Results 1 to 7 of 7

Thread: Help Remove Win32.PUP Bandoo (800)

  1. #1
    Member
    Join Date
    Feb 2008
    Posts
    60

    Default Help Remove Win32.PUP Bandoo (800)

    Please help me remove this malware


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Dell XPS Andy at 10:45:48 on 2012-03-19
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9607 [GMT -4:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\1Password\Agile1pService.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\SysWOW64\atashost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
    C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Users\Dell XPS Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\Program Files (x86)\1Password\Agile1pAgent.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\System32\vds.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: 1Password: {cb1a24da-7416-4921-a0cf-5aa1160aae2a} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [QuickGammaResume]
    uRun: [QuickGammaLoader] C:\Program Files (x86)\QuickGamma\QuickGammaLoader.exe
    uRun: [EPSON Stylus Photo R1800] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE /FU "C:\Windows\TEMP\E_S88DE.tmp" /EF "HKCU"
    uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN18K1K17805KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
    mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    dRun: [EPSON Stylus Photo R1800 (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE /FU "C:\Windows\TEMP\E_S8D12.tmp" /EF "HKCU"
    StartupFolder: C:\Users\DELLXP~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dell XPS Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{5F768F60-6C7F-4113-AC2A-3E885C0AF23D} : DhcpNameServer = 75.75.75.75 75.75.76.76
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: 1Password: {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\PROGRA~2\1PASSW~1\AGILE1~1.DLL
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
    mRunOnce-x64: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/03/31 00:35:36];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-3-31 146928]
    R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
    R2 Agile1Password;1Password;C:\Program Files (x86)\1Password\Agile1pService.exe [2011-4-23 768776]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-2-14 133944]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-4-29 1153368]
    R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-9-8 288256]
    R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-9-8 1034752]
    R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-9-8 485376]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-3-18 17152]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys --> C:\Windows\system32\drivers\t3.sys [?]
    R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-20 136176]
    S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
    S3 atillk64;atillk64;C:\dell\drivers\R267410\atillk64.sys [2011-4-25 14608]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-3-31 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-3-31 79360]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-20 136176]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
    S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
    S3 SeqCal;SeqCal;C:\Windows\system32\DRIVERS\SeqCal.sys --> C:\Windows\system32\DRIVERS\SeqCal.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-31 656624]
    .
    =============== Created Last 30 ================
    .
    2012-03-19 03:53:53 16432 ----a-w- C:\Windows\System32\lsdelete.exe
    2012-03-19 03:47:19 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
    2012-03-19 03:47:12 -------- d-----w- C:\Program Files (x86)\Lavasoft
    2012-03-16 16:43:45 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8907221B-9AE6-42B9-81F1-5CB0FB6C8B0A}\mpengine.dll
    2012-03-14 20:33:05 -------- d-----w- C:\Program Files\iPod
    2012-03-14 20:33:04 -------- d-----w- C:\Program Files\iTunes
    2012-03-14 20:33:04 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-03-14 07:01:58 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-03-14 07:01:58 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-03-14 07:01:57 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-03-14 06:16:52 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-14 06:16:51 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-03-14 06:16:51 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-03-14 06:16:35 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-03-14 06:16:35 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-03-14 06:16:35 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-03-14 06:16:35 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-03-14 06:16:35 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-03-14 06:16:35 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-03-14 06:16:35 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-03-09 18:59:18 -------- d-----w- C:\Users\Dell XPS Andy\AppData\Local\ElevatedDiagnostics
    2012-03-01 14:38:23 -------- d-----w- C:\Users\Dell XPS Andy\AppData\Roaming\Xtend2.71305F52FFD36D9BDDE00284EF6181AE6688276A.1
    2012-03-01 14:27:09 -------- d-----w- C:\Program Files (x86)\Xtend
    .
    ==================== Find3M ====================
    .
    2012-03-19 03:48:51 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
    2012-03-14 12:10:00 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-08 20:21:38 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-02-15 15:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2012-02-15 15:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2012-02-14 17:35:15 215864 ----a-w- C:\Windows\SysWow64\atsckernel.exe
    2012-02-14 17:35:15 133944 ----a-w- C:\Windows\SysWow64\atashost.exe
    2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
    .
    ============= FINISH: 10:46:10.76 ===============
    Attached Files Attached Files

  2. #2
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,498

    Default

    Hi,

    Do you have a log showing item that was detected as mentioned pest?
    Microsoft MVP Consumer Security 2008-2014
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Member
    Join Date
    Feb 2008
    Posts
    60

    Default

    Hi Blade,

    I used CCleaner and I don't think a log is available.

