Safer-Networking Forums - Archives

Removal of IDP.Trojan.1C8D1A13 and Trojan horse crypt.AQLW

hns2700 — Tue, 08 May 2012 20:36:34 GMT

Hi

I have an optiplex 990 infected with both IDP.Trojan.1C8D1A13 and Trojan horse crypt.AQLW. Smart Fortress 2012 was initially found yesterday (5/7/12) and Malwarebytes appears to have removed that. AVG detected the two threats mentioned above but cannot do anything about them.

Can you please help with the steps for removal of these two infections? I am open to doing a step by step restore if that's a possibility. Layman terms please.

Thanks for help!
Heather

Browser Redirect Problems

deplanche — Sat, 05 May 2012 01:02:09 GMT

I am trying to help out my sister-in-law with a problem she is having with her laptop. In Internet Explorer, she is getting redirected to websites she does not want to be going to. I have run a scan of the computer, but it is not coming up with any viruses, and can use some help. Below is the DDS report.

Thank you!

Jon

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Amy at 20:53:06 on 2012-05-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.2245 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\windows\system32\igfxext.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://verizon.my.yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uInternet Settings,ProxyOverride =
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Adobe] rundll32.exe "C:\Users\Amy\AppData\Local\Apps\Adobe\mtshn.dll",DllRegisterServer
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
StartupFolder: C:\Users\Amy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{9E92147B-E3BE-4B72-ACF2-646E3077C79B} : DhcpNameServer = 192.168.1.1 68.237.161.12
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 DMAgent;Intel� PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-12-29 404992]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-29 1153368]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-10-15 2477304]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-6 2320920]
R2 WiMAXAppSrv;Intel� PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-12-29 911360]
R3 bpenum;bpenum;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;bpmp;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-3 138360]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-9-6 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 136176]
S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 136176]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-05 00:33:33 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0F31EFB-147E-45E6-AA5E-62595071B770}\mpengine.dll
2012-04-29 04:44:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-29 04:44:23 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-29 02:38:56 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-04-29 01:52:59 16294328 ----a-w- C:\Users\Amy\Windows-KB890830-x64-V4.7.exe
2012-04-12 05:54:27 5504880 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-04-12 05:54:26 3958128 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 05:54:25 3902320 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-12 05:53:56 22896 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-12 05:53:55 80896 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-12 05:53:55 158720 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-12 05:53:54 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-12 05:53:54 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-12 05:53:54 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-04-12 05:53:54 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
.
==================== Find3M ====================
.
2012-02-28 06:35:54 1197568 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:33:03 57856 ----a-w- C:\windows\System32\licmgr10.dll
2012-02-28 05:40:21 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 05:38:16 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2012-02-28 05:17:41 482816 ----a-w- C:\windows\System32\html.iec
2012-02-28 04:35:01 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 04:31:46 386048 ----a-w- C:\windows\SysWow64\html.iec
2012-02-28 03:57:55 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-23 14:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-02-15 06:27:54 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-10 06:18:10 1541120 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
.
============= FINISH: 20:53:51.89 ===============

Attached Files

Attach.zip (2.0 KB)

Win32.Agent.adb won't disappear

Mar_Rib — Fri, 04 May 2012 08:09:21 GMT

Hi,
My spybot has detected a trojan called win32.agent.adb. Even though spybot corrected it, the trojan appeared again after I did the second scan.
I think this trojan might be the one responsible for this ---� ��~~ and ^^ (duplication of accent marks)... :s

Could you please help me with this issue?

Thank you for your time and help! =)

