E84152-D178-4987-A89A-79D9385DCADC}
2012-04-15 16:26:56 -------- d-----w- c:\users\ornmadee\appdata\local\{CEBCD626-91CB-4675-9EE9-1FC32DD50EB3}
2012-04-15 16:26:43 -------- d-----w- c:\users\ornmadee\appdata\local\{8EC6725B-9177-431D-ADD5-F2FB81D0B161}
2012-04-14 21:25:53 -------- d-----w- c:\users\ornmadee\appdata\local\{3B68E202-3ECA-450D-9F4E-9AB232CF721B}
2012-04-14 21:25:39 -------- d-----w- c:\users\ornmadee\appdata\local\{D016C0B4-6095-416C-A0F5-C8072536341D}
2012-04-14 15:34:18 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-14 15:34:17 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-14 15:34:17 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-14 15:34:17 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-14 15:33:28 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-14 15:33:27 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-14 00:30:32 -------- d-----w- c:\users\ornmadee\appdata\local\{5DAAA029-F387-4131-8A2A-E04207494748}
2012-04-14 00:30:19 -------- d-----w- c:\users\ornmadee\appdata\local\{F63A886C-0520-4FB5-8A25-977B479CBFB5}
2012-04-13 22:36:31 -------- d-----w- c:\users\ornmadee\appdata\local\{E6820C5A-7814-43C8-B5C0-5B906775BBBD}
2012-04-13 22:36:18 -------- d-----w- c:\users\ornmadee\appdata\local\{4C7ED13E-7ED1-4CA4-B2B1-80C4A5C81694}
2012-04-13 03:43:50 -------- d-----w- c:\users\ornmadee\appdata\local\{C5B395E8-6AAA-4C81-98A3-7F5A98010FF7}
2012-04-13 03:43:39 -------- d-----w- c:\users\ornmadee\appdata\local\{9B117643-6D35-4339-8A5E-880001D647D6}
2012-04-13 02:26:34 -------- d-----w- c:\users\ornmadee\appdata\local\{5319A88A-EC53-4E75-B111-9249632DB486}
2012-04-13 02:26:22 -------- d-----w- c:\users\ornmadee\appdata\local\{758D57D7-6C85-412F-878A-A85958E9AB9E}
2012-04-13 00:49:25 -------- d-----w- c:\users\ornmadee\appdata\local\{968937B1-AE21-4D85-B7C0-1390CF9B37E3}
2012-04-13 00:45:28 -------- d-----w- c:\users\ornmadee\appdata\local\{2CDAB854-9B55-437D-B01F-8FDEA08A0876}
2012-04-12 21:31:04 -------- d-----w- c:\users\ornmadee\appdata\local\{CC26674F-1854-49BF-AE62-D4C690794FC7}
2012-04-12 21:30:53 -------- d-----w- c:\users\ornmadee\appdata\local\{57A537BC-B542-4F0B-87EC-5A7386DBC2EC}
2012-04-12 20:31:22 -------- d-----w- c:\users\ornmadee\appdata\local\{7DB8B044-0911-4911-BDE4-AC522EE7BD20}
2012-04-12 20:31:11 -------- d-----w- c:\users\ornmadee\appdata\local\{4E0F75DC-33BC-435A-9BE1-09C4C0ECDF35}
2012-04-12 18:22:04 -------- d-----w- c:\users\ornmadee\appdata\local\{27B32201-789E-4F8F-8019-DEA2D799C405}
2012-04-12 18:21:53 -------- d-----w- c:\users\ornmadee\appdata\local\{F0F32740-4FBC-4E9A-A05A-8088337B768F}
2012-04-12 16:33:09 -------- d-----w- c:\users\ornmadee\appdata\local\{82CF3EA1-B1A4-40A3-B1DB-A7577118A3FB}
2012-04-12 16:32:57 -------- d-----w- c:\users\ornmadee\appdata\local\{BA48DF92-B2A7-4919-9C2E-7A35A24F2194}
2012-04-12 15:28:26 -------- d-----w- c:\users\ornmadee\appdata\local\{84970998-65B7-4C66-B004-63F3AA621713}
2012-04-12 15:28:15 -------- d-----w- c:\users\ornmadee\appdata\local\{CF6A80F0-1D4B-4157-AB5D-09B9F17B37E0}
2012-04-12 03:56:45 -------- d-----w- c:\users\ornmadee\appdata\local\{185DE91E-606B-46E2-9F8D-8AC099ACFC87}
2012-04-12 03:56:29 -------- d-----w- c:\users\ornmadee\appdata\local\{09EE14FE-4741-4E04-8074-9EEC739408A4}
2012-04-12 00:01:21 -------- d-----w- c:\users\ornmadee\appdata\local\{970E642A-74F8-4CE6-AF34-8E8D7BC47EE5}
