Tech Support Forum - Virus/Trojan/Spyware Help

Virus/spyware issue involving audio ads

Glok — Wed, 16 May 2012 23:04:48 GMT

Hello all, i am having an issue that i find myself completely at a loss to solve, there are anywhere from 2-4 iexplorer.exe processes open in my task manager at any given time, and there are random audio ads (from any given major company, verison, lysol, ect) and in my advanced options of my volume, the Wave volume randomly gets set to zero, so there is no sound. every once in a while, an internet explorer tab will open with some sort of pop up too. i have already run combofix twice, and that didnt solve anything. i think that is everything about the problem that i can think of. here are the logs that were requested by TSF:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by user at 15:34:07 on 2012-05-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.938 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
svchost.exe 4
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe 4
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10x_ActiveX.exe -update activex
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{43DE5F61-27D3-4D2E-B626-5BA9310C3D5A} : DhcpNameServer = 192.168.1.1 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\jvqxmv0o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-1 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-1 337880]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-1 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-1 44768]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-5-13 2348352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-1 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-1 136176]
.
=============== Created Last 30 ================
.
2012-05-16 21:37:08 -------- d-----w- c:\documents and settings\user\application data\SUPERAntiSpyware.com
2012-05-16 21:36:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-16 21:36:16 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-05-16 03:44:01 -------- d-sh--w- c:\documents and settings\user\IECompatCache
2012-05-16 03:30:27 -------- d-----w- c:\windows\pss
2012-05-15 21:17:45 -------- d-----w- c:\program files\Diablo III
2012-05-15 21:17:45 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2012-05-15 21:17:45 -------- d-----w- c:\documents and settings\all users\application data\Blizzard Entertainment
2012-05-15 11:01:15 -------- d-sh--w- c:\documents and settings\user\IETldCache
2012-05-15 10:31:33 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-05-15 10:29:26 -------- d-----w- c:\windows\ie8updates
2012-05-15 10:26:00 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-05-15 10:25:57 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-05-15 10:25:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-05-15 10:25:56 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-05-15 10:25:56 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-05-15 10:25:56 11082752 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-05-15 10:25:55 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-05-15 10:18:23 -------- dc-h--w- c:\windows\ie8
2012-05-15 10:01:35 -------- d-----w- c:\windows\system32\KB905474
2012-05-15 07:38:17 -------- d-----w- c:\program files\common files\Blizzard Entertainment.temp
2012-05-15 07:38:17 -------- d-----w- c:\documents and settings\all users\application data\Blizzard Entertainment.temp
2012-05-15 07:34:43 -------- d-----w- c:\documents and settings\all users\application data\Battle.net
2012-05-14 21:48:48 98816 ----a-w- c:\windows\sed.exe
2012-05-14 21:48:48 518144 ----a-w- c:\windows\SWREG.exe
2012-05-14 21:48:48 256000 ----a-w- c:\windows\PEV.exe
2012-05-14 21:48:48 208896 ----a-w- c:\windows\MBR.exe
2012-05-14 21:14:32 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-05-14 21:13:49 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-05-14 21:12:26 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-05-14 21:10:58 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-05-14 21:06:50 759296 -c--a-w- c:\windows\system32\dllcache\VGX.dll
2012-05-14 21:06:07 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-05-14 21:06:01 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-05-14 21:06:01 3072 ------w- c:\windows\system32\iacenc.dll
2012-05-14 21:05:36 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-05-14 21:05:17 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-05-13 22:46:03 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2012-05-13 22:46:03 79872 ------w- c:\windows\system32\msxml6r.dll
2012-05-13 22:46:03 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2012-05-13 22:46:02 1372672 ------w- c:\windows\system32\msxml6.dll
2012-05-13 22:42:38 294912 ------w- c:\program files\windows media player\dlimport.exe
2012-05-13 22:36:42 19569 ----a-w- c:\windows\003072_.tmp
2012-05-13 22:31:39 73728 ----a-w- c:\windows\ALCFDRTM.EXE
2012-05-13 21:47:19 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-05-13 21:47:19 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-05-13 21:46:59 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2012-05-13 21:46:32 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-05-13 21:46:23 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-05-13 21:46:09 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-05-13 21:43:05 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-05-13 21:39:47 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-05-13 21:36:28 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-05-13 21:36:28 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-05-13 21:34:55 -------- d-----w- c:\windows\system32\PreInstall
2012-05-13 21:34:53 -------- d--h--w- c:\windows\$hf_mig$
2012-05-13 21:31:15 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-05-13 21:05:37 -------- d-----w- c:\program files\WB Games
2012-05-13 20:54:17 -------- d-----w- c:\documents and settings\user\application data\Toribash
2012-05-13 20:53:20 -------- d-----w- c:\program files\Toribash-3.99
2012-05-13 20:45:37 -------- d-----w- c:\documents and settings\user\application data\NVIDIA
2012-05-13 20:42:38 -------- d-----w- c:\program files\Speccy
2012-05-13 20:42:22 -------- d-----w- c:\program files\CCleaner
2012-05-13 20:28:13 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2012-05-13 20:28:08 294912 ----a-w- c:\windows\HideWin.exe
2012-05-13 20:28:07 8 ----a-w- c:\windows\system32\drivers\RtkHDAud.dat
2012-05-13 20:28:05 2113536 ----a-w- c:\windows\MicCal.exe
2012-05-13 20:28:05 14679552 ----a-w- c:\windows\RTHDCPL.EXE
2012-05-13 20:28:04 40960 ----a-w- c:\windows\system32\ChCfg.exe
2012-05-13 20:28:04 262144 ----a-w- c:\windows\system32\RTSndMgr.CPL
2012-05-13 20:28:04 -------- d-----w- c:\windows\system32\RTCOM
2012-05-13 20:27:42 487424 ----a-w- c:\windows\RtlExUpd.dll
2012-05-13 20:27:41 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2012-05-13 20:27:41 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2012-05-13 20:27:41 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2012-05-13 20:27:41 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2012-05-13 20:27:41 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2012-05-13 20:27:41 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2012-05-13 20:27:39 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2012-05-13 20:27:38 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-05-13 20:13:41 73728 ----a-w- c:\windows\ALCFDRTM.VER
2012-05-09 21:25:57 -------- d-----w- c:\program files\Diablo II
.
==================== Find3M ====================
.
2012-05-13 22:02:43 293992 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-05-13 22:02:43 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-05-13 22:02:37 293992 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 23:58:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58:00 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58:00 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58:00 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58:00 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58:00 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58:00 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58:00 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58:00 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 23:58:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 20:30:31 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30:24 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30:24 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30:23 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-29 20:30:23 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 15:37:04.18 ===============

Attached Files

ark.zip (12.0 KB)

Need Help: Had viruses and getting redirected

gonequilting — Wed, 16 May 2012 20:36:40 GMT

I wish I had found you first. :uhoh: Hopefully nothing I tried made things worse. I had viruses on my computer (and probably still have something). I have Trend Micro Maximum Security and it didn't stop them. I started noticing problems early this month. I went online, from Safe mode with networking, to try to find solutions. I installed and ran the following: Spyhunter (It found things in it's scan but wanted you to pay for the program to remove them, so I didn't), Avast, Malware Bytes, SuperAnti-spyware, Hitman Pro 3. I have uninstalled them all before posting here, because it said to have only one antivirus installed. I did save the logs from the last 3 (couldn't get a detailed one from Avast). I will copy and paste the text from the logs at the bottom of this post. They may be helpful, especially if traces are still left behind. I am deleting the adware.tracking cookie part from the Super-antispyware portion because it is extremely long. Let me know if you need it later.
Even after the removal that was done by these programs, I am still having issues. Until yesterday, I could not use the computer in normal mode. It would freeze up after a few minutes. I am not sure what changed to allow it to work in normal mode again. I used control panel to delete some unused programs and the above mentioned anti-malware tools. I have my suspicions that part of the freezing problem may have been caused by Spyhunter (the first one I installed). It would try to load on boot up and the splash screen would just hang there. I have been having issues with a redirection virus as well. I quite often get redirected to other websites when clicking on links in a Google or Bing search. Also, Trend Micro keeps telling me my software is out of date and needs to connect to the internet to update. We have DSL, so our internet is always on. I suspect something is keeping it from working correctly.
I hope you can help. :blush: Again, I apologize if anything I already attempted makes things more difficult. I will paste the DDS and other info I mentioned and attach the zipped file asked for as well. I think we have access to a Windows or boot disk, but I have to ask my husband, when he gets home, to make sure.