Here is the DDS report:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by User at 9:00:04 on 2012-05-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.351.2070.18.8096.5598 [GMT 1:00]
.
AV: G Data InternetSecurity 2011 *Enabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall *Enabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\ASUS.SYS\SIONExportService.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.pt/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mWinlogon: Userinit=userinit.exe
BHO: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
mRun: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOS~2.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
TCP: DhcpNameServer = 213.13.175.65 212.55.154.174 212.55.154.190
TCP: Interfaces\{6C69B304-E3A8-4A52-BFDB-01262BE32BDF} : DhcpNameServer = 213.13.175.65 212.55.154.174 212.55.154.190
TCP: Interfaces\{6C69B304-E3A8-4A52-BFDB-01262BE32BDF}\079647164616 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6C69B304-E3A8-4A52-BFDB-01262BE32BDF}\4586F6D637F6E6244423446383 : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{6C69B304-E3A8-4A52-BFDB-01262BE32BDF}\56465727F616D6 : DhcpNameServer = 193.137.16.65 193.137.16.145 193.137.16.75
TCP: Interfaces\{6C69B304-E3A8-4A52-BFDB-01262BE32BDF}\C464D265F646 : DhcpNameServer = 192.168.25.2
TCP: Interfaces\{94A59F7C-B91E-44A0-8A1B-28CABCA82446} : DhcpNameServer = 192.168.25.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
{0124123D-61B4-456f-AF86-78C53A0790C5}
{53707962-6F74-2D53-2644-206D7942484F}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{0124123D-61B4-456f-AF86-78C53A0790C5}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
mRun-x64: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;C:\Windows\system32\drivers\GDBehave.sys --> C:\Windows\system32\drivers\GDBehave.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-26 17536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 GDMnIcpt;GDMnIcpt;\??\C:\Windows\system32\drivers\MiniIcpt.sys --> C:\Windows\system32\drivers\MiniIcpt.sys [?]
R1 gdwfpcd;G DATA WFP CD;C:\Windows\system32\drivers\gdwfpcd64.sys --> C:\Windows\system32\drivers\gdwfpcd64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 AMPPALR3;Intel� Centrino� Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-7-8 88704]
R2 AVKProxy;Proxy do G Data AntiV�rus;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-8-10 1072200]
R2 AVKService;G Data Scheduler;C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2010-8-10 410696]
R2 AVKWCtl;G Data Sentinela do sistema de ficheiros;C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2010-3-15 1778336]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-1-14 1839616]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-4-12 1997416]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-3 1153368]
R2 Splashtop MDES;Splashtop Meta Data Export Service;C:\ASUS.SYS\SIONExportService.exe [2011-5-10 338208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-27 378472]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-12 2655768]
R3 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]
R3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 GDFwSvc;G Data Personal Firewall;C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2010-4-16 1666096]
R3 GDPkIcpt;GDPkIcpt;\??\C:\Windows\system32\drivers\PktIcpt.sys --> C:\Windows\system32\drivers\PktIcpt.sys [?]
R3 GDScan;G Data Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2010-4-22 339016]
R3 HookCentre;HookCentre;\??\C:\Windows\system32\drivers\HookCentre.sys --> C:\Windows\system32\drivers\HookCentre.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Servi�o Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-3 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-16 253088]
S3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Servi�o Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-3 136176]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Servi�o de Tecnologias de Activa��o do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-05-03 17:25:48 -------- d-----w- C:\Program Files\CCleaner
2012-05-03 17:25:31 -------- d-----w- C:\Users\User\AppData\Local\Google
2012-05-03 13:26:33 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes
2012-05-03 13:26:30 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2012-05-03 13:26:29 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-03 13:26:28 22104 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-03 13:26:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-03 13:06:15 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-03 13:06:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-03 11:30:05 -------- d-----w- C:\Users\User\AppData\Local\G DATA
2012-05-02 20:55:03 -------- d-----w- C:\Users\User\AppData\Local\Windows Live
2012-05-02 20:54:45 -------- d-----w- C:\Users\User\AppData\Local\{FCE76A81-D966-4E2A-BEDE-21970D98B724}
2012-05-02 08:06:30 16200 ----a-w- C:\Windows\stinger.sys
2012-05-02 08:06:13 -------- d-----w- C:\Program Files (x86)\stinger
2012-05-01 21:00:29 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDF11637-ED57-44F5-957B-F99F04341B73}\mpengine.dll
2012-05-01 11:39:11 -------- d-----w- C:\Users\User\AppData\Roaming\dclogs
2012-05-01 11:39:06 1097728 ----a-w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOS~2.EXE
2012-05-01 11:06:42 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-05-01 10:59:59 -------- d-----w- C:\Users\User\AppData\Local\Adobe
2012-04-26 16:47:33 -------- d-----w- C:\Program Files (x86)\Satillana MIM
2012-04-23 14:46:05 -------- d-----w- C:\Users\User\AppData\Local\{F16823D5-E2C4-40BF-9C2B-A907C2D6BA7E}
2012-04-23 14:46:05 -------- d-----w- C:\Users\User\AppData\Local\{6773AA2D-EFE5-4BF6-8179-0E4A5190A62B}
2012-04-23 14:02:02 -------- d-----w- C:\Users\User\AppData\Local\Diagnostics
2012-04-18 18:01:57 -------- d-----w- C:\Program Files\WinPcap
2012-04-18 18:01:50 3623592 ----a-w- C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe
2012-04-18 18:01:50 143240 ----a-w- C:\Program Files (x86)\Common Files\ApnStub.exe
2012-04-17 19:49:04 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2012-04-17 19:48:35 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll
2012-04-17 19:48:35 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2012-04-17 19:41:02 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-04-17 19:40:59 -------- d-----w- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2012-04-17 19:40:59 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-04-17 19:40:16 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-04-17 18:10:34 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-04-17 18:10:34 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-04-17 18:10:34 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-04-17 18:10:34 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-04-17 18:10:34 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-04-17 18:10:34 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-04-17 18:10:34 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-04-17 18:06:22 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2012-04-17 18:06:22 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-04-17 17:23:33 -------- d-----w- C:\ProgramData\ASUS
2012-04-17 17:18:56 -------- d-----w- C:\Users\User\AppData\Local\{375F6513-C406-4855-BBF5-AE473559B0EB}
2012-04-17 17:16:48 -------- d-----w- C:\Users\User\AppData\Roaming\MAGIX
2012-04-17 15:32:09 -------- d-----w- C:\Users\User\AppData\Local\Cyberlink
2012-04-17 14:27:10 -------- d-----w- C:\Users\User\AppData\Roaming\Princess Isabella
2012-04-17 10:27:25 -------- d-----w- C:\Windows\SysWow64\Wat
2012-04-17 10:27:25 -------- d-----w- C:\Windows\System32\Wat
2012-04-17 10:17:00 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-04-17 10:11:24 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-17 10:11:24 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-17 10:11:24 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-17 10:08:17 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-17 10:08:17 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-17 10:08:17 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-17 10:08:17 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-17 10:08:17 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-17 10:08:17 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-17 10:08:17 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-17 09:31:59 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-04-16 20:46:36 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-04-16 20:45:34 -------- d-----w- C:\Users\User\AppData\Roaming\uTorrent