2012-04-12 00:01:04 -------- d-----w- c:\users\ornmadee\appdata\local\{E4230657-857E-4D9F-98E9-BB9A595BFBD7}
2012-04-11 20:54:18 -------- d-----w- c:\users\ornmadee\appdata\local\{7C11E12B-9364-4AA6-8D14-390C5A632B58}
2012-04-11 20:54:07 -------- d-----w- c:\users\ornmadee\appdata\local\{1765087A-B942-47C5-A9FB-4520371FB580}
2012-04-11 19:56:08 -------- d-----w- c:\users\ornmadee\appdata\local\{B24180CB-D05A-49A4-B0C4-E64A8B67A030}
2012-04-11 19:55:55 -------- d-----w- c:\users\ornmadee\appdata\local\{0EF40091-41CF-4B1C-9B06-5658BCA81556}
2012-04-11 14:55:12 -------- d-----w- c:\users\ornmadee\appdata\local\{D27DD14C-11FD-4F5D-BC4C-7F0D61DDFB59}
2012-04-11 14:54:59 -------- d-----w- c:\users\ornmadee\appdata\local\{F1902F1C-6D2C-4392-92FA-454915348702}
2012-04-11 14:06:17 -------- d-----w- c:\users\ornmadee\appdata\local\{18BBDA6E-0DB6-4C4D-ACC5-A23668EE3E22}
2012-04-11 14:06:06 -------- d-----w- c:\users\ornmadee\appdata\local\{D32EBED1-F37A-4F2B-9578-688307D74EB3}
2012-04-11 03:33:53 -------- d-----w- c:\users\ornmadee\appdata\local\{4E07A0E9-1AFB-4711-8570-D9416EBCF8A9}
2012-04-11 03:33:41 -------- d-----w- c:\users\ornmadee\appdata\local\{A0FE8197-F632-4942-AC4A-18C91A5BD26D}
2012-04-10 18:33:50 -------- d-----w- c:\users\ornmadee\appdata\local\{56B55C4B-8394-44A2-907B-3474BDCA0BC3}
2012-04-10 18:33:37 -------- d-----w- c:\users\ornmadee\appdata\local\{181D38FC-BBD1-47AD-BE79-2D7CD0EEAC16}
2012-04-10 15:00:11 -------- d-----w- c:\users\ornmadee\appdata\local\{F146342B-A099-4813-A924-3757EC39DB54}
2012-04-10 14:59:59 -------- d-----w- c:\users\ornmadee\appdata\local\{5507AD84-4031-40D3-9AD5-8CD7244014F7}
2012-04-10 01:38:12 -------- d-----w- c:\users\ornmadee\appdata\local\{AECE5843-2ACF-41D5-9CEE-BC01FF5DCFCD}
2012-04-10 01:37:58 -------- d-----w- c:\users\ornmadee\appdata\local\{75EF6264-7F60-4FF5-932F-589538EEE85A}
2012-04-09 23:50:56 -------- dc----w- c:\program files\Incredibar.com
2012-04-09 23:49:59 -------- d-----w- c:\programdata\Codecv
2012-04-09 23:49:44 -------- dc----w- C:\codec-info
2012-04-09 20:06:30 -------- d-----w- c:\users\ornmadee\appdata\local\{59F67D83-F037-4993-B669-B0AB3E78C94F}
2012-04-09 20:06:17 -------- d-----w- c:\users\ornmadee\appdata\local\{FA7F04E5-28D2-4F44-A6CC-1BBC6A1E2176}
2012-04-09 14:43:49 -------- d-----w- c:\users\ornmadee\appdata\local\{0EE02D3A-D4D5-4FE5-B960-073EB811FE39}
2012-04-09 14:43:37 -------- d-----w- c:\users\ornmadee\appdata\local\{CE19DD92-E120-4A26-BCD1-4B1FD353B5AE}
2012-04-09 14:27:04 -------- d-----w- c:\users\ornmadee\appdata\local\{20DFC51D-82B2-4E08-A679-5072759FDBC6}
2012-04-09 14:26:52 -------- d-----w- c:\users\ornmadee\appdata\local\{E3E06822-FCE0-45C5-8FDD-D47F4E15AE61}
2012-04-09 02:17:08 -------- d-----w- c:\users\ornmadee\appdata\local\{BE141C9C-1FE1-4881-8173-317A500646B9}
2012-04-09 02:16:56 -------- d-----w- c:\users\ornmadee\appdata\local\{71E952A1-AF48-456F-8B3D-28471715C7EC}
2012-04-09 00:29:58 -------- d-----w- c:\users\ornmadee\appdata\local\{04C09754-099C-46EE-97E1-C2C464D103E9}
2012-04-09 00:29:43 -------- d-----w- c:\users\ornmadee\appdata\local\{947B5F85-CBE6-4452-A44E-64E5ACEB5D39}
2012-04-08 22:10:52 -------- d-----w- c:\users\ornmadee\appdata\local\{679ED41E-5C56-4E6E-8F90-2D285E0D485A}
2012-04-08 22:10:38 -------- d-----w- c:\users\ornmadee\appdata\local\{016BE9FC-4F0F-4237-9E8B-FE165030FEA7}
2012-04-08 20:34:50 -------- d-----w- c:\users\ornmadee\appdata\local\{C95D3D9E-B9B3-47F3-8BB3-19932C62F855}