Thank you, in advance, for your help!:flowers:
Shelly Jones

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Mach at 9:40:35 on 2012-05-16
Microsoft� Windows Vista� Home Premium 6.0.6002.2.1252.1.1033.18.2942.1392 [GMT -5:00]
.
AV: Titanium Maximum Security *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Titanium Maximum Security *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\agent.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\WinTV\TVServer\CAPTUR~4.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehRecvr.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Users\Mach\AppData\Local\Skillbrains\lightshot\2.5.0.0\LightShot.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiUpdateTray.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\WscStatusController.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.iminent.com/?appId=F3DAB35A-AA55-43DE-94C4-46C725424736
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
BHO: DivX Plus Web Player HTML5 : {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LightShot] c:\users\mach\appdata\local\skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
uRun: [Facebook Update] "c:\users\mach\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\mach\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\mach\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B1FF44D1-EBE8-4CB0-80F0-DFB804F34823} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mach\appdata\roaming\mozilla\firefox\profiles\k66c720t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://www.edoc9.com/cbrown/|hxxps://ccmis.dhs.state.ia.us/ProviderPortal/default.aspx|hxxps://accounts.google.com/ServiceLogin?service=cl&passive=1209600&continue=hxxps://www.google.com/calendar/render?gsessionid%3DOK&followup=hxxp://www.google.com/calendar
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\trend micro\titanium\uiframework\toolbar\firefoxextension\components\npToolbarChrome.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\mach\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\mach\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 objeprip;objeprip;c:\windows\system32\drivers\objeprip.sys [2008-1-20 45568]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2012-2-12 68368]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
R2 Agent;Agent;c:\windows\agent.exe [2012-4-10 155648]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2012-2-12 200632]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\tvserver\HAUPPA~1.EXE [2011-2-27 559104]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2011-2-27 1603712]
R3 hcw85cir;Hauppauge Consumer IR 3;c:\windows\system32\drivers\hcw85cir3.sys [2011-2-27 28672]
R3 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [2012-2-12 171280]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 257696]
S3 BTWAMPFL;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2011-2-27 302120]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-2-27 33832]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-28 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-5-4 26400]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 129976]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2008-9-9 20640]
S3 tmeevw;tmeevw;c:\windows\system32\drivers\tmeevw.sys [2012-2-12 55056]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-05-15 00:24:00 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-15 00:21:01 -------- d-----w- c:\windows\system32\syncdb
2012-05-04 22:45:24 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-05-04 16:28:59 -------- d-----w- c:\users\mach\appdata\roaming\thecleaner
2012-05-04 13:33:34 26400 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-05-04 13:32:12 -------- d-----w- c:\programdata\HitmanPro
2012-05-03 23:42:28 -------- d--h--w- c:\windows\PIF
2012-05-03 22:23:57 -------- d-----w- c:\users\mach\appdata\roaming\Malwarebytes
2012-05-03 22:23:44 -------- d-----w- c:\programdata\Malwarebytes
2012-05-03 00:29:01 -------- d-----w- c:\programdata\AVAST Software
2012-05-03 00:29:01 -------- d-----w- c:\program files\AVAST Software
2012-05-02 20:09:55 -------- d-----w- C:\sh4ldr
2012-05-02 20:09:54 -------- d-----w- c:\program files\Enigma Software Group
2012-05-02 20:03:45 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-05-02 20:03:29 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-05-02 19:54:11 -------- d-----w- c:\users\mach\appdata\local\{92A8B658-9490-11E1-826D-B8AC6F996F26}
2012-05-02 19:53:45 -------- d-----w- c:\users\mach\appdata\roaming\Otduul
2012-05-02 19:53:45 -------- d-----w- c:\users\mach\appdata\roaming\Anty
2012-05-02 19:53:45 -------- d-----w- c:\users\mach\appdata\roaming\Afucig
2012-05-02 19:53:42 -------- d-----w- c:\users\mach\appdata\local\MS
2012-05-01 17:56:02 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-05-01 17:46:07 108048 ----a-w- c:\windows\RegBootClean.exe
2012-04-26 22:24:18 -------- d-----w- c:\programdata\F4D562C8000075E10003A9A1570F1C8B
2012-04-26 13:34:07 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-26 13:34:00 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-26 13:34:00 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-25 22:24:47 -------- d-----w- c:\users\mach\appdata\roaming\.minecraft
2012-04-18 19:42:29 -------- d-----w- c:\users\mach\appdata\local\{810EAD5C-1C4C-4505-B2D5-484ED4992949}
.
==================== Find3M ====================
.
2012-05-15 01:16:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-15 01:16:23 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36:21 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-01 14:46:01 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-01 14:46:01 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:08:47 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-29 13:44:50 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-29 13:41:40 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 9:41:45.36 ===============

Malware Bytes Quick scan

Malwarebytes Anti-Malware 1.61.0.1400

Database version: v2012.05.03.08

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Mach :: MACH-PC [administrator]

5/3/2012 5:25:33 PM
mbam-log-2012-05-03 (17-25-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218992
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MSOffice (Trojan.Zbot) -> Data: "C:\Users\Mach\AppData\Local\MS\MSOffice.exe" /l -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully.
HKCU\Software\Microsoft|adver_id (Malware.Trace) -> Data: 0 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^^ -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 3
C:\Users\Mach\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com (PUP.PlaySushi) -> Quarantined and deleted successfully.
C:\Users\Mach\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome (PUP.PlaySushi) -> Quarantined and deleted successfully.
C:\Users\Mach\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components (PUP.PlaySushi) -> Quarantined and deleted successfully.

Files Detected: 15
C:\Users\Mach\AppData\Local\MS\MSOffice.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Mach\AppData\Local\Temp\~!#739B.tmp (Trojan.Agent.TRGen) -> Quarantined and deleted successfully.
C:\Users\Mach\AppData\Local\Temp\~!#75B2.tmp (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Users\Mach\AppData\Local\Temp\~!#763C.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Mach\AppData\Local\Temp\~!#79E5.tmp (Spyware.Password) -> Quarantined and deleted successfully.
C:\Users\Mach\AppData\Local\Temp\~!#8E8F.tmp (Trojan.Agent.H) -> Quarantined and deleted successfully.
C:\Users\Mach\AppData\Local\Temp\~!#9411.tmp (Trojan.CleaMan.TxGen) -> Quarantined and deleted successfully.
C:\Users\Mach\AppData\Local\Temp\~!#9E21.tmp (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Users\Mach\AppData\Local\Temp\~!#AAC2.tmp (Malware.Gen) -> Quarantined and deleted successfully.
C:\Users\Mach\AppData\Local\Temp\~!#BD88.tmp (Malware.Gen) -> Quarantined and deleted successfully.
C:\Users\Mach\winlogon.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
C:\Users\Mach\uidsave.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Mach\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\install.rdf (PUP.PlaySushi) -> Quarantined and deleted successfully.
C:\Users\Mach\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome\pstextlinks.jar (PUP.PlaySushi) -> Quarantined and deleted successfully.
C:\Users\Mach\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.xpt (PUP.PlaySushi) -> Quarantined and deleted successfully.

(end)

Malware Bytes full scan:

Malwarebytes Anti-Malware 1.61.0.1400

Database version: v2012.05.03.08

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Mach :: MACH-PC [administrator]

5/3/2012 6:50:07 PM
mbam-log-2012-05-03 (18-50-07).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1033017
Time elapsed: 2 hour(s), 9 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Users\Mach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\fb03b9b-3f3f2a34 (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\Mach\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\421635c7-438f74a5 (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\My Downloads\SmileyCreatorSetup2.3.67.1.SA.HP.EZfox000.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
G:\My Downloads\SoftonicDownloader_for_microsoft-digital-image.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
G:\My Downloads\SoftonicDownloader_for_tux-typing.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
G:\My Downloads\Gene's Backup\CRACK.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
G:\old harddrive\RECYCLER\NPROTECT\09731029.cid (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Super Anti-spyware quick scan:

SUPERAntiSpyware Scan Log

Generated 05/04/2012 at 04:31 PM

Application Version : 5.0.1148

Core Rules Database Version : 8558
Trace Rules Database Version: 6370

Scan type : Quick Scan
Total Scan Time : 00:03:59

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 340
Memory threats detected : 0
Registry items scanned : 27789
Registry threats detected : 0
File items scanned : 7909
File threats detected : 14

Trojan.Agent/Gen-Weirdon
C:\WINDOWS\SYSTEM32\MFC45.DLL

Super Anti-spyware full scan:

SUPERAntiSpyware Scan Log

Generated 05/04/2012 at 09:57 PM

Application Version : 5.0.1148

Core Rules Database Version : 8558
Trace Rules Database Version: 6370

Scan type : Complete Scan
Total Scan Time : 02:11:25

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 340
Memory threats detected : 0
Registry items scanned : 36472
Registry threats detected : 0
File items scanned : 171509
File threats detected : 610

Trojan.Agent/Gen-FSG
G:\MARK'S\KEYGEN.EXE
G:\MY DOWNLOADS\WINZIP\KEYGEN.EXE

Trojan.Agent/Gen-FraudPack
G:\MY DOWNLOADS\FACETHEME_INSTALLER(2).EXE
G:\MY DOWNLOADS\FACETHEME_INSTALLER.EXE

Trojan.Agent/Gen-Farfli
G:\MY DOWNLOADS\MEDIA PLAYER 10\ACELP_NET.EXE

Hitman Pro 3.6.0:
(Had to type up, but have screen shots saved in a word document on my computer as well, if needed)

Malware:
objeprip.dll.2 C:\Windows\system32\
ojeprip.dll.1 C:\Windows\system32\
merudb.exe.2 C:\Windows\system32\
merudb.exe.1 C:\Windows\system32\
fatahai.dll.2 C:\Windows\system32\
~!#A276.tmp C:\Users\Mach\AppData\Local\Temp\
~!#7532.tmp C:\Users\Mach\AppData\Local\Temp\
dscex.dll C:\Users\Mach\AppData\Local\Temp\
BC0C.tmp C:\Users\Mach\AppData\Local\Temp\
BC0B.tmp C:\Users\Mach\AppData\Local\Temp\

Trojan:
~!#A573.tmp C:\Users\Mach\AppData\Local\Temp\
rtfawcal.dll.2 C:\Windows\system32\
rtfawcal.dll.1 C:\Windows\system32\
fatahai.dll.1 C:\Windows\system32\
hifuxe.dll C:\Users\Mach\AppData\Local\Temp\

it said the above were all deleted

Attached Files

Attach.zip (7.2 KB)

new laptop suddenly becoming very slow.

abhi.rai — Wed, 16 May 2012 19:46:42 GMT

mine is a new laptop, i bought it only a few months back. it worked very smoothly initially. but suddenly it has gone very unresponsive. it lags a lot.

it has Intel B940 2nd gen dual core processor, 2gb RAM, win7 32bit OS.

it has gradually been getting slow.. first i thought its because of ram..
but recently its become very laggy. anywhere i click or anything i open, its now taking ages to respond.

i use ESET Smart Security 5, MalwareBytes, Advanced System care 5, and CCleaner too.
The antivirus and antimalware show no issues.
i clean my files and registry everyday with Ccleaner and ASC..

i think the hardware is decent enough.. n i also have so many security softwares... i still dont understand what is causing this sudden lag.

what do u think is the issue here.
can someone please help me out here.

Hardware disk Problem virus????

wadebarret — Wed, 16 May 2012 15:03:26 GMT

I keep getting an error box showing up with a red circle and an x in the middle. It says "Windows has detected a hardisk problem"

I heard this could be a phony and a virus. How can I tell if it's a virus or the real thing? An easy way because I did a chkdsk when I boot the pc and it didnt tell me anything after it booted up about anything so that was no help. Also if it is a hard disk problem is there any way to fix it without replacing it??? thanks

All files locked please help

lorro101 — Wed, 16 May 2012 12:21:23 GMT

Hello

Firstly thank you for this great forum, to everyone who is actively involved - thank you.

Operating system windows 7 64bit

Having spent best part of 2 days tyring to sort this out.

I was hit by the West Yorkshire Police Virus,- Ransomware 2 days ago on 14 May 2012. My monitor kept switching on and off, I then switched it off as it was froze completely

Since then
1. My system restore points have been deleted, so can not go back.
2. Keep getting error messages that say access may be limited although I have Administrator accounts. Can not access My Computer or Cpanel or anything at all on few of my windows user accounts, Some user accounts I can access these files and folders. Although they work fine in Safe mode for the same user account.
3. All my bookmarks and faviroutes have been deleted.
4. Every single file on my computer and harddrives have been locked for example
locked-535437.jpg.bzil.