2012-04-16 20:43:54 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-16 20:43:54 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-16 20:43:54 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-16 20:43:53 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-16 20:43:53 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-16 20:43:53 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-16 20:43:53 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-16 16:42:48 -------- d-----w- C:\Users\User\AppData\Roaming\FLEXnet
2012-04-16 16:42:46 -------- d-----w- C:\Users\User\AppData\Roaming\Nuance
2012-04-16 16:42:44 -------- d-----w- C:\Users\User\AppData\Roaming\Zeon
2012-04-16 13:00:38 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-04-16 12:54:38 106224 ----a-w- C:\Windows\SysWow64\drivers\GRD.sys
2012-04-16 12:38:00 40392 ----a-w- C:\Windows\System32\drivers\GDBehave.sys
2012-04-16 12:37:59 57288 ----a-w- C:\Windows\System32\drivers\PktIcpt.sys
2012-04-16 12:37:56 49096 ----a-w- C:\Windows\System32\drivers\HookCentre.sys
2012-04-16 12:37:44 84936 ----a-w- C:\Windows\System32\drivers\MiniIcpt.sys
2012-04-16 12:37:43 48584 ----a-w- C:\Windows\System32\drivers\gdwfpcd64.sys
2012-04-16 12:37:35 -------- d-----w- C:\ProgramData\G Data
2012-04-16 12:37:35 -------- d-----w- C:\Program Files (x86)\G Data
2012-04-16 12:37:35 -------- d-----w- C:\Program Files (x86)\Common Files\G Data
2012-04-16 12:36:04 -------- d-----w- C:\Users\User\AppData\Local\Downloaded Installations
2012-04-16 12:00:32 -------- d-----w- C:\Program Files (x86)\The KMPlayer
2012-04-16 10:01:29 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-16 10:01:29 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-16 09:54:47 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-16 09:54:30 -------- d-----w- C:\Users\User\AppData\Local\Microsoft Help
2012-04-16 09:49:03 -------- d-----w- C:\Program Files (x86)\AVG
2012-04-16 09:45:23 -------- d--h--w- C:\ProgramData\Common Files
2012-04-16 09:44:57 -------- d-----w- C:\ProgramData\MFAData
2012-04-16 01:36:27 -------- d-----w- C:\Users\User\AppData\Roaming\ASUS WebStorage
2012-04-16 01:34:00 -------- d-----w- C:\Users\User\AppData\Local\Power2Go
2012-04-16 01:32:13 -------- d-sh--we C:\Programme
2012-04-16 01:32:13 -------- d-sh--we C:\ProgramData\Vorlagen
2012-04-16 01:32:13 -------- d-sh--we C:\ProgramData\Startmen�
2012-04-16 01:32:13 -------- d-sh--we C:\ProgramData\Favoriten
2012-04-16 01:32:13 -------- d-sh--we C:\ProgramData\Dokumente
2012-04-16 01:32:13 -------- d-sh--we C:\ProgramData\Anwendungsdaten
2012-04-16 01:32:13 -------- d-sh--we C:\Program Files\Gemeinsame Dateien
2012-04-16 01:32:13 -------- d-sh--we C:\Dokumente und Einstellungen
2012-04-12 20:59:51 -------- d--h--w- C:\ASUS.DAT
2012-04-12 20:59:51 -------- d-----w- C:\ProgramData\FolderView
2012-04-12 20:05:03 -------- d-----w- C:\eSupport
2012-04-12 19:38:24 -------- d-----w- C:\Windows\System32\AsMakeLink
2012-04-12 19:38:23 80512 ----a-w- C:\Windows\AsusScr_N5_En Uninstaller.exe
2012-04-12 19:38:19 3058304 ----a-w- C:\Windows\AsScrPro.exe
2012-04-12 19:38:19 287176399 ------w- C:\Windows\System32\AsusScr_N5_En.scr
2012-04-12 19:37:56 -------- d-----w- C:\ProgramData\USBChargerPlus
2012-04-12 19:37:54 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-04-12 19:36:22 16768 ----a-w- C:\Windows\System32\drivers\AiCharger.sys
2012-04-12 19:35:06 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-04-12 19:35:06 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-04-12 19:35:06 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-04-12 19:31:04 -------- d-----w- C:\ProgramData\ASUS Music Maker
2012-04-12 19:31:04 -------- d-----w- C:\Program Files (x86)\ASUS Music Maker
2012-04-12 19:30:59 -------- d-----w- C:\ProgramData\MAGIX
2012-04-12 19:30:58 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Services
2012-04-12 19:30:27 -------- d--h--w- C:\dvmexp
2012-04-12 19:30:06 -------- d--h--w- C:\ASUS.SYS
2012-04-12 19:30:00 -------- d--h--w- C:\temp
2012-04-12 19:28:39 -------- d-----w- C:\Program Files (x86)\Intel Corporation
2012-04-12 19:28:39 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-04-12 19:24:11 -------- d-----w- C:\ProgramData\Roaming
2012-04-12 19:23:33 -------- d-----w- C:\Program Files (x86)\Cisco
2012-04-12 19:23:25 -------- d-----w- C:\Program Files\Synaptics
2012-04-12 19:21:47 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2012-04-12 19:21:43 -------- d-----w- C:\ProgramData\AmUStor
2012-04-12 19:21:43 -------- d-----w- C:\Program Files (x86)\AmIcoSingLun
2012-04-12 19:21:08 -------- d-----w- C:\ProgramData\SonicFocus
2012-04-12 19:21:06 -------- d-----w- C:\Windows\SysWow64\RTCOM
2012-04-12 19:21:06 -------- d-----w- C:\Program Files\Realtek
2012-04-12 19:19:28 -------- d-----w- C:\Windows\SysWow64\NV
2012-04-12 19:19:28 -------- d-----w- C:\Windows\System32\NV
2012-04-12 19:15:40 -------- d-----w- C:\Program Files\Common Files\Intel
2012-04-12 19:15:40 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-04-12 19:14:27 8192 ----a-w- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
2012-04-12 19:14:27 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2012-04-12 19:14:24 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-04-12 19:11:47 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-04-12 19:11:43 -------- d-----w- C:\Intel
2012-04-12 19:10:21 951680 ----a-w- C:\Windows\System32\drivers\ndis.sys
.
==================== Find3M ====================
.
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-14 17:55:04 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 17:55:02 5886232 ----a-w- C:\Windows\System32\GfxUI.exe
2012-02-14 17:55:02 511768 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-02-14 17:55:02 440600 ----a-w- C:\Windows\System32\igfxpers.exe
2012-02-14 17:55:02 398616 ----a-w- C:\Windows\System32\hkcmd.exe
2012-02-14 17:55:02 250136 ----a-w- C:\Windows\System32\igfxext.exe
2012-02-14 17:55:02 184600 ----a-w- C:\Windows\System32\difx64.exe
2012-02-14 17:55:02 170264 ----a-w- C:\Windows\System32\igfxtray.exe
2012-02-14 17:53:26 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2653.dll
2012-02-14 17:47:40 8086528 ----a-w- C:\Windows\System32\igdumd64.dll
2012-02-14 17:47:38 14692224 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-02-14 17:47:06 963912 ----a-w- C:\Windows\SysWow64\igkrng600.bin
2012-02-14 17:47:06 963912 ----a-w- C:\Windows\System32\igkrng600.bin
2012-02-14 17:47:06 79360 ----a-w- C:\Windows\System32\igdde64.dll
2012-02-14 17:47:06 261208 ----a-w- C:\Windows\SysWow64\igfcg600m.bin
2012-02-14 17:47:06 261208 ----a-w- C:\Windows\System32\igfcg600m.bin
2012-02-14 17:44:54 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-02-14 17:44:24 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll
2012-02-14 17:42:58 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-02-14 17:35:26 7794688 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-02-14 17:07:18 18125312 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-02-14 16:59:56 13209600 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-02-14 16:56:42 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-02-14 16:56:34 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-02-14 16:56:34 430080 ----a-w- C:\Windows\System32\igfxdev.dll
2012-02-14 16:56:34 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-02-14 16:56:06 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-02-14 16:56:04 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-02-14 16:56:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll
2012-02-14 16:55:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-02-14 16:54:36 321024 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-02-14 16:53:08 524800 ----a-w- C:\Windows\System32\iglhsip64.dll
2012-02-14 16:53:08 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2012-02-14 16:53:08 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-02-14 16:53:08 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-02-14 16:53:08 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-02-14 16:53:08 213504 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-02-14 16:53:08 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2012-02-14 16:53:08 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 10:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
.
============= FINISH: 9:01:06,15 ===============