2012-04-08 20:34:37 -------- d-----w- c:\users\ornmadee\appdata\local\{6404BCF1-1EF9-4E3B-887F-7B4A360C4E2D}
2012-04-08 02:32:05 -------- d-----w- c:\users\ornmadee\appdata\local\{6DBAE1D6-CF1A-45E5-9253-8C2E19C3C4C0}
2012-04-08 02:31:52 -------- d-----w- c:\users\ornmadee\appdata\local\{8BE9A12F-7A50-4856-B440-9E6C683DFDB9}
2012-04-08 01:42:09 -------- d-----w- c:\users\ornmadee\appdata\local\{7F18729A-7BEA-47AB-9139-B40338646E9F}
2012-04-08 01:41:56 -------- d-----w- c:\users\ornmadee\appdata\local\{6D36F16C-A161-4AB0-8B6B-8F56E37B3118}
2012-04-07 23:10:15 -------- d-----w- c:\users\ornmadee\appdata\local\{919FB66D-50CF-49B6-B984-3852396E9182}
2012-04-07 23:10:03 -------- d-----w- c:\users\ornmadee\appdata\local\{FCBA62EB-771E-48EA-947F-C051D0689606}
2012-04-07 21:38:50 -------- d-----w- c:\users\ornmadee\appdata\local\{80D552AA-7701-4F77-BBA9-E0BD94170BAA}
2012-04-07 21:38:38 -------- d-----w- c:\users\ornmadee\appdata\local\{6A20D707-28EC-4BCD-A7AC-109621E9CAA2}
2012-04-07 11:13:19 -------- d-----w- c:\users\ornmadee\appdata\local\{EEE7DC5C-7E3D-4EF5-97A3-7F7581E7F374}
2012-04-07 11:12:56 -------- d-----w- c:\users\ornmadee\appdata\local\{AB0E73FE-E372-4BE9-9161-69F4170EE904}
2012-04-07 09:27:15 -------- d-----w- c:\users\ornmadee\appdata\local\{91F5BE16-C958-4903-96E5-4802B3B7B9B8}
2012-04-07 09:27:02 -------- d-----w- c:\users\ornmadee\appdata\local\{86B06A62-F032-4784-A24D-0AC1215DE7FB}
2012-04-07 09:25:03 -------- d-----w- c:\users\ornmadee\appdata\local\{94BEDB5C-D381-4EF8-ABD8-F1B73B103CAE}
2012-04-07 09:24:45 -------- d-----w- c:\users\ornmadee\appdata\local\{0DD79021-A60D-447A-AE45-173AD894D233}
2012-04-07 06:25:36 -------- d-----w- c:\users\ornmadee\appdata\local\{BC35865A-C170-41A2-B2CB-09196901CD8F}
2012-04-07 06:25:23 -------- d-----w- c:\users\ornmadee\appdata\local\{C2F439AC-5FBE-4A36-A01C-77C74F064757}
2012-04-07 00:06:15 -------- d-----w- c:\users\ornmadee\appdata\local\{8AE3E518-E877-4263-9DCD-B5DDC0993073}
2012-04-07 00:06:02 -------- d-----w- c:\users\ornmadee\appdata\local\{0AD09DC8-5016-4C02-9698-8D25C1A48394}
2012-04-06 01:34:12 -------- d-----w- c:\users\ornmadee\appdata\local\{210E343C-4736-43EF-B48E-A2BB3D32558C}
2012-04-05 20:57:21 -------- d-----w- c:\users\ornmadee\appdata\local\{4084EA8A-1023-496D-85B1-736806411088}
2012-04-05 20:22:05 -------- d-----w- c:\users\ornmadee\appdata\local\{14592758-E952-43D7-9B5E-8EDFFB21C0ED}
2012-04-05 16:33:32 -------- d-----w- c:\users\ornmadee\appdata\local\{34A0C6BA-3047-4D07-BC02-D7F5D68A61B2}
2012-04-05 15:08:03 -------- d-----w- c:\users\ornmadee\appdata\local\{E1C94C72-ACBF-47AC-A517-31D4CB753CC9}
2012-04-05 14:18:00 -------- d-----w- c:\users\ornmadee\appdata\local\{40753BF2-3C09-4D85-ADD6-2110D7503765}
2012-04-05 14:11:25 -------- d-----w- c:\users\ornmadee\appdata\local\{A76BD751-9EB3-46B0-BD97-86F9C8EA30B7}
2012-04-05 12:55:49 -------- d-----w- c:\users\ornmadee\appdata\local\{10CDC465-FC10-4E91-9E22-AFC932277F3F}
2012-04-05 04:34:14 -------- d-----w- c:\users\ornmadee\appdata\local\{8392FF46-9AE9-4F7D-8E02-92C7599B7DF9}
2012-04-05 04:18:02 -------- d-----w- c:\users\ornmadee\appdata\local\{753C27D9-BBCB-4B5F-852F-49710A76841E}
2012-04-05 03:13:37 -------- d-----w- c:\users\ornmadee\appdata\local\{56F0D4AC-4BB4-4F80-B909-C91ACA5E2A17}
2012-04-04 22:00:54 -------- d-----w- c:\users\ornmadee\appdata\local\{769C56A3-0467-47E9-B924-5D4E369F75A7}
2012-04-04 22:00:42 -------- d-----w- c:\users\ornmadee\appdata\local\{9690F1DF-607A-4907-BE7B-AB2286BA04E6}