I have tried the following so far:
1. Ran combo-fix
2. Ran Malwarebytes
3. Ran AVG
4. Ran Kaspersky windows unlocker from disk. The Kaspersky WindowsUnlocker utility to fight ransom malware
5. Ran TDSSKiller.exe
6. Ran SuperAntiSpyware Portable Scanner
7. Ran Prevx
They all detected alot of Malware Viruses and claimed to have deleted and cleaned them, which maybe the case. However no matter what I have tried I can not open any of my files whatsoever. There is a program called matsnu1decrypt.exe which other people have used and worked but it asks for original file which it then decrypts, in my case there are only 1 file of each instance.
I am gutted and feeling so bad since last 2 days as I have all my work files and all important documents, spent hours and hours trying various things but no joy, it is most definitely the worst thing I have ever had the misfortune to experience using the net and computer.
I came across this forum where I see alot of people have been helped by kind members, and would really appreciate if anyone can offer any help whatsoever,
Kind Regards

Computer is riddled...

Rico_Tubbs — Tue, 15 May 2012 17:12:04 GMT

Ran TDSS killer and combo fix to no avail.

Combo fix log:

ComboFix 12-05-15.03 - new 15/05/2012 16:29:22.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.443 [GMT 1:00]
Running from: F:\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\feelx55KX.exe
c:\documents and settings\All Users\Application Data\N03X5M5r.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\NetworkService\Local Settings\Application Data\feelx55KX.exe
c:\documents and settings\new\Application Data\Gaxela
c:\documents and settings\new\Application Data\Gaxela\ofdyo .exe
c:\documents and settings\new\Application Data\Tiuv
c:\documents and settings\new\Application Data\Tiuv\apnu .exe
c:\documents and settings\new\Application Data\Tiuv\apnu.exe
c:\documents and settings\new\Application Data\Xiso
c:\documents and settings\new\Application Data\Xiso\wyza.tmp
c:\documents and settings\new\Application Data\Yfaz
c:\documents and settings\new\Application Data\Yfaz\niif .exe
c:\documents and settings\new\Start Menu\Programs\Startup\0tpkk6w.exe
c:\documents and settings\new\Start Menu\Programs\Startup\2fvwrhi.exe
c:\documents and settings\new\Start Menu\Programs\Startup\3ccxttp.exe
c:\documents and settings\new\Start Menu\Programs\Startup\3iiduup.exe
c:\documents and settings\new\Start Menu\Programs\Startup\6cc6oo6.exe
c:\documents and settings\new\Start Menu\Programs\Startup\70plgg6.exe
c:\documents and settings\new\Start Menu\Programs\Startup\9i1eaav.exe
c:\documents and settings\new\Start Menu\Programs\Startup\ccxoojaa.exe
c:\documents and settings\new\Start Menu\Programs\Startup\dny3a1qr08.exe
c:\documents and settings\new\Start Menu\Programs\Startup\dttpffbr.exe
c:\documents and settings\new\Start Menu\Programs\Startup\e6qq6cc6.exe
c:\documents and settings\new\Start Menu\Programs\Startup\ezqqlccx.exe
c:\documents and settings\new\Start Menu\Programs\Startup\fa1wssneez.exe
c:\documents and settings\new\Start Menu\Programs\Startup\fk81whid.exe
c:\documents and settings\new\Start Menu\Programs\Startup\i3kkfwwriid.exe
c:\documents and settings\new\Start Menu\Programs\Startup\idezpqlb.exe
c:\documents and settings\new\Start Menu\Programs\Startup\jfvvrhhdtt.exe
c:\documents and settings\new\Start Menu\Programs\Startup\kfwwridd.exe
c:\documents and settings\new\Start Menu\Programs\Startup\kggbssneez.exe
c:\documents and settings\new\Start Menu\Programs\Startup\ll2rhidtupv.exe
c:\documents and settings\new\Start Menu\Programs\Startup\m70njee6q.exe
c:\documents and settings\new\Start Menu\Programs\Startup\mmhyytkkfw.exe
c:\documents and settings\new\Start Menu\Programs\Startup\o9k1gccxoo.exe
c:\documents and settings\new\Start Menu\Programs\Startup\pfl60nij.exe
c:\documents and settings\new\Start Menu\Programs\Startup\plgg6ss6.exe
c:\documents and settings\new\Start Menu\Programs\Startup\q1minjzzvl.exe
c:\documents and settings\new\Start Menu\Programs\Startup\rm1ieezqql.exe
c:\documents and settings\new\Start Menu\Programs\Startup\s1okkfwwri.exe
c:\documents and settings\new\Start Menu\Programs\Startup\tjjfvvrh.exe
c:\documents and settings\new\Start Menu\Programs\Startup\tkkfwwri.exe
c:\documents and settings\new\Start Menu\Programs\Startup\xy70zvqq6c.exe
c:\documents and settings\new\Start Menu\Programs\Startup\zqqlccxooja.exe
c:\documents and settings\Nick\gegnwc.exe
C:\googlemaps.exe
c:\googlemaps.exe\googlemaps.exe
c:\program files\$NtUninstallWTF1012$
c:\program files\$NtUninstallWTF1012$\elUninstall.exe
c:\windows\$NtUninstallMTF1011$
c:\windows\$NtUninstallMTF1011$\apUninstall.exe
c:\windows\Fonts\feelx55KX.com
c:\windows\system32\CddbCdda.dll
c:\windows\system32\config\systemprofile\feelx55KX.com
c:\windows\System32\Drivers\amydrhvy.sys
c:\windows\System32\Drivers\aohuitfp.sys
c:\windows\system32\Drivers\cdkkfkbb.sys
c:\windows\system32\Drivers\dpggpusg.sys
c:\windows\system32\Drivers\ehxkqdtf.sys
c:\windows\System32\Drivers\hkpwrxho.sys
c:\windows\System32\Drivers\oldmridn.sys
c:\windows\system32\Drivers\rlqeazap.sys
c:\windows\system32\Drivers\tfafckqe.sys
c:\windows\System32\Drivers\ydxbstgc.sys
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET1011.tmp
c:\windows\system32\SET101F.tmp
c:\windows\system32\SET1021.tmp
c:\windows\system32\SET1026.tmp
c:\windows\system32\SET102D.tmp
c:\windows\system32\SET1036.tmp
c:\windows\system32\SET1037.tmp
c:\windows\system32\SET1038.tmp
c:\windows\system32\SET1039.tmp
c:\windows\system32\SET103B.tmp
c:\windows\system32\SETFE6.tmp
c:\windows\system32\SETFE7.tmp
c:\windows\system32\udhtbpbqmbgatqyjl.exe
c:\windows\Tasks\At100.job
D:\autorun.inf
.
c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
-------\Service_amydrhvy
-------\Service_aohuitfp
-------\Service_cdkkfkbb
-------\Service_dpggpusg
-------\Service_ehxkqdtf
-------\Service_hkpwrxho
-------\Service_oldmridn
-------\Service_rlqeazap
-------\Service_tfafckqe
-------\Service_ydxbstgc
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-15 16:15 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2012-05-15 16:15 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe
2012-05-15 15:04 . 2012-05-15 15:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-08 20:37 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-05-08 20:37 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 15:05 . 2004-08-03 22:59 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

Code:



c:\program files\Common Files\Ahead\Lib\NMBgMonitor .exe

c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe

c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe

c:\program files\Malwarebytes' Anti-Malware\mbam  .exe

c:\program files\QuickTime\qttask                               .exe

c:\program files\QuickTime\qttask                             .exe

c:\program files\QuickTime\qttask                            .exe

c:\program files\QuickTime\qttask                           .exe

c:\program files\QuickTime\qttask                          .exe

c:\program files\QuickTime\qttask                         .exe

c:\program files\QuickTime\qttask                        .exe

c:\program files\QuickTime\qttask                       .exe

c:\program files\QuickTime\qttask                      .exe

c:\program files\QuickTime\qttask                     .exe

c:\program files\QuickTime\qttask                    .exe

c:\program files\QuickTime\qttask                   .exe

c:\program files\QuickTime\qttask                  .exe

c:\program files\QuickTime\qttask                 .exe

c:\program files\QuickTime\qttask                .exe

c:\program files\QuickTime\qttask               .exe

c:\program files\QuickTime\qttask              .exe

c:\program files\QuickTime\qttask             .exe

c:\program files\QuickTime\qttask            .exe

c:\program files\QuickTime\qttask           .exe

c:\program files\QuickTime\qttask          .exe

c:\program files\QuickTime\qttask         .exe

c:\program files\QuickTime\qttask        .exe

c:\program files\QuickTime\qttask       .exe

c:\program files\QuickTime\qttask      .exe

c:\program files\QuickTime\qttask     .exe

c:\program files\QuickTime\qttask    .exe

c:\program files\QuickTime\qttask   .exe

c:\program files\QuickTime\qttask  .exe

c:\program files\QuickTime\qttask .exe

c:\program files\Winamp\winampa .exe

.
((((((((((((((((((((((((((((( SnapShot@2010-04-29_22.27.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-15 16:18 . 2012-05-15 16:18 16384 c:\windows\temp\Perflib_Perfdata_218.dat
+ 2012-05-15 16:18 . 2012-05-15 16:18 16384 c:\windows\temp\Perflib_Perfdata_19c.dat
+ 2006-09-28 18:56 . 2006-09-15 22:30 55296 c:\windows\system32\WudfSvc.dll
+ 2006-09-28 20:13 . 2006-09-15 22:30 87040 c:\windows\system32\WUDFCoinstaller.dll
+ 2010-05-09 22:54 . 2008-04-14 00:12 53760 c:\windows\system32\vfwwdm32.dll
+ 2010-09-27 14:29 . 2009-07-15 09:48 29000 c:\windows\system32\uxtuneup.dll
+ 2007-01-29 08:58 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2008-01-14 02:07 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll
- 2008-01-14 02:07 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2005-08-16 04:18 . 2010-03-28 04:13 71732 c:\windows\system32\perfc009.dat
+ 2005-08-16 04:18 . 2012-05-08 20:38 71732 c:\windows\system32\perfc009.dat
- 2007-10-04 11:26 . 2007-02-22 09:15 65536 c:\windows\system32\nmwcdcocls.dll
+ 2010-06-11 11:14 . 2007-02-22 10:15 65536 c:\windows\system32\nmwcdcocls.dll
+ 2007-10-04 11:26 . 2007-02-22 10:15 90624 c:\windows\system32\nmwcdcls.dll
- 2007-10-04 11:26 . 2007-02-22 09:15 90624 c:\windows\system32\nmwcdcls.dll
+ 2010-06-17 13:36 . 2010-06-17 13:36 46592 c:\windows\system32\gmoj.dll
+ 2010-08-28 19:11 . 2010-07-12 11:38 38920 c:\windows\system32\feelx55KX.com
+ 2010-06-11 11:14 . 2007-02-22 10:15 12288 c:\windows\system32\DRVSTORE\nmwcdm2k_F3FA2468AF360A65811B287DD7A88CB715CF7275\nmwcdcm.sys
+ 2010-06-11 11:14 . 2007-02-22 10:15 12288 c:\windows\system32\DRVSTORE\nmwcdcj_F3FA2468AF360A65811B287DD7A88CB715CF7275\nmwcdcj.sys
+ 2010-06-11 11:14 . 2007-02-22 10:15 65536 c:\windows\system32\DRVSTORE\nmwcd_F3FA2468AF360A65811B287DD7A88CB715CF7275\nmwcdcocls.dll
+ 2010-06-11 11:14 . 2007-02-22 10:15 90624 c:\windows\system32\DRVSTORE\nmwcd_F3FA2468AF360A65811B287DD7A88CB715CF7275\nmwcdcls.dll
+ 2006-09-28 19:00 . 2006-09-15 21:30 82688 c:\windows\system32\drivers\WudfRd.sys
+ 2006-09-28 18:55 . 2006-09-15 21:29 76544 c:\windows\system32\drivers\WudfPf.sys
+ 2010-05-09 22:54 . 2008-04-13 18:46 19200 c:\windows\system32\drivers\WSTCODEC.SYS
+ 2010-05-09 22:54 . 2008-04-13 18:46 15232 c:\windows\system32\drivers\StreamIP.sys
+ 2010-05-09 22:54 . 2008-04-13 18:46 11136 c:\windows\system32\drivers\SLIP.sys
- 2007-10-04 11:26 . 2007-02-22 09:15 12288 c:\windows\system32\drivers\nmwcdcm.sys
+ 2010-06-11 11:14 . 2007-02-22 10:15 12288 c:\windows\system32\drivers\nmwcdcm.sys
+ 2010-06-11 11:14 . 2007-02-22 10:15 12288 c:\windows\system32\drivers\nmwcdcj.sys
- 2007-10-04 11:26 . 2007-02-22 09:15 12288 c:\windows\system32\drivers\nmwcdcj.sys
+ 2010-05-09 22:54 . 2008-04-13 18:46 10880 c:\windows\system32\drivers\NdisIP.sys
+ 2010-05-09 22:54 . 2008-04-13 18:46 85248 c:\windows\system32\drivers\NABTSFEC.sys
+ 2010-04-29 22:35 . 2009-09-10 13:54 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2010-04-29 22:35 . 2009-09-10 13:53 19160 c:\windows\system32\drivers\mbam.sys
+ 2010-05-09 22:54 . 2008-04-13 18:46 17024 c:\windows\system32\drivers\CCDECODE.sys
+ 2010-05-09 22:54 . 2008-04-13 18:46 19200 c:\windows\system32\dllcache\wstcodec.sys
+ 2010-05-09 22:54 . 2008-04-14 00:12 53760 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2010-05-09 22:54 . 2008-04-13 18:46 15232 c:\windows\system32\dllcache\streamip.sys
+ 2010-05-09 22:54 . 2008-04-13 18:46 11136 c:\windows\system32\dllcache\slip.sys
+ 2010-05-09 22:54 . 2008-04-13 18:46 10880 c:\windows\system32\dllcache\ndisip.sys
+ 2010-05-09 22:54 . 2008-04-13 18:46 85248 c:\windows\system32\dllcache\nabtsfec.sys
+ 2004-08-04 00:56 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
- 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-04 00:56 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
- 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2004-08-03 22:59 . 2008-04-13 18:40 36352 c:\windows\system32\dllcache\disk.sys
+ 2010-05-09 22:54 . 2008-04-13 18:46 17024 c:\windows\system32\dllcache\ccdecode.sys
- 2007-01-15 21:41 . 2010-04-29 22:24 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-01-15 21:41 . 2010-10-07 17:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-12 11:44 . 2010-07-12 11:44 78924 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat
+ 2007-01-15 21:41 . 2010-10-07 17:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-01-15 21:41 . 2010-04-29 22:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-06-24 18:49 . 2010-10-07 17:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-06-16 09:39 . 2010-06-24 18:33 45056 c:\windows\system32\4j8xHmjq.dll
+ 2010-05-09 22:48 . 2010-05-09 22:48 24064 c:\windows\Installer\d9591d0.msi
+ 2010-06-16 17:01 . 2010-06-16 17:01 21504 c:\windows\Installer\61739.msi
+ 2010-06-11 11:15 . 2010-06-11 11:15 15086 c:\windows\Installer\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\ARPPRODUCTICON.exe
+ 2010-06-11 11:14 . 2010-06-11 11:14 10134 c:\windows\Installer\{99A40651-0BC2-4095-8F9A-A40FAB224FEF}\ARPPRODUCTICON.exe
+ 2010-06-11 12:58 . 2006-09-28 18:56 55808 c:\windows\$NtUninstallWudf01005$\wudfsvc.dll
+ 2010-06-11 12:58 . 2006-09-28 19:00 82944 c:\windows\$NtUninstallWudf01005$\wudfrd.sys
+ 2010-06-11 12:58 . 2006-09-28 18:55 77568 c:\windows\$NtUninstallWudf01005$\wudfpf.sys
+ 2010-06-11 12:58 . 2006-09-28 20:13 95344 c:\windows\$NtUninstallWudf01005$\wudfcoinstaller.dll
+ 2010-06-11 12:58 . 2006-09-15 21:30 70656 c:\windows\$NtUninstallWudf01005$\spuninst\WudfCustom.dll
+ 2010-05-26 19:35 . 2010-01-23 08:11 46080 c:\windows\$NtUninstallKB981793$\tzchange.exe
+ 2010-05-26 19:35 . 2010-04-22 22:21 16896 c:\windows\$NtUninstallKB981793$\spuninst\tzchange.dll
+ 2010-05-16 12:56 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978542\update\spcustom.dll
+ 2010-05-16 12:56 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB978542\spmsg.dll
+ 2010-06-11 11:14 . 2007-02-22 10:15 8320 c:\windows\system32\DRVSTORE\nmwcdc_F3FA2468AF360A65811B287DD7A88CB715CF7275\nmwcdc.sys
+ 2010-06-11 11:14 . 2007-02-22 10:15 8320 c:\windows\system32\drivers\nmwcdc.sys
- 2007-10-04 11:26 . 2007-02-22 09:15 8320 c:\windows\system32\drivers\nmwcdc.sys
+ 2010-05-09 22:55 . 2008-04-13 18:39 5504 c:\windows\system32\drivers\MSTEE.sys
- 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2010-05-09 22:55 . 2008-04-13 18:39 5504 c:\windows\system32\dllcache\mstee.sys
+ 2010-06-11 11:14 . 2010-06-11 11:14 3262 c:\windows\Installer\{11964613-805F-432D-A12B-169554B793E7}\ARPPRODUCTICON.exe
+ 2009-04-30 22:04 . 2009-04-30 22:04 145944 c:\windows\twain_32\QuickCam\lvWIAext.dll
+ 2006-09-28 18:56 . 2006-09-15 22:30 308224 c:\windows\system32\WUDFx.dll
+ 2007-06-08 07:11 . 2007-06-08 07:11 831048 c:\windows\system32\WudfUpdate_01005.dll
+ 2006-09-28 18:56 . 2006-09-15 21:29 163840 c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 18:56 . 2006-09-15 22:30 142848 c:\windows\system32\WudfHost.exe
+ 2010-09-27 14:29 . 2010-09-27 14:29 604488 c:\windows\system32\TUProgSt.exe
+ 2010-09-27 14:29 . 2010-09-27 14:29 361288 c:\windows\system32\TuneUpDefragService.exe
+ 2005-08-16 04:18 . 2012-05-08 20:38 442466 c:\windows\system32\perfh009.dat
- 2005-08-16 04:18 . 2010-03-28 04:13 442466 c:\windows\system32\perfh009.dat
- 2004-08-04 00:56 . 2008-04-14 00:12 294912 c:\windows\system32\msh263.drv
+ 2004-08-04 00:56 . 2008-04-14 00:12 294912 c:\windows\system32\msh263.drv
+ 2009-10-03 03:39 . 2010-05-12 10:21 221568 c:\windows\system32\MpSigStub.exe
+ 2009-04-30 22:02 . 2009-04-30 22:02 539160 c:\windows\system32\LVUI2RC.dll
+ 2009-04-30 22:02 . 2009-04-30 22:02 539160 c:\windows\system32\LVUI2.dll
+ 2009-04-30 21:57 . 2009-04-30 21:57 416280 c:\windows\system32\lvcodec2.dll
+ 2009-04-30 21:57 . 2009-04-30 21:57 199192 c:\windows\system32\lvci1201278.dll
- 2005-08-16 04:40 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
+ 2005-08-16 04:40 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
+ 2010-06-11 11:14 . 2007-06-08 07:11 831048 c:\windows\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\WudfUpdate_01005.dll
+ 2010-06-11 11:14 . 2007-06-08 08:30 528384 c:\windows\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\PCCSWpdDriver.dll
+ 2010-06-11 11:14 . 2007-02-22 10:15 137216 c:\windows\system32\DRVSTORE\nmwcd_F3FA2468AF360A65811B287DD7A88CB715CF7275\nmwcd.sys
+ 2007-06-08 08:30 . 2007-06-08 08:30 528384 c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
+ 2010-06-11 11:14 . 2007-02-22 10:15 137216 c:\windows\system32\drivers\nmwcd.sys
- 2007-10-04 11:26 . 2007-02-22 09:15 137216 c:\windows\system32\drivers\nmwcd.sys
+ 2004-08-03 23:15 . 2008-04-13 19:16 141056 c:\windows\system32\dllcache\ks.sys
- 2008-09-05 17:30 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2008-09-05 17:30 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-09-15 08:40 . 2010-08-04 12:20 178644 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
+ 2010-06-11 11:14 . 2010-06-11 11:14 492032 c:\windows\Installer\34a70d.msi
+ 2010-06-11 11:14 . 2010-06-11 11:14 357376 c:\windows\Installer\34a707.msi
+ 2010-06-11 12:58 . 2006-09-28 18:56 316416 c:\windows\$NtUninstallWudf01005$\wudfx.dll
+ 2010-06-11 12:58 . 2006-09-28 18:56 165376 c:\windows\$NtUninstallWudf01005$\wudfplatform.dll
+ 2010-06-11 12:58 . 2006-09-28 18:56 146432 c:\windows\$NtUninstallWudf01005$\wudfhost.exe
+ 2010-06-11 12:58 . 2006-09-16 02:02 379184 c:\windows\$NtUninstallWudf01005$\spuninst\updspapi.dll
+ 2010-06-11 12:58 . 2006-09-16 02:02 221488 c:\windows\$NtUninstallWudf01005$\spuninst\spuninst.exe
+ 2010-05-26 19:35 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB981793$\spuninst\updspapi.dll
+ 2010-05-26 19:35 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB981793$\spuninst\spuninst.exe
+ 2010-05-16 12:56 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978542$\spuninst\updspapi.dll
+ 2010-05-16 12:56 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978542$\spuninst\spuninst.exe
+ 2010-05-16 12:56 . 2008-04-11 19:04 691712 c:\windows\$NtUninstallKB978542$\inetcomm.dll
+ 2010-05-16 12:56 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB978542\update\updspapi.dll
+ 2010-05-16 12:56 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB978542\update\update.exe
+ 2010-05-16 12:56 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB978542\spuninst.exe
+ 2010-01-29 14:53 . 2010-01-29 14:53 691712 c:\windows\$hf_mig$\KB978542\SP3QFE\inetcomm.dll
+ 2009-04-30 21:55 . 2009-04-30 21:55 2687512 c:\windows\system32\drivers\LV302V32.SYS
+ 2009-08-12 19:29 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
- 2009-08-12 19:29 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-07-20 15:21 . 2009-07-20 15:21 1070592 c:\windows\Installer\77b21.msp
+ 2010-06-11 11:15 . 2010-06-11 11:15 2501120 c:\windows\Installer\34a714.msi
+ 2010-05-16 12:56 . 2009-07-10 13:27 1315328 c:\windows\$NtUninstallKB978542$\msoe.dll
+ 2010-01-29 14:53 . 2010-01-29 14:53 1315328 c:\windows\$hf_mig$\KB978542\SP3QFE\msoe.dll
+ 2007-01-16 10:26 . 2010-04-30 18:51 32058312 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-13 39408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2010-09-15 38928]
"googlemaps.exe"="c:\googlemaps.exe\googlemaps.exe" [N/A]
"{2F36BC50-6052-82F3-6C56-08E5A24D79A6}"="c:\documents and settings\new\Application Data\Tiuv\apnu.exe" [N/A]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-06-07 38916]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
"googlemaps.exe"="c:\googlemaps.exe\googlemaps.exe" [N/A]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
igac.exe [2010-10-7 184320]
ikkely.exe [2010-9-10 120832]
kaiwyp.exe [2010-9-10 120832]
notyxe.exe [2010-10-7 184320]
syawz.exe [2010-7-31 149504]
umixeh.exe [2010-10-7 184320]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
besozu.exe [2010-10-7 184320]
gywob.exe [2010-10-7 184320]
kewu.exe [2010-9-10 120832]
maufp.exe [2010-10-7 184320]
reocp.exe [2010-7-31 149504]
xywii.exe [2010-9-10 120832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2006-04-27 10:30 53248 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk
backup=c:\windows\pss\SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WA-T1.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WA-T1.lnk
backup=c:\windows\pss\WA-T1.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech BT Wizard]
LBTWiz.exe -silent [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
2008-02-27 16:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 01:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
c:\progra~1\AVG\AVG8\avgtray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-08 08:49 323392 ----a-w- c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-08-14 14:20 462336 ----a-w- c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2006-06-12 13:32 700416 ----a-w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 05:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 03:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 14:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2006-07-06 07:15 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-07-21 16:48 98304 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 16:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 16:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2008-02-27 16:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2005-12-20 17:38 28160 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
2008-04-28 11:04 69632 ----a-w- c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-01-19 12:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-07-21 16:47 81920 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppmate]
2006-11-23 01:45 1495123 ----a-w- c:\program files\PPMate\PPMate\ppmate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-06-29 12:11 38916 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-07-24 10:20 282624 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 04:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-10-06 00:14 2075384 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
c:\program files\Winamp\winampa.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
.
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [04/11/2008 16:02 460168]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09/05/2010 23:49 135664]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6FD3A736-DA2E-48D6-A174-629278E32478}]
2010-06-17 13:36 46592 ----a-w- c:\windows\system32\gmoj.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
.
2010-09-19 c:\windows\Tasks\At1393.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-11 c:\windows\Tasks\At1394.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-11 c:\windows\Tasks\At1395.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1396.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1397.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1398.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-20 c:\windows\Tasks\At1399.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1400.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1401.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1402.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1403.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-10-21 c:\windows\Tasks\At1404.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-10-21 c:\windows\Tasks\At1405.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1406.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1407.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1408.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2012-05-15 c:\windows\Tasks\At1409.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1410.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1411.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1412.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1413.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1414.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2012-05-08 c:\windows\Tasks\At1415.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2012-05-08 c:\windows\Tasks\At1416.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1465.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-09-11 c:\windows\Tasks\At1466.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-09-11 c:\windows\Tasks\At1467.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-09-10 c:\windows\Tasks\At1468.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-09-10 c:\windows\Tasks\At1469.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-09-10 c:\windows\Tasks\At1470.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-09-20 c:\windows\Tasks\At1471.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-09-10 c:\windows\Tasks\At1472.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-09-10 c:\windows\Tasks\At1473.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-09-10 c:\windows\Tasks\At1474.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-09-10 c:\windows\Tasks\At1475.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-10-21 c:\windows\Tasks\At1476.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-10-21 c:\windows\Tasks\At1477.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-09-19 c:\windows\Tasks\At1478.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-09-19 c:\windows\Tasks\At1479.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-09-19 c:\windows\Tasks\At1480.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2012-05-15 c:\windows\Tasks\At1481.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-09-19 c:\windows\Tasks\At1482.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-09-19 c:\windows\Tasks\At1483.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-09-19 c:\windows\Tasks\At1484.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-09-19 c:\windows\Tasks\At1485.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-09-19 c:\windows\Tasks\At1486.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2012-05-08 c:\windows\Tasks\At1487.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2012-05-08 c:\windows\Tasks\At1488.job
- c:\documents and settings\Nick\Local Settings\Application Data\feelx55KX.exe [2010-08-06 11:38]
.
2010-09-19 c:\windows\Tasks\At1537.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-11 c:\windows\Tasks\At1538.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-11 c:\windows\Tasks\At1539.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1540.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1541.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1542.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-20 c:\windows\Tasks\At1543.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1544.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1545.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1546.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1547.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-10-21 c:\windows\Tasks\At1548.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-10-21 c:\windows\Tasks\At1549.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1550.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1551.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1552.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2012-05-15 c:\windows\Tasks\At1553.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1554.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1555.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1556.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1557.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1558.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2012-05-08 c:\windows\Tasks\At1559.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2012-05-08 c:\windows\Tasks\At1560.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1777.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-11 c:\windows\Tasks\At1778.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-11 c:\windows\Tasks\At1779.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1780.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1781.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1782.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-20 c:\windows\Tasks\At1783.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1784.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1785.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1786.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-10 c:\windows\Tasks\At1787.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-10-21 c:\windows\Tasks\At1788.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-10-21 c:\windows\Tasks\At1789.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1790.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1791.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1792.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2012-05-15 c:\windows\Tasks\At1793.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1794.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1795.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1796.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1797.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2010-09-19 c:\windows\Tasks\At1798.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2012-05-08 c:\windows\Tasks\At1799.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2012-05-08 c:\windows\Tasks\At1800.job
- c:\windows\system32\feelx55KX.com [2010-08-28 11:38]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 22:49]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 22:49]
.
2012-05-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = Dell Start Page
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: Interfaces\{0ADAE46A-CCA6-4469-9E1B-58E825F426E3}: NameServer = 93.188.163.175,93.188.161.178
TCP: Interfaces\{2FE9FFB1-06BC-497D-8B24-C81BDE03E31D}: NameServer = 193.38.113.3,194.117.157.4
TCP: Interfaces\{D8133F5F-C039-41DA-B4A4-10BBB784F029}: NameServer = 93.188.163.175,93.188.161.178
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{34048889-7E1E-4707-A23B-1EEC340DBC16} - (no file)
BHO-{34B78DD3-E27A-4545-8AE0-ECA054292CE0} - (no file)
BHO-{B16AEA61-F2C9-4E1D-80C5-E6C6627F1DC0} - (no file)
SafeBoot-64208300.sys
AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe
AddRemove-$NtUninstallWTF1012$ - c:\program files\$NtUninstallWTF1012$\elUninstall.exe
AddRemove-udhtbpbqmbgatqyjl - c:\windows\system32\udhtbpbqmbgatqyjl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-05-15 17:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1108)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(3712)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\windows\System32\TUProgSt.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2012-05-15 17:26:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-15 16:26
ComboFix2.txt 2010-05-05 10:51
ComboFix3.txt 2010-04-30 09:58
ComboFix4.txt 2010-04-29 22:33
.
Pre-Run: 2,681,430,016 bytes free
Post-Run: 2,792,255,488 bytes free
.
- - End Of File - - E7EEF45ABBE3A551F898C874D758B70A
> <