I've also attached the zip'ed attach report from DDS.

Thank you for your time and help! =)

Attached Files

Attach report.zip (2.8 KB)

Win32.Agent.adb won't disappear

Mar_Rib — Thu, 03 May 2012 17:01:17 GMT

I think I have a virus...plz help me!

tracibaby — Tue, 01 May 2012 07:51:55 GMT

I've been getting blue screen errors and then I found this...>> Requested to remove devices controlled by the "FBIKB_NT" service.
And then I found this...checksurlauncher,in a file password protected called....a030646fd05494d38d...I dn't knw if this is a virus or wot but the blue screen errors are happening mre often..any1 knw how 2 help me plz???

safesurf.exe keeps appearing and disappearing

insaniclol — Mon, 30 Apr 2012 03:45:52 GMT

Hi. Recently, this trojan came to annoy me during my gaming time. I tried to remove it by using the task manager but it keeps coming back after a few minutes. Right now, that thing keeps crashing and wants me to manually "close" it. A sort a popup message. It stills come back afterward. Anyway here's the DDS log.

DDS log
----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Alex at 23:34:46 on 2012-04-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1568 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\chrome\chrome.exe
C:\Program Files\DAEMON Tools Pro\DTAgent.exe
C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\DllHost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.ca/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [Google Update] "c:\users\alex\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\program files\valve\steam\steam.exe" -silent
uRun: [Akamai NetSession Interface] "c:\users\alex\appdata\local\akamai\netsession_win.exe"
uRun: [PlayNC Launcher]
uRun: [Facebook Update] "c:\users\alex\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [AdobeBridge]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Chrome] c:\chrome\chrome.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\alex\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{E312710C-FAD5-4D94-ACA4-370BCEF2D1A6} : DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-4-14 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-4-14 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-4-14 656320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-24 357968]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-24 294608]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-3-28 242240]
R1 MpKsl394e62c9;MpKsl394e62c9;c:\programdata\microsoft\microsoft antimalware\definition updates\{090aacaa-c495-4dff-8a6a-4c76dd8ba2f9}\MpKsl394e62c9.sys [2012-4-29 29904]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-4-14 233976]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-3-9 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-24 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-24 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-9-24 40384]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-3-2 47640]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-1-3 2984832]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-3-9 7723008]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-3-9 239616]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-9-24 101392]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-5-20 2074480]
RUnknown DiagnosticScan;DiagnosticScan; [x]
RUnknown Start1Driver;Start1Driver; [x]
S2 Browser Defender Update Service;Browser Defender Update Service;"c:\program files\pc tools security\bdt\bdtupdateservice.exe" --> c:\program files\pc tools security\bdt\BDTUpdateService.exe [?]
S2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [2012-3-20 609792]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 253088]
S3 apf003;apf003;c:\windows\system32\apf003.sys [2012-3-17 13232]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsauxs.exe --> c:\program files\pc tools security\pctsAuxs.exe [?]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctssvc.exe --> c:\program files\pc tools security\pctsSvc.exe [?]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-24 52224]
S3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2012-2-3 658528]
SUnknown MpKsl74aa916b;MpKsl74aa916b; [x]
.
=============== Created Last 30 ================
.
2012-04-29 09:14:08 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{090aacaa-c495-4dff-8a6a-4c76dd8ba2f9}\offreg.dll
2012-04-29 09:14:08 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{090aacaa-c495-4dff-8a6a-4c76dd8ba2f9}\MpKsl394e62c9.sys
2012-04-29 09:12:36 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{090aacaa-c495-4dff-8a6a-4c76dd8ba2f9}\mpengine.dll
2012-04-29 04:46:20 6734704 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-04-29 03:31:56 -------- d-----w- C:\ijji
2012-04-29 03:30:08 713312 ----a-w- c:\windows\system32\ijjiSetup.exe
2012-04-29 03:30:08 62048 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2012-04-29 03:30:08 -------- d-----w- C:\Temp
2012-04-29 02:51:47 -------- d-----w- c:\users\alex\appdata\local\{1876F58D-4CCC-4B24-8FEE-A854085116A3}
2012-04-29 02:51:32 -------- d-----w- c:\users\alex\appdata\local\{85F537F4-3138-459D-86FF-61220A961B99}
2012-04-28 06:58:45 -------- d-----w- c:\users\alex\appdata\local\{CD5C8CC6-D91B-4020-806A-286F997BD638}
2012-04-28 06:58:24 -------- d-----w- c:\users\alex\appdata\local\{8147E985-2753-4023-A700-056F1335553C}
2012-04-28 03:15:58 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{84b91b85-077d-4d3d-ab5c-c3720f52b8e9}\gapaengine.dll
2012-04-28 03:12:33 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-28 03:02:18 -------- d-----w- c:\users\alex\appdata\local\{A83B8262-8D04-4DEC-9E59-A28529E5F870}
2012-04-28 03:01:41 -------- d-----w- c:\users\alex\appdata\local\{113BC27C-5E11-4D67-A076-983F2CD203C5}
2012-04-28 02:55:06 -------- d-----w- C:\AMD
2012-04-27 23:50:34 -------- d-----w- c:\users\alex\appdata\local\{0D201DC6-F0D2-4D73-9A69-B269A0B24EA4}
2012-04-27 23:49:02 537432 ----a-w- c:\program files\common files\windows live\.cache\5217452c1cd24d001\DXSETUP.exe
2012-04-27 23:49:01 89944 ----a-w- c:\program files\common files\windows live\.cache\5217452c1cd24d001\DSETUP.dll
2012-04-27 23:49:01 1801048 ----a-w- c:\program files\common files\windows live\.cache\5217452c1cd24d001\dsetup32.dll