2012-04-04 20:54:25 -------- d-----w- c:\users\ornmadee\appdata\local\{6F2F1336-9FF4-46C0-B78E-F6F517765885}
2012-04-04 20:53:58 -------- d-----w- c:\users\ornmadee\appdata\local\{B467C60E-CC02-40D0-9014-0639286FAAB1}
2012-04-04 17:56:57 744568 ----a-r- c:\windows\system32\drivers\n360\0502010.003\symefa.sys
2012-04-04 17:56:57 516216 ----a-r- c:\windows\system32\drivers\n360\0502010.003\srtsp.sys
2012-04-04 17:56:57 50168 ----a-r- c:\windows\system32\drivers\n360\0502010.003\srtspx.sys
2012-04-04 17:56:57 340088 ----a-r- c:\windows\system32\drivers\n360\0502010.003\symds.sys
2012-04-04 17:56:57 299640 ----a-w- c:\windows\system32\drivers\n360\0502010.003\symnets.sys
2012-04-04 17:56:56 136312 ----a-r- c:\windows\system32\drivers\n360\0502010.003\ironx86.sys
2012-04-04 17:56:28 -------- d-----w- c:\windows\system32\drivers\n360\0502010.003
2012-04-04 13:48:02 -------- d-----w- c:\users\ornmadee\appdata\local\{ACB3803E-3A1E-4098-9413-D4E0DA1F0B0E}
2012-04-04 13:47:50 -------- d-----w- c:\users\ornmadee\appdata\local\{7532E294-E89F-4977-953E-F4B7D108224B}
2012-04-04 05:53:56 182160 -c--a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-04-04 04:31:03 -------- d-----w- c:\users\ornmadee\appdata\local\{6897FEBE-46DC-4C28-997F-3FED94B20AFA}
2012-04-04 04:30:50 -------- d-----w- c:\users\ornmadee\appdata\local\{40AF2BC0-C268-4FD8-862B-5425BE293938}
2012-04-04 04:21:01 -------- d-----w- c:\users\ornmadee\appdata\local\Graboid Inc
2012-04-04 03:08:10 -------- d-----w- c:\users\ornmadee\appdata\local\{641D8FCB-181D-4D5E-9B9C-219525433BD8}
2012-04-04 02:45:23 -------- d-----w- c:\users\ornmadee\appdata\local\{6F9681ED-1908-419D-9BFD-571634FD691F}
2012-04-04 02:43:50 -------- d-----w- c:\users\ornmadee\appdata\local\{C58AE691-9723-42C1-ACC6-0769BCD31759}
2012-04-03 19:05:41 -------- d-----w- c:\users\ornmadee\appdata\local\{CF2631C7-F7B5-4833-B7CA-A885F53A46BA}
2012-04-03 19:05:29 -------- d-----w- c:\users\ornmadee\appdata\local\{FD7CDD20-DF3F-4CF4-A242-F293E7CD2575}
2012-04-03 12:43:27 -------- d-----w- c:\users\ornmadee\appdata\local\{43C50041-AA24-43B6-9D3F-A4FDF3DE493E}
2012-04-03 12:43:05 -------- d-----w- c:\users\ornmadee\appdata\local\{516CC0C9-4950-4D99-A8B1-36F11B3B92A8}
2012-04-02 21:02:51 -------- d-----w- c:\users\ornmadee\appdata\local\{CD2BFACC-8B3C-4252-8AF6-504EE06412A7}
2012-04-02 21:02:38 -------- d-----w- c:\users\ornmadee\appdata\local\{453996AA-4095-4006-88D8-FF0D2582C5B2}
2012-04-02 18:31:46 -------- dc----w- c:\program files\iPod
2012-04-02 18:09:29 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-04-02 18:09:29 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-04-02 18:09:29 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-04-02 18:09:29 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-04-02 18:09:29 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-04-02 18:09:29 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-04-02 18:09:29 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-04-02 13:07:39 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-04-02 13:07:39 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-02-29 04:01:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 17:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 17:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 17:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 11:20:12.99 ===============