Many thanks

Infected with malware, need help please.

Heezea — Tue, 15 May 2012 12:23:35 GMT

Hello,

My computer has become infected with malware. I first started noticing problems when software I had installed stopped working or lost functionality.

A few specific examples: my Deltek Vision stopped working entirely until I updated Windows. Once I updated Windows, my sametime stopped working. Adobe Acrobat also started hanging very regularly. When I tried to update Acrobat, it kept repeatedly trying to install the version that it already was at (10.0.3). When I tried installing Symantec, the software wouldn't install.

I attempted to follow the instructions "Read this before posting for malware..."

I don't think the DDS.SCR file worked correctly; I only got one output file that opened in notepad. I saved the output file as .txt and have included it here. I didn't run the gmer file because I have a 64-bit system.

Any assistance would be greatly appreciated.

Thanks.

Attached Files

DDS.txt (593.0 KB)

I think I have a virus, but I don't know what do, PLEASE HELP ME!!!

zeiriza — Tue, 15 May 2012 05:43:58 GMT

I think my computer have a virus or something because either running slow or it will get so that it will freeze and even then, you will have to (a) click the restart program (like with the window not responding and you click several times and then it'll turn white and offer some choices) or (b) have to shut down the computer itself. At first, I though it was dirty (and it was, until we got it clean), then I figure it must be getting old (I had it since Feb of 2007); that can't be right because I worked on computers that are older than five years old and they worked fine.

I figure it must have some virus that Microsoft Security Essential keep missing !!!!:angry: Everytime I scan it, it keep say the computer is clean (well it might pick up a warning of a trojan horse or cookie every now and then)!? So I went to several places on the net to help me solve my problems, but they keep saying download this or download that; I don't trust them that well now. Hell, I took a risk downloading Spybot, Combofix and Exterminate It!. I scan my computer yesterday with all three (in order as above) and they all gave me three different reports. (1) Which report do you think I should use/trust. I click on the findings and see they have a registry; i'll admit, I have deleted some of the registry that was on those reports, if I can't delete them (2) what to do next?