2012-04-27 23:47:29 -------- d-----w- c:\users\alex\appdata\local\{DA1944F4-CE67-4BEB-9925-9B3FF82C82C0}
2012-04-27 23:47:09 -------- d-----w- c:\users\alex\appdata\local\{F2D0BC2F-F70B-4AF3-AB70-1934D16A0580}
2012-04-26 02:53:38 -------- d-----w- c:\program files\REACTOR
2012-04-24 20:43:56 -------- d-----w- C:\koramgame
2012-04-24 20:43:00 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2012-04-24 20:43:00 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2012-04-24 20:42:59 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2012-04-24 20:42:59 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2012-04-24 20:42:59 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2012-04-24 20:42:58 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2012-04-24 20:42:57 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2012-04-24 20:42:55 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2012-04-20 17:01:38 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-04-20 07:22:58 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2012-04-20 07:21:35 -------- d-----w- c:\programdata\Battle.net
2012-04-19 22:45:11 -------- d-----w- c:\program files\SplitMediaLabs
2012-04-15 03:39:22 767952 ----a-w- c:\windows\BDTSupport.dll
2012-04-15 03:39:21 2074576 ----a-w- c:\windows\PCTBDCore.dll
2012-04-15 03:39:21 1533904 ----a-w- c:\windows\PCTBDRes.dll
2012-04-15 03:39:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-04-15 03:36:01 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-04-15 03:36:01 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-04-15 03:36:01 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-04-15 03:36:01 105280 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-04-15 03:35:57 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-04-15 03:35:57 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-04-15 03:35:56 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-15 03:35:55 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-04-15 03:35:44 -------- d-----w- c:\programdata\PC Tools
2012-04-15 03:35:44 -------- d-----w- c:\program files\common files\PC Tools
2012-04-10 06:49:10 -------- d-----w- c:\users\alex\appdata\local\{7E301E07-9DAC-4636-B60C-E69B38DEA3B4}
2012-04-10 06:48:48 -------- d-----w- c:\users\alex\appdata\local\{E8A3579D-C501-497C-9A68-208482B7B595}
2012-04-10 03:48:50 -------- d-----w- c:\users\alex\appdata\local\{B19DF15C-7B59-474D-B23C-174911AC7315}
2012-04-10 03:47:04 -------- d-----w- c:\users\alex\appdata\local\Smartbar
2012-04-10 03:44:32 -------- d-----w- c:\users\alex\appdata\local\{3E6ABEC2-B6A0-40B6-BE58-73DAFA5044C6}
2012-04-10 03:44:19 -------- d-----w- c:\users\alex\appdata\local\{429AB84A-D459-4931-8471-431022A34645}
2012-04-09 08:09:07 40960 ----a-r- c:\users\alex\appdata\roaming\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-04-09 08:09:07 40960 ----a-r- c:\users\alex\appdata\roaming\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\ARPPRODUCTICON.exe
2012-04-09 08:08:41 -------- d-----w- c:\program files\Project64 1.6
2012-04-07 23:23:29 -------- d-----w- c:\users\alex\appdata\local\SplitMediaLabs
2012-04-07 01:52:24 -------- d-----w- c:\programdata\WEBZEN
2012-04-06 21:11:23 -------- d-----w- c:\users\alex\appdata\local\{95330642-5F64-4A0A-8CF8-9DBD0FF001A3}
2012-04-02 18:56:42 -------- d-----w- c:\users\alex\appdata\local\{D65D35CB-A627-4C14-B145-5AC44AE2039C}
2012-04-02 18:56:20 -------- d-----w- c:\users\alex\appdata\local\{65CEB3C0-B140-45C0-BA78-F83095C9241E}
2012-04-02 06:56:44 -------- d-----w- c:\users\alex\appdata\local\{53D2A0FA-1E0A-46AA-971D-12ECF8CDCCFB}
2012-04-02 06:56:22 -------- d-----w- c:\users\alex\appdata\local\{DEEF0F14-157E-45A1-9F33-A4B27F453C7E}
2012-04-01 18:56:43 -------- d-----w- c:\users\alex\appdata\local\{A94C6CA0-76BE-48D1-B934-A5AD5EB942AB}
2012-04-01 18:56:21 -------- d-----w- c:\users\alex\appdata\local\{AC7BF34D-303F-463B-A1B2-AF03210ECF90}
2012-04-01 06:56:45 -------- d-----w- c:\users\alex\appdata\local\{0A3CDA1E-FA16-42F5-B4AF-BB97DE583727}
2012-04-01 06:56:20 -------- d-----w- c:\users\alex\appdata\local\{520D16A1-B92C-44E6-ABEA-BCC450659534}
.
==================== Find3M ====================
.
2012-04-14 07:07:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-14 07:07:10 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-07 02:09:43 658528 ----a-w- c:\windows\system32\xsherlock.xem
2012-04-04 00:47:02 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-03-28 18:14:21 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-21 00:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-17 23:02:41 16304 ------w- c:\windows\system32\apl003.sys
2012-03-17 23:02:41 13232 ------w- c:\windows\system32\apf003.sys
2012-02-29 19:21:24 42392 ----a-w- c:\windows\system32\xfcodec.dll
2012-02-02 22:50:43 5265 ----a-w- c:\windows\system32\nppt9x.vxd
2012-02-02 22:50:43 4774 ----a-w- c:\windows\system32\npptNT2.sys
2012-02-01 02:30:36 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-01 02:30:26 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-02-01 02:30:18 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-01 02:30:16 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 23:35:56.29 ===============

Attached Files

Attach.txt (8.6 KB)

safesurf.exe keeps coming back & crashing.

insaniclol — Sun, 29 Apr 2012 22:03:04 GMT

So recently, I've had this trojan on my computer. I did some research about it being located in the windows, program files, system32 folders and can't seem to find the program. While gaming, my game keeps getting "alt-tabbed" and that safesurf.exe popup appears saying that it got "crashed".

Infected - Smart Fortress 2012

Halton — Sun, 29 Apr 2012 16:15:49 GMT

.

Hello......please help with possible multiple infection.

I was browsing through some Google results when Avast started firing multiple warnings (bad urls / files)

I shut down the computer and restarted.....at which point Smart Fortress 2012 was installed and started scanning.

It also disabled my internet (WIND Mobile)

I restarted in safe mode......couldn't update Malwarebytes but scanned anyways.....found this:

Files Detected: 1 ...... C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\temp\ms0cfg32.exe (Exploit.Drop.CFG)

Then ran Avast scan......see attached screen capture.