I tried running the GMER Rootkit Scanner, but i kept getting sent to lightroom

Attached Files

Attach.txt (8.6 KB)

]]> Inactive Malware Help Topics BCHS http://www.techsupportforum.com/forums/f284/win32-small-ca-virus-643511.html Need help, what else? :) Laptop went berserk. http://www.techsupportforum.com/forums/f284/need-help-what-else-laptop-went-berserk-643434.html Wed, 02 May 2012 06:57:09 GMT I did see a question similar to mine posted recently, but our circumstances are so different - I'm not sure I can use your suggestions to him in my case.

Need your help, guys. I'll try to make this brief (ish).

My HP Pavilion laptop was getting very slow and then started doing weird things, like: the sound icon in the launch tray vanished, the laptop would start ringing like crazy, upon starting, some keys suddenly being disabled, or letters of one word I would type, scrolling 100 lines apart. It was a gradual process but it got worse and worse. AVG and Adaware found nothing.

A couple of days ago, I used all utilities I could get my hands on and the computer worked great and fast. Except... the next day got bad again. Downloaded Avast and only on boot scan it found Win32:PUP. It put it in a vault. Everything was working great again.

This morning - laptop is going crazy, doesn't even boot beyond the HP logo, deafening ringing I can't stop, keys don't respond. I was eventually able to boot through F12, I think, but the keys were still not responding. Pushing everywhere, I somehow managed to open Avast, which said that everything was A-OK. I tried to run another boot scan - everything crashed. CTRL ALT DEL did nothing, the screen was just jumping. Anyway - I had to force the shut-of manually and even that didn't work right away. This, or something similar happened in the past and then I would be able to go on again, but today, knowing about Win32:PUP, i didn't want to do anything until I heard from you.

I have since read that Win32:PUP can hide and bring itself back to life, so to speak, when the system is off, but I thought that if it was quarantined it would be blocked.

I found these removal instructions: blog.teesupport.com/permanently-remove-win32pup-gen-manually-delete-win32pup-gen/
but I would need a little bit of hand-holding to do it, especially in the state the laptop is in (I'm a good study), and also I'm not sure whether the suggestion is even kosher.

What do I do now? Help, please.

Question about Avast: in a regular scan, it decides itself on a fix or recommends one. In the boot scan, it just gave me options, such as "heal", "delete", "put in a vault", etc. Frankly, I didn't know what to choose so I picked what I see most often. Should I have picked something else? ]]> Inactive Malware Help Topics Sophia L http://www.techsupportforum.com/forums/f284/need-help-what-else-laptop-went-berserk-643434.html about.blank resets my homepage. XP. http://www.techsupportforum.com/forums/f284/about-blank-resets-my-homepage-xp-643265.html Tue, 01 May 2012 00:29:37 GMT Very frustrating, about.blank rests my internet explorer 8 home page from Google to about. blank !!!!! . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Lime Green at 16:20:46 on 2012-04-30 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1553... Very frustrating, about.blank rests my internet explorer 8 home page from Google to about. blank !!!!!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Lime Green at 16:20:46 on 2012-04-30
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1553 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\OpenOffice.org1.1.0\program\soffice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IE to GetRight Helper: {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [ADS TVR Agent] c:\program files\ads tech\instant tv pvr\Scheduled.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [IMONTRAY] c:\program files\intel\intel(r) active monitor\imontray.exe
mRun: [MilShieldSlave] "c:\program files\mil incorporated\mil shield\ShieldWorker.exe" -logon
StartupFolder: c:\docume~1\limegr~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org1.1.0\program\quickstart.exe
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 148.78.249.200 148.78.249.201
TCP: Interfaces\{67165AC8-AE6B-408D-BA03-6D470844A511} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{807EB632-57A8-4D44-BF8E-CDFE64ECC988} : DhcpNameServer = 148.78.249.200 148.78.249.201
TCP: Interfaces\{BDE832D9-2DC3-4FBC-9D6C-2C67F1DCD81A} : DhcpNameServer = 148.78.249.200 148.78.249.201
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lime green\application data\mozilla\firefox\profiles\b6qaiaxq.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2012-4-2 1756384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-30 116648]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 253088]
S3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2010-12-8 686080]
S3 DM1105SBDA;DM1105 TV Device;c:\windows\system32\drivers\DM1105SBDA.sys [2011-7-26 27392]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-2-23 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-2-23 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-30 116648]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [2011-11-28 83552]
S3 WlanUIG;EDUP 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [2012-3-15 376224]
.
=============== Created Last 30 ================
.
2012-04-25 04:36:25 10982 ----a-w- c:\windows\system32\HwInfoD.vxd
2012-04-24 03:55:55 -------- d-----w- c:\program files\RegClean Pro
2012-04-24 03:48:21 -------- d-----w- c:\documents and settings\lime green\application data\SpeedyPC Software
2012-04-24 03:48:09 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-04-24 03:08:12 -------- d-----w- c:\documents and settings\lime green\application data\Malwarebytes
2012-04-24 03:05:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-24 02:31:07 -------- d-----w- c:\documents and settings\lime green\application data\DriverCure
2012-04-24 02:31:06 -------- d-----w- c:\documents and settings\lime green\application data\SpeedMaxPc
2012-04-24 02:30:53 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc
2012-04-23 17:38:10 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-04-23 17:38:10 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-23 17:35:44 -------- d-----w- c:\documents and settings\lime green\application data\Systweak
2012-04-23 17:35:38 -------- d-----w- c:\documents and settings\lime green\local settings\application data\Mil Incorporated
2012-04-20 18:39:40 -------- d-----w- c:\windows\ShellNew
2012-04-19 00:51:00 -------- d-----w- c:\program files\nLite
2012-04-18 22:11:32 -------- d-----w- c:\program files\ToniArts
2012-04-18 22:11:19 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2012-04-18 22:11:19 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2012-04-18 22:11:19 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2012-04-18 22:11:19 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2012-04-18 22:11:19 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2012-04-18 22:11:18 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2012-04-18 22:11:18 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2012-04-18 22:01:38 2416 ----a-w- c:\windows\system32\ASOROSet.bin
2012-04-18 21:57:59 17280 ----a-w- c:\windows\system32\roboot.exe
2012-04-18 21:51:13 -------- d-----w- c:\program files\Mil Incorporated
2012-04-16 06:21:39 52736 ----a-w- c:\windows\system32\SPIN32.OCX
2012-04-16 06:21:39 26896 ----a-w- c:\windows\system32\HH.EXE
2012-04-16 06:21:39 204296 ----a-w- c:\windows\system32\Richtx32.ocx
2012-04-16 06:21:39 122880 ----a-w- c:\windows\system32\SensorDLL.dll
2012-04-16 06:21:39 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-04-16 06:21:39 1044480 ----a-w- c:\windows\system32\ROBOEX32.DLL
2012-04-16 06:21:39 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2012-04-16 06:21:37 21963 ----a-w- c:\windows\system32\drivers\smb.sys
2012-04-16 06:21:23 36484 ----a-w- c:\windows\system32\drivers\SMBios.sys
2012-04-16 06:21:22 7424 ----a-w- c:\windows\system32\drivers\SIODRV.SYS
2012-04-16 06:21:21 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2012-04-13 16:47:44 -------- d-----w- c:\windows\Intuit
2012-04-13 02:16:30 4194304 ----a-w- c:\windows\system32\cdintf400.dll
2012-04-13 01:28:33 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2012-04-04 05:53:56 182160 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-04-03 04:08:15 1756384 ----a-r- c:\windows\system32\drivers\athuw.sys
2012-04-03 01:06:50 -------- d--h--r- c:\documents and settings\all users\application data\Atheros
2012-04-03 01:05:17 -------- d-----w- c:\documents and settings\all users\application data\TP-LINK
2012-04-02 23:24:07 -------- d-----w- C:\New Folder
2012-04-02 23:24:07 -------- d-----w- c:\documents and settings\lime green\local settings\application data\Help
.
==================== Find3M ====================
.
2012-04-29 16:51:04 69632 ----a-w- c:\windows\uinst001.exe
2012-04-14 15:34:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-14 15:34:34 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 16:20:58.95 ===============