Also the day before yesterday, I went to a computer store and told them my problem (also I forgot to mention, that couple of days ago, everytime I click on any link on Google or Yahoo, I always get redirected to some other site or advertisment; then (for now) it all of a sudden stopped do so) and they're saying bring in my computer to them; I don't have the money, so I have do it myself (3) can I do this myself? Told me that while I was shopping for a anti-spyware program to help with this problem, and they saying I have to get rid of the viruses before installing the program onto the computer (4) is that true? and if so (5) whats the point in getting a anti-spyware program if it can't do half of what it's suppose to do (I got the double anti-spy: professional). Please help me, I am at a lost and I not the only one who uses this computer.
I did however, follow you all's instructions and (I can't download the zip file because the thing keep saying my file zip was too big) attached my logs onto this post. Also, for the hell of it, I went on and installed the Double Anti-Spyware (it caught a few bugs, but I know theirs more).

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Owner at 13:01:37 on 2012-05-13
Microsoft� Windows Vista� Home Premium 6.0.6002.2.1252.1.1033.18.894.324 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\MsiExec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = 127.0.0.1:9421;;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:60606;https=127.0.0.1:60606;ftp=127.0.0.1:60606
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
mURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\owner\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\owner\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5D823438-EE38-4103-BA14-93D27E2DB8FF} : DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-4-9 247760]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-30 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-5-8 1153368]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-7-30 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-6 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-13 06:15:48 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{68694ec0-29d5-4a4a-925c-3f026c554a1c}\mpengine.dll
2012-05-12 07:46:16 -------- d-----w- c:\windows\0B8E4CEEC297444DBB659B3355448055.TMP
2012-05-12 07:42:56 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-05-12 06:49:17 -------- d--h--w- C:\_Backup
2012-05-12 06:36:41 -------- d-----w- c:\users\owner\appdata\roaming\Avanquest
2012-05-12 06:36:40 -------- d-----w- c:\programdata\Avanquest
2012-05-12 06:35:03 -------- d-----w- c:\program files\common files\AntiVirus
2012-05-12 06:34:30 -------- d-----w- c:\program files\Avanquest
2012-05-11 17:11:27 6734704 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-05-10 05:20:32 -------- d-s---w- C:\ComboFix
2012-05-10 05:06:27 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-10 05:06:14 -------- d-----w- c:\users\owner\appdata\local\temp
2012-05-10 04:30:18 98816 ----a-w- c:\windows\sed.exe
2012-05-10 04:30:18 518144 ----a-w- c:\windows\SWREG.exe
2012-05-10 04:30:18 256000 ----a-w- c:\windows\PEV.exe
2012-05-10 04:30:18 208896 ----a-w- c:\windows\MBR.exe
2012-05-09 21:00:08 -------- d-----w- c:\users\owner\appdata\local\{3A949FF3-D114-45AC-9E23-51985522C37B}
2012-05-09 20:59:23 -------- d-----w- c:\users\owner\appdata\local\{17517426-4AE3-4A14-830F-322942B4C7BC}
2012-05-09 01:26:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-08 20:45:00 -------- d-----w- c:\users\owner\appdata\local\{2CDDCFE5-A53C-4016-A189-3BA4FE06D9C5}
2012-05-08 20:44:16 -------- d-----w- c:\users\owner\appdata\local\{83B630C3-D638-4653-ACF2-90A1A7CFCDBB}
2012-05-04 04:01:04 -------- d-----w- c:\users\owner\appdata\local\{C6FF4E6D-1472-4B91-838A-2AF96D2905E8}
2012-05-03 16:00:15 -------- d-----w- c:\users\owner\appdata\local\{53A249FD-300F-4207-B505-DD2942F3251D}
2012-05-03 15:59:52 -------- d-----w- c:\users\owner\appdata\local\{4BE4829E-01DF-4D00-850F-91F0907D7D10}
2012-05-03 00:34:49 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-28 18:18:33 -------- d-----w- c:\program files\iPod
2012-04-28 18:18:04 -------- d-----w- c:\program files\iTunes
2012-04-28 18:06:50 -------- d-----w- c:\program files\Bonjour
2012-04-27 21:57:11 -------- d-----w- c:\users\owner\appdata\local\{85993794-9E44-4F17-8B37-8A39E25DDBA4}
2012-04-27 21:56:27 -------- d-----w- c:\users\owner\appdata\local\{0B8E12D0-3FC2-4D5A-96F6-2ECB42D8F37C}
2012-04-24 21:35:42 -------- d-----w- c:\users\owner\appdata\roaming\OpenCandy
2012-04-23 05:26:30 -------- d-----w- c:\users\owner\appdata\local\{96ED67A2-BB6A-418A-A314-73CB95E9AC59}
2012-04-23 05:26:16 -------- d-----w- c:\users\owner\appdata\local\{8673EE16-1CC8-4641-A690-1BECA0CD9596}
2012-04-22 17:25:11 -------- d-----w- c:\users\owner\appdata\local\{63F037E6-4B1A-4AD4-8268-64B564C454F7}
2012-04-22 17:24:35 -------- d-----w- c:\users\owner\appdata\local\{669DE8BC-CDCF-4055-962F-88E89798EBAE}
2012-04-22 04:07:10 -------- d-----w- c:\users\owner\appdata\local\{4FB1660A-EBDE-4B3E-86E8-F29E3D763268}
2012-04-22 04:06:56 -------- d-----w- c:\users\owner\appdata\local\{E7C6EA47-BD88-4B50-83A5-B6A3CB6A075A}
2012-04-21 16:05:55 -------- d-----w- c:\users\owner\appdata\local\{29D54E08-6F90-4D28-B167-A38D87F49CC8}
2012-04-21 16:05:26 -------- d-----w- c:\users\owner\appdata\local\{74757560-1962-4FC7-8A22-6362382EDB59}
2012-04-20 19:09:40 -------- d-----w- c:\users\owner\appdata\local\{81BE0FF4-954E-44B2-9D44-94E5985AB3B0}
2012-04-20 19:09:12 -------- d-----w- c:\users\owner\appdata\local\{C0C68DB9-006E-42B2-9183-DCF078C53E2E}
2012-04-20 03:56:43 -------- d-----w- c:\users\owner\appdata\local\{86ABDFD1-E043-4438-AAC1-BF641525196E}
2012-04-20 03:56:33 -------- d-----w- c:\users\owner\appdata\local\{82196558-78F8-419D-B784-319046CFCDAD}
2012-04-19 15:55:25 -------- d-----w- c:\users\owner\appdata\local\{DB152C5E-4330-4655-889B-AC7F00E144B6}
2012-04-19 15:54:52 -------- d-----w- c:\users\owner\appdata\local\{881BF529-9572-4D6E-86FB-DDA4B03DC9A3}
2012-04-18 19:41:39 -------- d-----w- c:\users\owner\appdata\local\{256593D3-4227-49F2-B24F-941A4015173E}
2012-04-18 19:40:53 -------- d-----w- c:\users\owner\appdata\local\{A5D2D6FD-F18C-4EAD-93EB-28AC1F1ED346}
2012-04-18 06:53:47 -------- d-----w- c:\users\owner\appdata\local\{6F7F0E0B-36AE-42F6-A9D8-C4609C85F43E}
2012-04-18 06:53:33 -------- d-----w- c:\users\owner\appdata\local\{9E33F76E-5CFA-4654-B64D-DDDF44199D6A}
2012-04-18 04:49:58 -------- d-----w- C:\found.004
2012-04-17 18:52:22 -------- d-----w- c:\users\owner\appdata\local\{9FE5B8C8-A067-497E-B678-3E664281902A}
2012-04-17 18:51:46 -------- d-----w- c:\users\owner\appdata\local\{F228A592-4889-4809-A85F-A0C37038CFB2}
2012-04-17 05:27:40 -------- d-----w- c:\users\owner\appdata\local\{D410360A-3D11-4A33-A358-BFB16EF73D2C}
2012-04-17 05:27:27 -------- d-----w- c:\users\owner\appdata\local\{8B7CC170-BC23-4E31-8FCC-36E2134EB203}
2012-04-16 17:26:25 -------- d-----w- c:\users\owner\appdata\local\{948E0870-2FBA-4382-90FA-813C271F7ABF}
2012-04-16 17:26:03 -------- d-----w- c:\users\owner\appdata\local\{0B925D1F-FED8-4F4B-BEDE-F415EEEDDA0A}
2012-04-15 18:50:20 -------- d-----w- c:\users\owner\appdata\local\{5592E284-B102-4101-A1BE-E76C6572D193}
2012-04-15 18:50:00 -------- d-----w- c:\users\owner\appdata\local\{62C38B46-FBEF-4A7F-A7CE-BE7EF4BB8C8C}
2012-04-15 01:36:18 -------- d-----w- c:\users\owner\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-04-15 01:34:28 -------- d-----w- c:\users\owner\appdata\roaming\PDAppFlex
2012-04-14 19:37:26 -------- d-----w- c:\users\owner\appdata\local\{DA1FBA2A-FEB4-4353-B16D-385E25160725}
2012-04-14 19:37:01 -------- d-----w- c:\users\owner\appdata\local\{771F9B6E-4B8D-4859-A4BB-0515B2CF397A}
2012-04-13 21:37:20 -------- d-----w- c:\users\owner\appdata\local\{2ACC4124-C962-4CA5-BB9E-14B447FB9871}
2012-04-13 21:36:41 -------- d-----w- c:\users\owner\appdata\local\{3A78D7AE-A302-412C-A480-20CBF3FE5021}
.
==================== Find3M ====================
.
2012-05-06 18:06:33 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36:21 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:39:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-21 01:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-08 23:50:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 23:37:20 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-08 23:32:24 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-03-01 14:46:01 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-01 14:46:01 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:08:47 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-29 13:44:50 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-29 13:41:40 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-14 17:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
============= FINISH: 13:06:53.11 ===============

Attached Files

	ark.txt (521 Bytes)
	Attach.txt (12.2 KB)
	DDS.txt (18.3 KB)

Can my e-mail be infected? Internet problems

Nekrasova — Mon, 14 May 2012 18:14:41 GMT

From some time I've been having Internet problems - sometimes it works just fine, on other times it disconnects very often (usually when I type in a website address and hit "enter").

Around that time, someone I've been writing with, using account A on gmail, lost their internet access.

I didn't link those two instances, at all, until some time later I've exchanged a few e-mails with a different person, using account B on gmail, and then they stopped answering... And it looks like they lost their internet access, too.

WHAT IS THIS? If that's a coincidence, then it'd have to be a very strange one... Do you think it is possible I have infected them both?