It appears that Spybot may have been removed but not sure....Safe Mode prevents me from seeing full screen.

Not sure how to procede with required scans.

Everything will need to be done via an 8GB SD card jump drive as I am now posting from another computer.

Please help as I am dead in the water with this one.......Best Regards

.

Attached Images

Scan Result.jpg (27.4 KB)

smitfraud-c.generic infection removal help

vikkid_x2 — Sat, 28 Apr 2012 00:07:54 GMT

I seem to have the smitfraud-c.generic trojan on my PC and cant seem to get rid of it using SpybotS&D,MalewareBytes, Norton;so I need your help.
A little backround on the troubelshooting I did on my end- The issue started yesterday when I was having trouble logging into windows-screen freeze on the credentials step(and very slow post login). After mucking around with the hw(ram); I was able to start windows and ran Spybot S&D. This is when I realized that I had the smitfraud. I proceeded to try and remove it Spybot; but it seemed to return on a restart. When spybot dint do the trick,I downloaded & tried Malware Bytes; and finally I tried this tool called Norton Power Eraser - Neither did the job.

I need your inputs on getting this resolved. Please help!!

One observation - the PC occasionally is superfast(almost like for a few hours block); then it becomes super slow(again for a few hours continiously). Why is that? Why isnt it consitantly slow?

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Vik at 20:05:00 on 2012-04-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2550 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hauppauge\MediaCenterService\HcwMceSvc.exe
C:\Program Files (x86)\IR Server Suite\IR Server.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\SnugTV\SnugTV Station\AMAServer.exe
C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\M.Play Home Center\MHC.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\IR Server Suite\IR Server Tray.exe
C:\Users\Vik\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Vik\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
E:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
E:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\WinTV\Ir.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
E:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe
C:\Program Files (x86)\SnugTV\SnugTV Station\QuickStart.exe
E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
E:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Windows\system32\conhost.exe
E:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
E:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - E:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - E:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - E:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - E:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [IR Server Tray] "C:\Program Files (x86)\IR Server Suite\IR Server Tray.exe"
uRun: [Google Update] "C:\Users\Vik\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [IR Server]
uRun: [Octoshape Streaming Services] "C:\Users\Vik\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [12Voip] "E:\Program Files (x86)\12Voip.com\12Voip\12Voip.exe" -nosplash -minimized
uRun: [AnyDVD] E:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
mRun: [TrueImageMonitor.exe] E:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [UpdateLBPShortCut] "E:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "E:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [RemoteControl9] "E:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [UpdatePPShortCut] "E:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "E:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [LGODDFU] "E:\Program Files (x86)\lg_toolkit\fwupdate.exe" blrun
mRun: [UpdatePSTShortCut] "E:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "E:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [Malwarebytes' Anti-Malware] "E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Vik\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - E:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Vik\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - E:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\Vik\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZvRemote.lnk - C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOST~1.LNK - C:\Program Files (x86)\WinTV\Ir.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AVERHI~1.LNK - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AVERQU~1.LNK - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MEDIAB~1.LNK - E:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNUGTV~1.LNK - C:\Windows\Installer\{F6C368A7-0DD5-4DA1-BDE1-4369AFA45B4E}\NewShortcut1_46FEF19C05F1475DAA14D9007DC15270_2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOTALM~1.LNK - E:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{CB682261-DFD6-4B36-8A59-B075D9EAAFC7} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - E:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - E:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - E:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [TrueImageMonitor.exe] E:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [UpdateLBPShortCut] "E:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "E:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [RemoteControl9] "E:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [UpdatePPShortCut] "E:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "E:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun-x64: [LGODDFU] "E:\Program Files (x86)\lg_toolkit\fwupdate.exe" blrun
mRun-x64: [UpdatePSTShortCut] "E:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "E:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [Malwarebytes' Anti-Malware] "E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);C:\Windows\system32\DRIVERS\tdrpm251.sys --> C:\Windows\system32\DRIVERS\tdrpm251.sys [?]
R1 ArcSec;archlp;C:\Windows\system32\drivers\ArcSec.sys --> C:\Windows\system32\drivers\ArcSec.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120416.001\IDSviA64.sys [2012-4-16 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2011-9-16 39528]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-9-11 2326920]
R2 AVerRemote;AVerRemote;C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2011-12-30 348160]
R2 AVerScheduleService;AVerScheduleService;C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2011-12-30 397312]
R2 AVerUpdateServer;AVerUpdateServer;C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2010-3-9 169984]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-11 136176]
R2 HcwMceSvc;Hauppauge Media Center Service;C:\Program Files (x86)\Hauppauge\MediaCenterService\HcwMceSvc.exe [2011-9-17 113192]
R2 IRServer;IR Server;C:\Program Files (x86)\IR Server Suite\IR Server.exe [2009-12-18 356352]
R2 MBAMService;MBAMService;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-27 654408]
R2 SnugTV Service;SnugTV Service;C:\Program Files (x86)\SnugTV\SnugTV Station\AMAServer.exe [2010-4-12 526336]
R2 TunerFreeMCEService;TunerFreeMCEService;C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe [2011-10-27 14336]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 AVerFx2hbtv64;AVerMedia H826 USB Hybrid Tuner;C:\Windows\system32\drivers\AVerFx2hbtv64.sys --> C:\Windows\system32\drivers\AVerFx2hbtv64.sys [?]
R3 hcw49swt;Hauppauge HD PVR Tuner Device;C:\Windows\system32\drivers\hcw49swt.sys --> C:\Windows\system32\drivers\hcw49swt.sys [?]
R3 hcwD1capture;Hauppauge Colossus Capture Service;C:\Windows\system32\DRIVERS\hcwD1cap.sys --> C:\Windows\system32\DRIVERS\hcwD1cap.sys [?]
R3 hcwD1encoder;Hauppauge Colossus Encoder Service;C:\Windows\system32\DRIVERS\hcwD1xcd.sys --> C:\Windows\system32\DRIVERS\hcwD1xcd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-4-2 1160824]
S2 CLKMSVC10_173EB256;CyberLink Product - 2011/12/03 20:30:17;E:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-23 240112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 N360;Norton Security Suite;"E:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe" /s "N360" /m "E:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll" /prefetch:1 --> E:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe [?]
S2 SBSDWSCService;SBSD Security Center Service;E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-11 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-27 253088]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-4 138360]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-11 136176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-27 23:31:38 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-27 22:19:53 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-27 22:19:52 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-27 22:19:52 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-27 22:17:06 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-27 19:31:23 -------- d-----w- C:\Users\Vik\AppData\Roaming\Malwarebytes
2012-04-27 19:31:18 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-27 19:15:02 -------- d-----w- C:\Users\Vik\AppData\Local\NPE
2012-04-14 01:08:47 -------- d-----w- C:\Users\Vik\AppData\Local\{5987E7C4-5813-46E1-B9AE-F4B9D046FD0C}
2012-04-13 13:08:06 -------- d-----w- C:\Users\Vik\AppData\Local\{4784D39C-0335-4A6B-A64F-6B9059C77D35}
2012-04-13 13:07:56 -------- d-----w- C:\Users\Vik\AppData\Local\{A55FD31E-B714-431E-85AE-DE4A86D35D3D}
2012-04-13 13:03:05 -------- d-----w- C:\Windows\en
2012-04-13 12:58:43 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-04-13 12:55:33 -------- d-----w- C:\Users\Vik\AppData\Local\Windows Live
2012-04-13 12:55:31 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-04-13 12:46:02 -------- d-----w- C:\Users\Vik\AppData\Local\AVer MediaCenter
2012-04-12 07:00:59 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 07:00:59 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 07:00:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 07:00:58 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 07:00:58 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 07:00:58 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 07:00:58 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-10 04:27:18 -------- d-----w- C:\Users\Vik\AppData\Roaming\Tific
2012-04-10 04:27:14 -------- d-----w- C:\Users\Vik\AppData\Local\Symantec
.
==================== Find3M ====================
.
2012-04-27 22:17:06 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:27 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 20:05:20.18 ===============