Attached Files

	dds.txt (12.0 KB)
	attach.txt (7.3 KB)

]]> Inactive Malware Help Topics zl4gvn http://www.techsupportforum.com/forums/f284/about-blank-resets-my-homepage-xp-643265.html Help with virus http://www.techsupportforum.com/forums/f284/help-with-virus-643120.html Mon, 30 Apr 2012 07:39:29 GMT I am new to these forums and I'm not sure how quickly responses are made, but I will not be able to respond until about noon tomorrow.

I have had some pretty mean viruses is the past. I have had to take 2 computers into a virus removal shop, the others I was able to fix myself. I have never had a virus like this one before. Here are my computers symptoms that I have noticed so far:

Unable to open several programs

Internet explorer opens a blank page at different intervals. Sometimes it happens just once, sometimes it opens one after the other so I can have as many as 70 blank pages open at once.

Searches get redirected

Websites I type into address bar get redirected

Computer is generally slower

Virus is not detected on Malwarebytes anti-malware software

Thanks in advance to any help! ]]> Inactive Malware Help Topics maxst http://www.techsupportforum.com/forums/f284/help-with-virus-643120.html cant access anti virus sites or microsoft http://www.techsupportforum.com/forums/f284/cant-access-anti-virus-sites-or-microsoft-642886.html Sat, 28 Apr 2012 18:41:37 GMT Ive had this problem for a few a days. I've heard of combofix but not sure how to use it so any help would be appreciated.

Heres My Hijackthis log

Quote:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:41:10 PM, on 28/04/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Documents and Settings\Chriz\Local Settings\Application Data\jrdqxmro\rxugimbb.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [RxuGimbb] C:\Documents and Settings\Chriz\Local Settings\Application Data\jrdqxmro\rxugimbb.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\..\svchost.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

--
End of file - 7779 bytes

]]> Inactive Malware Help Topics jparish1986 http://www.techsupportforum.com/forums/f284/cant-access-anti-virus-sites-or-microsoft-642886.html XP Laptop began running slowly http://www.techsupportforum.com/forums/f284/xp-laptop-began-running-slowly-642814.html Sat, 28 Apr 2012 07:03:40 GMT So I have a laptop that I use (as a student) daily, which has suddenly started running very slowly. I've been watching resources in task manager, but I can't find anything recognizably suspicious.

My computer specs are as follows:

Dell Vostro 1500 17" Notebook
XP Professional 2002 SP3 32bit
Intel Mobile Core 2 Duo T5270 @ 1.40GHz (temp normal)
2GB Dual Channel DDR2 @ 332MHz (5-5-5-15)
Dell Inc. 0NX907 (Microprocessor, also at normal temp)
Mobile Intel 965 Express Chipset Family
244GB SATA (Western Digital WDC WD2500BEVS-75UST0) (3/4 full)
(More info on request)

Computer health details:
I run Microsoft Security Essentials and Malwarebytes Antivirus
Scanned with both yesterday (Packer.ModifiedUPX found, quarantined)
Defragged yesterday, constantly clear temp files with Piriform CCleaner
I use Revo Uninstaller to remove programs, getting rid of unused registry keys and extra files

I generally use the machine for student purposes, minor coding and minor gaming.