But, generally, I mostly want to know one thing.
You see, two weeks from now, I'm moving out and won't be using this computer anymore, so I'm not really sure there's a point in fixing this - I just won't write to anyone anymore from this machine. But I wonder, is it possible that the "thing" sits in my e-mail accounts? I don't want to transfer it to my new PC/Laptop/Whatever. (Both of the accounts are on gmail... )

Thank you very much for your help!
I'm a complete computer idiot, I'm sorry. I've got the free AVG, and it didn't show anything.

Need Help - Keylogger!?

Mettalknight — Mon, 14 May 2012 15:51:17 GMT

Alright so I was talking to one of my online friends when he linked me to this website, I had known him for a while so withought thinking I foolishly clicked it. Java started running and it froze my comp for ~1sec I quickly closed the website but I think it was too late. I deleted my cache & cookies & other internet files. But now he is accessing my email and my gaming accounts. Im not really sure what to do, I assume this is a keylogger but im not even sure of that. Please Help!

Unable to remove re-direct virus from PC

andrena2012 — Mon, 14 May 2012 13:48:45 GMT

Hi

I'm having problems with a re-direct virus on one of my PCs. Whilst searching, results re-direct to other websites and have left trojans/malware on the machine. Despite trying to remove it with MBAM and ESET Nod antivirus the problem persists, and although they detect and appear to get rid of the infections the problems keeps re-occurring. I have logs from NOD and MBAM showing trojans that have been detected and cleaned if useful.

Hoping someone can help to get this fixed.

Thanks

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Research1 at 13:59:14 on 2012-05-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.587 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Lexmark\ErrorApp\LMab1err.exe
C:\WINDOWS\system32\Pelmiced.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LMab1err] c:\program files\lexmark\errorapp\LMab1err.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [FinePrint Dispatcher v5] "c:\windows\system32\spool\drivers\w32x86\3\fpdisp5a.exe" /source=HKLM
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{03337E07-E3B8-497E-A1C9-84B3E5ED76CC} : NameServer = 194.72.9.34,194.72.9.38
TCP: Interfaces\{1FB37009-77BD-43C3-9B1D-351DCD489571} : DhcpNameServer = 192.168.0.240
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
LSA: Notification Packages = scecli pwdmon
Hosts: 93.113.196.146 Google
Hosts: 93.113.196.147 Bing
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-9-11 96408]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-11 735960]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-4 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-4-9 47640]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 253088]
S3 KLSIENET;Driver for USB Ethernet Adapter;c:\windows\system32\drivers\usb101et.sys [2009-1-23 32384]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-04-19 09:35:52 -------- d-----w- c:\documents and settings\research1\local settings\application data\{0A756EFE-8A03-11E1-826D-B8AC6F996F26}
2012-04-19 09:35:18 -------- d-----w- c:\program files\common files\MS
2012-04-19 09:34:57 -------- d-----w- c:\documents and settings\research1\local settings\application data\ESET
.
==================== Find3M ====================
.
2012-04-16 11:26:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-16 11:26:10 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:45:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-03 08:45:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2001-05-10 09:04:28 162304 ----a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 13:59:31.06 ===============

Attached Files

attach.zip (4.9 KB)

Ried - PC 2

LindsayH — Mon, 14 May 2012 06:33:23 GMT

Hi Ried
Long time no speak !! :)

I have ran the scans on my PC and have included them below.

Here is the DDS scan log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_24
Run by Owner at 16:11:28 on 2012-05-14
Microsoft� Windows Vista� Home Premium 6.0.6000.0.1252.61.1033.18.3318.2002 [GMT 10:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com.au/
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Easy-Hide-IP] c:\program files\easy-hide-ip\easy-hide-ip.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\EasyRedirect.dll
Trusted Zone: adecco.com\ak3.xpert
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{70857C33-B9B7-4CB3-AB6B-A15A2F09B9B0} : DhcpNameServer = 10.0.0.138
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\h8tkfuf3.default\
FF - prefs.js: browser.startup.homepage - Yahoo!7
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R2 EasyRedirect;EasyRedirect;c:\program files\easy-hide-ip\rdr\EasyRedirect.exe [2012-5-9 3325768]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2010-1-23 206336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-8 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-10 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-8 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 129976]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
.
=============== Created Last 30 ================
.
2012-05-13 01:17:16 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c4887253-78ba-475d-b977-544b6fc8f26b}\mpengine.dll
2012-05-11 07:16:19 6734704 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-05-10 22:30:02 -------- d-----w- C:\dcd9d0e36d6b491386ace0ddce
2012-05-10 08:44:14 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-05-10 08:20:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-10 08:20:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-10 02:56:36 -------- d-----w- c:\users\owner\appdata\roaming\AnvSoft
2012-05-10 02:55:57 -------- d-----w- c:\program files\AnvSoft
2012-05-10 02:29:51 341264 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2012-05-09 03:48:35 360264 ----a-w- c:\windows\system32\EasyRedirect.dll
2012-05-09 03:48:31 -------- d-----w- c:\program files\Easy-Hide-IP
2012-05-08 09:51:14 -------- d-----w- c:\program files\CCleaner
2012-05-08 09:49:05 -------- d-----w- c:\users\owner\appdata\local\Google
2012-05-08 07:12:53 -------- d-----w- c:\users\owner\appdata\local\Deployment
2012-05-08 07:12:40 -------- d-----w- c:\users\owner\appdata\local\Apps
2012-05-08 05:14:32 -------- d-----w- c:\program files\RSS Submit
2012-05-08 01:03:12 16824 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
.
==================== Find3M ====================
.
2012-03-20 10:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 16:12:01.51 ===============

Here is the Attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft� Windows Vista� Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 20/01/2010 11:35:56 AM
System Uptime: 14/05/2012 4:03:44 PM (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7529
Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz | CPU 1 | 2136/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 900.051 GiB free.
D: is CDROM (CDFS)
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP100: 12/05/2012 9:33:39 AM - Windows Update
RP101: 13/05/2012 11:16:40 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1
AIO_Scan
Any Video Converter 3.3.7
BufferChm
C8100
C8100_doccd
C8100_Help
CCleaner
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Easy-Hide-IP 4.1.4.1
eSupportQFolder
Fax
FileZilla Client 3.3.2.1
Google Chrome
Google Update Helper
GoToMeeting 4.5.0.457
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 24
KompoZer 0.8b3
MarketResearch
MassArticleCreator
MassArticleSubmitter
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PanoStandAlone
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
Realtek High Definition Audio Driver
RoxioShim
RSS Submit v3.15
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SEO SpyGlass
SolutionCenter
Status
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
Web CEO 8.1
WebReg
.
==== Event Viewer Messages From Past Week ========
.
9/05/2012 7:27:35 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1330.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/05/2012 7:27:35 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1330.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/05/2012 7:27:35 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1330.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/05/2012 7:27:13 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Security Essentials Client Update Package - KB2691905.
8/05/2012 12:19:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
8/05/2012 11:03:58 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.158.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
8/05/2012 11:03:58 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.158.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
8/05/2012 11:03:58 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.158.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
8/05/2012 11:03:58 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.158.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
8/05/2012 11:03:58 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.158.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
8/05/2012 11:03:58 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.158.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
8/05/2012 11:03:58 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.158.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
8/05/2012 11:03:58 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.158.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
8/05/2012 11:03:57 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.158.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
13/05/2012 11:19:51 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1726.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80070002 Error description: The system cannot find the file specified.
13/05/2012 11:19:51 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1726.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80070002 Error description: The system cannot find the file specified.
13/05/2012 11:19:51 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1726.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80070002 Error description: The system cannot find the file specified.
13/05/2012 11:19:51 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1726.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80070002 Error description: The system cannot find the file specified.
13/05/2012 11:19:48 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x80070002 Error description: The system cannot find the file specified.
13/05/2012 11:19:48 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x80070002 Error description: The system cannot find the file specified.
12/05/2012 9:29:22 AM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
12/05/2012 9:29:07 AM, Error: volsnap [27] - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
12/05/2012 6:51:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1635.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/05/2012 6:51:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1635.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/05/2012 6:51:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1635.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/05/2012 6:51:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1635.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/05/2012 6:51:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1635.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/05/2012 6:51:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1635.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/05/2012 6:51:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1635.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/05/2012 6:51:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1635.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/05/2012 6:51:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1635.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/05/2012 3:40:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Pml Driver HPZ12 service to connect.
12/05/2012 3:40:13 PM, Error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/05/2012 9:48:41 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1605.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Owner-PC\Owner Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80070002 Error description: The system cannot find the file specified.
11/05/2012 9:48:41 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1605.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Owner-PC\Owner Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80070002 Error description: The system cannot find the file specified.
11/05/2012 9:48:41 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1605.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Owner-PC\Owner Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80070002 Error description: The system cannot find the file specified.
11/05/2012 9:48:41 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1605.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Owner-PC\Owner Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80070002 Error description: The system cannot find the file specified.
11/05/2012 9:48:40 AM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: Owner-PC\Owner Error Code: 0x80070002 Error description: The system cannot find the file specified.
11/05/2012 9:48:40 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Owner-PC\Owner Current Engine Version: Previous Engine Version: Error code: 0x80070002 Error description: The system cannot find the file specified.
11/05/2012 8:51:50 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy56.
11/05/2012 8:39:43 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/05/2012 8:39:43 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
11/05/2012 8:38:42 AM, Error: EventLog [6008] - The previous system shutdown at 8:36:14 AM on 11/05/2012 was unexpected.
11/05/2012 5:18:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1635.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Owner-PC\Owner Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80070002 Error description: The system cannot find the file specified.
11/05/2012 5:18:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1635.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Owner-PC\Owner Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80070002 Error description: The system cannot find the file specified.
11/05/2012 5:18:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1635.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Owner-PC\Owner Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80070002 Error description: The system cannot find the file specified.
11/05/2012 5:18:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1635.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Owner-PC\Owner Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80070002 Error description: The system cannot find the file specified.
11/05/2012 5:18:40 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: Owner-PC\Owner Error Code: 0x80070002 Error description: The system cannot find the file specified.
11/05/2012 5:18:40 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Owner-PC\Owner Current Engine Version: Previous Engine Version: Error code: 0x80070002 Error description: The system cannot find the file specified.
10/05/2012 8:50:32 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================

And last but not least here is the GMER scan log:

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-05-14 16:26:32
Windows 6.0.6000
Running: i0ciufez.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgrcapow.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3760] ntdll.dll!LdrLoadDll 7729EB00 5 Bytes JMP 6BF0C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3760] kernel32.dll!MapViewOfFile 76E2737E 5 Bytes JMP 6C13E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3760] kernel32.dll!VirtualAlloc 76E49BCA 5 Bytes JMP 6C13E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3760] GDI32.dll!CreateDIBSection 76D17EF4 5 Bytes JMP 6C13E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3760] WS2_32.dll!GetAddrInfoW 76034672 5 Bytes JMP 1002E390 C:\Windows\system32\EasyRedirect.dll (EasyRedirect.dll/EasyTech)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3760] WS2_32.dll!FreeAddrInfoW 760349D0 5 Bytes JMP 1002E330 C:\Windows\system32\EasyRedirect.dll (EasyRedirect.dll/EasyTech)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3760] WS2_32.dll!getaddrinfo 76034C58 5 Bytes JMP 1002E8E0 C:\Windows\system32\EasyRedirect.dll (EasyRedirect.dll/EasyTech)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3760] WS2_32.dll!gethostbyname 7603DB26 5 Bytes JMP 1002EE90 C:\Windows\system32\EasyRedirect.dll (EasyRedirect.dll/EasyTech)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4560] USER32.dll!SetWindowLongA 76D6B211 5 Bytes JMP 6C295EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4560] USER32.dll!GetWindowInfo 76D700DB 5 Bytes JMP 6C084822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4560] USER32.dll!SetWindowLongW 76D8244A 5 Bytes JMP 6C295E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4560] USER32.dll!TrackPopupMenu 76D8CFF8 5 Bytes JMP 6C084DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- EOF - GMER 1.0.15 ----

I hope they are all ok and Ill wait to hear back from you for my next instructions.