Please find the attach.zip file from the dds tool attached.

Attached Files

Attach.zip (5.1 KB)

smitfraud-c.generic infection removal help

vikkid_x2 — Fri, 27 Apr 2012 23:45:10 GMT

Infected?

stevew — Thu, 26 Apr 2012 03:11:16 GMT

Hello,

I have just resurrected my pc after about 4 months in hibernation. The first thing I did was bring all anti-virus, OS and malware s/w up to current releases and ran all available scans.

Nothing bad was found (Spybot found some items and they were all successfully removed).

However, the pc is incredibly slow and often freezes causing me to have to do a hard reboot.

Any help you can provide is greatly appreciated.

Thanks, Steve.

Happili.com and other browser redirects

rengland — Wed, 25 Apr 2012 23:43:50 GMT

Thanks for your help! Here's my DDS file. Attached is the Attach.zip (I hope).

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_29
Run by Randall England at 19:36:33 on 2012-04-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.388 [GMT -7:00]
.
AV: Norton AntiVirus *Enabled/Updated* {B5510F6F-87E1-47F7-A411-360BC453007C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\randall england\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: []
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\docume~1\randal~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3D26F10A-C044-406C-BC70-9BAD1BBB187A} : DhcpNameServer = 192.168.1.1
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\randall england\application data\mozilla\firefox\profiles\u1gyrest.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\randall england\application data\mozilla\firefox\profiles\u1gyrest.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\randall england\application data\mozilla\firefox\profiles\u1gyrest.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\randall england\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\randall england\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-9-8 237056]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-9-8 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-9-8 484352]
S2 gupdate1c9f6e5768bb8f0;Google Update Service (gupdate1c9f6e5768bb8f0);c:\program files\google\update\GoogleUpdate.exe [2009-6-26 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-26 133104]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-3-13 34760]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2009-3-13 29584]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-11-7 11520]
.
=============== Created Last 30 ================
.
2012-04-23 23:28:16 -------- d-----w- c:\documents and settings\all users\application data\ClubSanDisk
2012-04-09 07:33:39 97328 ----a-w- c:\windows\system32\vetredir.dll
2012-04-09 07:33:39 202064 ----a-w- c:\windows\system32\Isafprod.dll
2012-04-09 07:33:39 130096 ----a-w- c:\windows\system32\isafeif.dll
2012-04-09 07:27:05 7 ----a-w- c:\windows\system32\mkghj.dll
2012-04-09 07:26:30 200704 ----a-w- c:\windows\system32\ssleay32.dll
2012-04-09 07:26:26 -------- d-----w- c:\windows\rnapxs
2012-04-09 04:05:25 -------- d-----w- c:\program files\iPod
2012-04-08 19:19:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-02 09:30:37 -------- d-----w- c:\documents and settings\randall england\local settings\application data\{5BCB26F1-7C8D-11E1-826D-B8AC6F996F26}
2012-04-02 09:30:15 -------- d-----w- c:\documents and settings\randall england\local settings\application data\MSRebar
.
==================== Find3M ====================
.
2012-03-01 01:25:04 832512 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 01:25:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-03-01 01:25:03 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 01:25:03 17408 ----a-w- c:\windows\system32\corpol.dll
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 07:38:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 18:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 18:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 19:37:27.46 ===============

Attached Files

attach.zip (5.7 KB)

Re: W3i.IQ5.fraud Removal

Faizan — Wed, 25 Apr 2012 20:43:34 GMT

Hey i am sorry for my tardy response but i was traveling and managed to fix this problem just by running S&D in administrator mode. The scans do not appear to show any problems but nevertheless i will be posting what was recommended just to see if my system is as clean as i think it is.
The thread i am referring to is
http://forums.spybot.info/showthread...150#post424150

Regards,
Faizan

Attached Files

	ckfiles.txt (1.5 KB)
	aswMBR.txt (2.0 KB)
	ComboFix.txt (28.9 KB)

XP Antispyware 2012 virus

Bread — Wed, 25 Apr 2012 11:34:08 GMT

I have XP antispyware 2012/Internet Security 2012 on my laptop. It boots up when i run internet explorer (try to access internet)I think? via jjv.eve file, so not able to access web. Not possible to download a fix. Have managed to load Superantispyware Portable via memory stick and run quick scan, lots of malware found and deleted but not one listed above:sad: Not able to start up in anything but Normal Mode.
Obviously not been able to run any kind of back up requiring a web link. This post sent via another laptop.
Any ideas spring to mind on a possible fix?