HJT LOG:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:32:02 AM, on 4/26/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17109)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [binnmax700setup.exe] C:\Documents and Settings\owner\Application Data\8012BD4C0FDC2CF70580B82573D19E65\binnmax700setup.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\owner\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8204 bytes

I realize this might be an excess of info, but is there anything else I can provide? ]]> Inactive Malware Help Topics Kryzm http://www.techsupportforum.com/forums/f284/xp-laptop-began-running-slowly-642814.html Happili Redirect Virus http://www.techsupportforum.com/forums/f284/happili-redirect-virus-642631.html Fri, 27 Apr 2012 01:47:36 GMT I use Internet Explorer, I have been getting redirected to Happili.com and other websites while researching on Google. I downloaded Avast and Anvisoft Antimalware. Neither can find the virus. Avast does block the redirects. Thank you for any help you can provide. . DDS (Ver_2011-08-26.01)... I use Internet Explorer, I have been getting redirected to Happili.com and other websites while researching on Google. I downloaded Avast and Anvisoft Antimalware. Neither can find the virus. Avast does block the redirects. Thank you for any help you can provide.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by DAN at 19:15:18 on 2012-04-26
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3885.1199 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\DAN\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Netscape] Rundll32.exe C:\Users\DAN\AppData\Local\Netscape\lpzhystn.dll,OsMuxUnlock
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: ted.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{04918C16-C940-4274-94B1-BCF35268FA05} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{04918C16-C940-4274-94B1-BCF35268FA05}\34F6C41626 : DhcpNameServer = 68.87.68.162 68.87.74.162
TCP: Interfaces\{04918C16-C940-4274-94B1-BCF35268FA05}\34F6C61626D2332746 : DhcpNameServer = 68.87.68.162 68.87.74.162
TCP: Interfaces\{04918C16-C940-4274-94B1-BCF35268FA05}\4656679616E647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{04918C16-C940-4274-94B1-BCF35268FA05}\64275656458656E456470275966696 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{04918C16-C940-4274-94B1-BCF35268FA05}\74575637470294E6475627E6564702143636563737E2 : DhcpNameServer = 75.94.255.12 64.13.115.12
TCP: Interfaces\{04918C16-C940-4274-94B1-BCF35268FA05}\86162616E65627F6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{04918C16-C940-4274-94B1-BCF35268FA05}\D4363416274786970275966496 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{901ED026-93D4-4225-A15E-341A2658C3A1} : NameServer = 192.168.50.225
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DAN\AppData\Roaming\Mozilla\Firefox\Profiles\0u1vwv9k.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Users\DAN\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\DAN\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\DAN\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 avfsmn;avfsmn;C:\Windows\system32\DRIVERS\avfsmn.sys --> C:\Windows\system32\DRIVERS\avfsmn.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-2-3 296232]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-20 44768]
R2 avhips;AntiMalware Host-based Intrusion Prevention System;\??\C:\Windows\system32\DRIVERS\avhips.sys --> C:\Windows\system32\DRIVERS\avhips.sys [?]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-12-29 404992]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-8-19 1248256]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-18 2314240]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-12-29 911360]
R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;bpmp;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-12 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-12 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-04-26 20:46:07 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EA692BAB-1AD3-4D98-A965-362A93B64FB1}\mpengine.dll
2012-04-22 00:06:45 388096 ----a-r- C:\Users\DAN\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-22 00:06:45 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-21 22:03:05 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-21 22:03:05 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-21 22:03:04 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-21 22:03:04 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-21 22:03:04 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-21 22:03:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-21 22:03:04 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-20 17:00:40 24360 ----a-w- C:\Windows\System32\drivers\avhips.sys
2012-04-20 17:00:40 20264 ----a-w- C:\Windows\System32\drivers\avfsmn.sys
2012-04-20 17:00:26 -------- d-----w- C:\Program Files (x86)\Anvisoft
2012-04-20 15:48:35 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-04-20 15:48:30 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-04-20 15:48:22 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-04-20 15:47:49 41184 ----a-w- C:\Windows\avastSS.scr
2012-04-20 15:47:38 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-20 15:47:38 -------- d-----w- C:\Program Files\AVAST Software
2012-04-18 15:03:26 -------- d-----w- C:\Users\DAN\AppData\Roaming\Malwarebytes
2012-04-18 15:03:18 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-18 15:03:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-17 06:55:04 -------- d-----w- C:\Users\DAN\AppData\Local\Windows Live
2012-04-17 06:54:59 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-04-17 06:09:47 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-17 06:09:31 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-13 01:30:06 -------- d-----w- C:\Users\DAN\AppData\Local\Netscape
2012-04-06 05:07:33 -------- d-----w- C:\Users\DAN\AppData\Roaming\Intuit
2012-04-06 05:05:18 -------- d-----w- C:\Users\DAN\AppData\Local\IsolatedStorage
2012-04-06 05:04:50 -------- d-----w- C:\Program Files (x86)\TurboTax
.
==================== Find3M ====================
.
2012-03-06 06:43:21 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:41 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-14 17:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 19:16:41.57 ===============