Cheers
Dory

Google Redirect Help...please

SingleKid — Sun, 13 May 2012 20:22:27 GMT

Hi all,

When I use Google Search on any browser it redirects to Happlli or ads. At times it goes to the correct page, but that is only after clicking on the link multiple times. I think this is a common problem. I'd greatly appreciate any help, thank you!

Malware transforms folders into .exe files (USB drive)

Mr. Stark — Sun, 13 May 2012 13:57:22 GMT

Good morning/afternoon/evening.

After plugging my flash drive (a Kingston DT101 32GB) onto a colleague's computer, when I got home and plugged it onto my laptop (Windows 7, Home Premium SP1 64-bit) the folders started turning into .exe files. I deleted 3 of them, thinking it was a bug of some sort, but when all folders turned into files (it was progressive), I suspected there was a malware at action.

After looking at some threads talking about the matter (most from 2 years ago), I downloaded Panda USB Vaccine, Flash Disinfector and Combofix. After using Panda with no errors, I started Flash Disinfector but it didn't work (later I discovered it only works on Windows XP). I started combofix but when it talked about 'attempting to create a windows recovery (thingy)' I quickly shut it down.

No folders, at least that I know of, turned into .exe files on the laptop, so I assume it hasn't been infected. How can I recover the files in my flash drive, without Flash Disinfector? Can those folders whose .exe files I deleted be recovered? There are important files to me in them.

Thank you for your attention.

TR/Crypt.XPACK.Gen5

geneticmaterial — Sun, 13 May 2012 12:57:28 GMT

Hi,
Packard Bell iMedia d2521UK
windows 7 - with no setup discs.
320gb HDD split over C: and D:
OS on C:
Music on D:

I have bought a PC from a friend and restored it to factory settings with the on-board restore program which wiped C: and I quick formatted D:

Trying to add all the updates etc and when attempting to get '(KB976932) Windows service pack1 for x64 - based systems' Avira pops up saying it has found the TR/Crypt.XPACK.Gen5

It only seems to appear when attempting the install of the service pack.

Any help is greatly appreciated!

the GMER could only be run with services, registry, files and ADS ticked. ALL the other checkboxes were greyed out.

Dan

DDS;

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.4.1
Run by Dan at 13:23:56 on 2012-05-13
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1791.981 [GMT 1:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
D:\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\notepad.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3720&r=173605129906p0365v185y49i1075s
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3720&r=173605129906p0365v185y49i1075s
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3720&r=173605129906p0365v185y49i1075s
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=imedia_s3720&r=173605129906p0365v185y49i1075s
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "D:\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2751CF84-423D-47F6-BCD8-16201F36B390} : DhcpNameServer = 172.30.139.17 172.31.139.17
TCP: Interfaces\{8F9C7D8F-846E-46D6-BCCD-8A8613DD3189} : DhcpNameServer = 192.168.0.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "D:\iTunesHelper.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-5-12 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-5-12 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-12 654408]
R2 OberonGameConsoleService;Oberon Media Game Console service;C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-10-28 44312]
R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-10-28 240160]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-11 135664]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-5-12 135584]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-11 135664]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-13 11:44:54 -------- d-----w- C:\Windows\System32\SPReview
2012-05-13 11:33:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-13 11:33:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-13 11:33:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-13 11:33:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-13 11:33:41 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-13 11:33:40 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-13 11:33:40 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-12 23:00:12 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4892002E-88CE-4A45-BA33-EEA7EA981314}\offreg.dll
2012-05-12 22:09:23 -------- d-----w- C:\Users\Dan\AppData\Roaming\Malwarebytes
2012-05-12 22:08:49 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-12 22:08:49 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-12 22:08:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-12 20:44:41 -------- d-----w- C:\Users\Dan\AppData\Local\Apps
2012-05-12 20:30:46 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-05-12 19:40:11 -------- d-----w- C:\Program Files (x86)\Futuremark
2012-05-12 19:38:52 -------- d-----w- C:\Program Files (x86)\Oracle
2012-05-12 19:38:44 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-12 19:38:44 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-12 17:03:34 -------- d-----w- C:\Windows\System32\EventProviders
2012-05-12 14:12:44 -------- d-----w- C:\Users\Dan\AppData\Roaming\Avira
2012-05-12 13:16:42 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4892002E-88CE-4A45-BA33-EEA7EA981314}\mpengine.dll
2012-05-12 13:16:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-12 13:16:27 -------- d-----w- C:\Program Files\Sharepod
2012-05-12 13:01:19 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-05-12 13:01:19 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-05-12 13:01:17 -------- d-----w- C:\ProgramData\Avira
2012-05-12 13:01:17 -------- d-----w- C:\Program Files (x86)\Avira
2012-05-12 12:58:11 -------- d-----w- C:\Users\Dan\AppData\Local\Apple Computer
2012-05-12 12:57:47 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-05-12 12:57:47 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-05-12 12:57:47 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-05-12 12:57:26 -------- d-----w- C:\Program Files\iPod
2012-05-12 12:57:23 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-12 12:57:23 -------- d-----w- C:\Program Files\iTunes
2012-05-12 12:56:22 -------- d-----w- C:\Users\Dan\AppData\Local\Apple
2012-05-12 12:55:40 -------- d-----w- C:\Program Files\Bonjour
2012-05-12 12:55:40 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-05-12 10:22:30 -------- d-----w- C:\Program Files\CCleaner
2012-05-12 10:22:15 -------- d-----w- C:\Program Files\Speccy
2012-05-12 10:21:59 -------- d-----w- C:\Program Files\Defraggler
2012-05-12 09:53:24 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-05-12 09:53:24 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-05-12 09:48:39 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-05-12 09:47:13 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-05-12 09:47:12 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-05-12 09:47:12 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-05-12 09:47:12 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-05-12 09:47:12 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-05-12 09:47:12 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-05-12 09:47:12 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-05-12 09:47:12 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-05-12 09:47:12 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-05-12 09:47:12 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-05-12 09:46:59 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-05-12 09:45:10 -------- d-----w- C:\Users\Dan\AppData\Local\Microsoft Help
2012-05-12 09:38:19 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-12 09:38:19 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-12 09:38:19 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-12 09:38:19 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-12 09:38:18 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-12 09:38:18 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-12 09:38:18 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-12 06:11:23 -------- d-----w- C:\Windows\NAPP_Dism_Log
2012-05-12 02:45:38 -------- d-----w- C:\Windows\SysWow64\Wat
2012-05-12 02:45:38 -------- d-----w- C:\Windows\System32\Wat
2012-05-12 00:52:34 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-05-12 00:52:34 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-05-12 00:48:08 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2012-05-12 00:47:05 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-05-12 00:41:29 -------- d-----w- C:\Users\Dan\Tracing
2012-05-12 00:26:00 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-05-12 00:26:00 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-05-12 00:22:47 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-05-12 00:22:47 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-05-12 00:09:39 -------- d-----w- C:\Users\Dan\AppData\Local\Diagnostics
2012-05-11 23:52:58 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-05-11 23:51:54 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-05-11 23:50:58 112000 ----a-w- C:\Windows\System32\consent.exe
2012-05-11 23:40:48 77312 ----a-w- C:\Windows\System32\packager.dll
2012-05-11 23:40:48 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-05-11 22:31:28 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-05-11 22:31:28 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-05-11 22:31:28 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-05-11 22:31:28 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-05-11 22:31:28 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-05-11 22:31:26 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-05-11 22:31:26 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-05-11 22:31:26 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-05-11 22:31:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-05-11 22:22:54 -------- d-----w- C:\Users\Dan\AppData\Local\Google
2012-05-11 22:21:10 -------- d-----w- C:\Users\Dan\AppData\Local\Adobe
2012-05-11 22:19:55 -------- d-----w- C:\Users\Dan\AppData\Roaming\Packard Bell
2012-05-11 22:03:03 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-05-11 21:40:50 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2012-05-11 21:40:50 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2012-05-11 21:40:26 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-05-11 21:39:42 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-05-11 21:39:26 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2012-05-11 21:38:39 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6d8e14601cd2fbe\DSETUP.dll
2012-05-11 21:38:39 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6d8e14601cd2fbe\DXSETUP.exe
2012-05-11 21:38:39 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6d8e14601cd2fbe\dsetup32.dll
2012-05-11 21:38:17 141402440 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcA7A4.tmp
2012-05-11 21:38:03 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-05-11 21:37:08 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2012-05-11 21:36:50 55024 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2012-05-11 21:36:49 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2012-05-11 21:36:49 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-05-11 21:31:30 -------- d-----w- C:\Users\Dan\AppData\Local\Packard Bell
2012-05-11 21:30:56 -------- d-----w- C:\Users\Dan\AppData\Local\VirtualStore
2012-05-11 21:29:06 -------- d-----w- C:\Program Files\PB Accessory Store
.
==================== Find3M ====================
.
2012-05-11 21:23:47 6 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:55:58 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-03 06:29:57 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 06:29:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-03 06:29:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-03 06:29:42 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-03 06:29:41 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-03 05:40:21 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-03 05:40:10 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-03 05:40:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-03 05:40:09 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-03 05:40:09 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-28 06:35:54 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:33:03 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-02-28 05:40:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 05:38:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-02-28 05:17:41 482816 ----a-w- C:\Windows\System32\html.iec
2012-02-28 04:35:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 04:31:46 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-02-28 03:57:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-15 10:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 10:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
.
============= FINISH: 13:24:59.59 ===============

Attached Files

	ark.zip (112 Bytes)
	Attach.zip (4.3 KB)