IDP.Trojan.1C8D1A13 & Crypt.AQLW

jacknjaspa — Wed, 25 Apr 2012 03:30:44 GMT

G'day Guys I'm not a techo & new here. Was pointed in this direction to run ERUNT (this wouldn't run due to no internet access on pc) & DDS log.

First can I say before I found your site & had discovered the virus (see notes below) I had tried to run Combofix but it didn't work (i think, as I have lost internet access on my PC)

I hope I've done it right so far??

--------------------------------------------------------------------------
My 7 year old son mainly uses our pc for playing games & printing out coloring in pages etc.

I run AVG & it's now coming up with following;
IDP.Trojan.1C8D1A13 & Crypt.AQLW

I've tried to find a tool to remove it (as avg cant get rid of it) but can't find anything. Don't really know what else to do?

If you can an help me I would really appreciate it (fyi the pc runs xppro).

Cheers Andy

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Cameron at 11:05:22 on 2012-04-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1410 [GMT 8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\FingerPrint\FingerPrint.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: RewardsArcade: {597a9974-8cb0-4f41-b61f-ed065738a397} - c:\program files\rewardsarcade\RewardsArcade.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Help the General-Search Project: {ca4520f3-ae13-4fb1-a513-58e23991c86d} - c:\docume~1\cameron\applic~1\mediaf~1\extens~1\GENCRA~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\18.0.1025.162\npchrome_frame.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\9.0"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [uipre] rundll32.exe "c:\docume~1\cameron\locals~1\temp\uipre.dll",Vec3TransformCoord
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\cameron\startm~1\programs\startup\myprog~1.lnk - c:\program files\fingerprint\FingerPrint.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311t\wlancfg5.exe
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{A4A02AAB-A392-4FBC-8929-A0CB65998009} : DhcpNameServer = 10.1.1.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\18.0.1025.162\npchrome_frame.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
S2 antivirservice;Ctljystk;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FingerPrint;FingerPrint Service;c:\program files\fingerprint\fingerprintservice.exe -start --> c:\program files\fingerprint\FingerPrintService.exe -start [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-28 116648]
S2 mcvsrte;Roxmediadb;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 mks_scan;Z525obex;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 nod32krn;Kerbkey;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 ofcpfwsvc;Websensecpmcommunicationagent;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 pavdrv;Pnp680r;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 symantecantibotdriver;Tmesrv3;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 symantecantibotshim;Oracle%oracle_home_service%clientcache80;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 vsdatant;HFACSVC;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-5-10 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-28 116648]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-12-15 18432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-24 05:19:22 -------- d-----w- c:\documents and settings\cameron\local settings\application data\NPE
2012-04-24 05:19:22 -------- d-----w- c:\documents and settings\all users.windows\application data\Norton
2012-04-24 05:08:19 -------- d-----w- c:\documents and settings\all users.windows\application data\COMODO
2012-04-24 05:08:10 -------- d-----w- c:\documents and settings\cameron\application data\Comodo
2012-04-23 00:07:36 -------- d-----w- c:\documents and settings\cameron\application data\Uqycux
2012-04-23 00:07:36 -------- d-----w- c:\documents and settings\cameron\application data\Rofeen
2012-04-22 15:48:12 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Identities
2012-04-22 15:47:58 -------- d-----w- c:\documents and settings\cameron\application data\Ypaxad
2012-04-22 15:47:58 -------- d-----w- c:\documents and settings\cameron\application data\Ydod
2012-04-20 00:23:16 -------- d-----w- C:\sh4ldr
2012-04-20 00:23:16 -------- d-----w- c:\program files\Enigma Software Group
2012-04-20 00:21:59 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-20 00:21:30 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-04-19 23:49:31 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-19 23:48:04 -------- d-----w- c:\documents and settings\all users.windows\application data\F4D55F2C000BBBB74E027CC6D151FC4E
2012-04-17 00:41:07 -------- d--h--w- c:\documents and settings\all users.windows\application data\CanonIJFAX
2012-04-17 00:40:16 315392 ----a-w- c:\windows\system32\CNC410L.dll
2012-04-17 00:40:16 1347584 ----a-w- c:\windows\system32\CNC410C.dll
2012-04-17 00:40:16 114688 ----a-w- c:\windows\system32\CNC410I.dll
2012-04-17 00:40:16 106496 ----a-w- c:\windows\system32\CNC410U.dll
2012-04-17 00:36:39 -------- d-----w- c:\documents and settings\cameron\application data\Canon Easy-WebPrint EX
2012-04-17 00:32:02 257024 ----a-w- c:\windows\system32\CNCALAL.DLL
2012-04-17 00:31:49 74752 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPAL.DLL
2012-04-17 00:31:49 303104 ----a-w- c:\windows\system32\CNMLMAL.DLL
2012-04-17 00:31:49 28672 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDAL.DLL
2012-04-17 00:31:42 94208 ----a-w- c:\windows\system32\CNC410O.dll
2012-04-17 00:31:39 180224 ----a-w- c:\windows\system32\CNMIUAL.DLL
2012-04-07 08:55:58 -------- d-sh--w- C:\found.000
2012-04-07 07:42:52 -------- d-----w- C:\big w prints
2012-04-07 07:07:12 -------- d-----w- C:\Vuze
2012-04-07 06:48:39 -------- d-----w- C:\To Transfer
2012-04-06 00:19:51 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 03:09:26 -------- d-----r- C:\g on Home PC (B03f21ae66bf49c)
2012-03-28 07:22:27 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Plex
2012-03-28 07:22:20 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Deployment
2012-03-28 07:19:19 -------- d-----w- c:\documents and settings\all users.windows\application data\boost_interprocess
2012-03-28 07:19:17 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Plex Media Server
2012-03-28 07:19:01 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-03-28 07:18:44 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-03-28 07:18:33 -------- d-----w- c:\windows\Logs
2012-03-28 07:16:08 -------- d-----w- c:\program files\Plex
2012-03-26 11:07:43 -------- d-----w- c:\documents and settings\cameron\application data\searchquband
2012-03-26 11:07:43 -------- d-----w- c:\documents and settings\cameron\AppData
.
==================== Find3M ====================
.
2012-04-14 15:02:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-02-15 03:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 03:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22:18 1860096 ------w- c:\windows\system32\win32k.sys
.
============= FINISH: 11:06:10.65 ===============

Attached Files

	dds.txt (14.9 KB)
	attach.zip (13.0 KB)