Attached Files

Attach.zip.zip (4.5 KB)

]]> Inactive Malware Help Topics HMABJJ http://www.techsupportforum.com/forums/f284/happili-redirect-virus-642631.html m0rpheu$ Virus...Please help! http://www.techsupportforum.com/forums/f284/m0rpheu-virus-please-help-642332.html Wed, 25 Apr 2012 07:47:50 GMT Hi, Has anyone dealt with a m0rpheu$ virus before? I am struggling to get this off a machine. When i scan with ESET, it find that the virus is called Win32/Clofect.A. I have tried to scan with AVAST, MBAM, Super anti Spyware, Windows Essential. but nothing works. Does anyone know how to... Hi,
Has anyone dealt with a m0rpheu$ virus before? I am struggling to get this off a machine.
When i scan with ESET, it find that the virus is called Win32/Clofect.A.
I have tried to scan with AVAST, MBAM, Super anti Spyware, Windows Essential. but nothing works.
Does anyone know how to resolve this?
Please find more information of this virus on the link below,
http://www.eset.eu/encyclopaedia/win32-clofect-a-vipantispyware?lng=en
Many Thanks,
Gothy. ]]> Inactive Malware Help Topics Gothy http://www.techsupportforum.com/forums/f284/m0rpheu-virus-please-help-642332.html qiwy.exe running at startup http://www.techsupportforum.com/forums/f284/qiwy-exe-running-at-startup-642327.html Wed, 25 Apr 2012 06:39:21 GMT An executable called qiwy.exe runs when the windows startup everytime. I can see the command in the startup tab of msconfig, however, I cannot disable it manually by unchecking the box. I have ran reboot scan with Avast free antivirus and it told me qiwy.exe was a malware and it was being... An executable called qiwy.exe runs when the windows startup everytime. I can see the command in the startup tab of msconfig, however, I cannot disable it manually by unchecking the box.

I have ran reboot scan with Avast free antivirus and it told me qiwy.exe was a malware and it was being removed, but Avast failed to clean it. I have also used malwarebyte and Microsoft Security Essential to scan my computer, they picked up a dozen of other malware, but not qiwy.exe.

Subsequently I purchased Kaspersky Internet Security 2012, but it cannot pick up qiwy.exe.

My internet is at half the speed compared to four months ago when I last recorded it.

I want to find out whether this program is a malware, and if so how can I get rid of it.

The exe is located at:
C:\Users\MY ACCOUNT\AppData\Roaming\Ucun\qiwy.exe

I am running Windows 7 and I have the installation disc.

Thank you very much.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by BRYAN at 15:53:51 on 2012-04-25
Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.4091.3073 [GMT 10:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\wmi64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\userinit.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
uRun: [qiwy.exe] C:\Users\BRYAN\AppData\Roaming\Ucun\qiwy.exe
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C5AEE213-1592-43B2-BA68-E77096D96DBC} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {889D2FEB-5411-4565-8998-1DD2C5261283} - No File
BHO-X64: XunleiBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 87.229.126.55 Bing
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BRYAN\AppData\Roaming\Mozilla\Firefox\Profiles\oq983rjo.default\
FF - prefs.js: browser.search.selectedEngine - Google US
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: E:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2010-7-15 68136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-14 13336]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2010-7-14 72304]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2010-7-15 114688]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29 136176]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-29 136176]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-7-15 30528]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-04-24 08:20:13 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD41572F-4138-410C-ADFA-0F5C5B632EC3}\mpengine.dll
2012-04-19 12:21:00 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-04-18 13:10:58 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-04-18 13:10:58 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2012-04-18 09:58:45 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-18 09:58:45 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-18 07:40:38 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-04-18 07:40:38 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-04-17 12:03:00 41184 ----a-w- C:\Windows\avastSS.scr
2012-04-17 08:28:19 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-17 08:28:19 -------- d-----w- C:\Program Files\AVAST Software
2012-04-16 11:44:14 -------- d-----w- C:\Users\BRYAN\AppData\Roaming\Malwarebytes
2012-04-11 17:01:52 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-11 17:01:52 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-11 17:01:52 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-11 17:00:27 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 17:00:27 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 17:00:27 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 17:00:27 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 17:00:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 17:00:27 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 17:00:27 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-10 11:35:40 -------- d-----w- C:\Program Files\iTunes
2012-04-10 11:35:40 -------- d-----w- C:\Program Files\iPod
2012-04-04 17:18:45 -------- d-----w- C:\ProgramData\Battle.net
2012-04-04 13:36:12 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-04-25 05:53:31 25640 ----a-w- C:\Windows\gdrv.sys
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-05 07:23:36 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 00:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 00:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 00:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-14 02:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 15:54:49.16 ===============

Attached Files

Attach.zip (4.4 KB)

]]> Inactive Malware Help Topics BL23 http://www.techsupportforum.com/forums/f284/qiwy-exe-running-at-startup-642327.html