  4. #4
    Member
    Join Date
    Feb 2008
    Posts
    60

    Default

    Sorry Blade, I must have been half asleep when I replied earlier. Here is the lof file from AdAware



    Logfile created: 3/19/2012 07:46:12
    Ad-Aware version: 9.6.0
    Extended engine: 3
    Extended engine version: 3.1.2770
    User performing scan: Dell XPS Andy

    *********************** Definitions database information ***********************
    Lavasoft definition file: 150.759
    Genotype definition file version: 2012/02/13 12:34:34
    Extended engine definition file: 11682.0

    ******************************** Scan results: *********************************
    Scan profile name: Full Scan (ID: full)
    Objects scanned: 263780
    Objects detected: 1


    Type Detected
    ==========================
    Processes.......: 0
    Registry entries: 0
    Hostfile entries: 0
    Files...........: 1
    Folders.........: 0
    LSPs............: 0
    Cookies.........: 0
    Browser hijacks.: 0
    MRU objects.....: 0



    Skipped items:
    Description: c:\users\dell xps andy\downloads\ilividsetupv1.exe Family Name: Win32.PUP.Bandoo[800] Engine: 1 Clean status: Success Item ID: 0 Family ID: 0 MD5: 03a502fd5212c95f0158e2ab158cf2fc

    Scan and cleaning complete: Finished correctly after 4490 seconds

    *********************************** Settings ***********************************

    Scan profile:
    ID: full, enabled:1, value: Full Scan
    ID: folderstoscan, enabled:1, value: C:\
    ID: useantivirus, enabled:1, value: true
    ID: sections, enabled:1
    ID: scancriticalareas, enabled:1, value: true
    ID: scanrunningapps, enabled:1, value: true
    ID: scanregistry, enabled:1, value: true
    ID: scanlsp, enabled:1, value: true
    ID: scanads, enabled:1, value: true
    ID: scanhostsfile, enabled:1, value: true
    ID: scanmru, enabled:1, value: true
    ID: scanbrowserhijacks, enabled:1, value: true
    ID: scantrackingcookies, enabled:1, value: true
    ID: closebrowsers, enabled:1, value: false
    ID: filescanningoptions, enabled:1
    ID: archives, enabled:1, value: true
    ID: onlyexecutables, enabled:1, value: false
    ID: skiplargerthan, enabled:1, value: 20480
    ID: scanrootkits, enabled:1, value: true
    ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
    ID: usespywareheuristics, enabled:1, value: true

    Scan global:
    ID: global, enabled:1
    ID: addtocontextmenu, enabled:1, value: true
    ID: playsoundoninfection, enabled:1, value: false
    ID: soundfile, enabled:0, value: N/A

    Scheduled scan settings:
    <Empty>

    Update settings:
    ID: updates, enabled:1
    ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
    ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
    ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
    ID: schedules, enabled:1, value: true
    ID: updatedaily1, enabled:1, value: Daily 1
    ID: time, enabled:1, value: Sun Mar 18 23:47:00 2012
    ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
    ID: weekdays, enabled:1
    ID: monday, enabled:1, value: false
    ID: tuesday, enabled:1, value: false
    ID: wednesday, enabled:1, value: false
    ID: thursday, enabled:1, value: false
    ID: friday, enabled:1, value: false
    ID: saturday, enabled:1, value: false
    ID: sunday, enabled:1, value: false
    ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
    ID: scanprofile, enabled:1, value:
    ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily2, enabled:1, value: Daily 2
    ID: time, enabled:1, value: Sun Mar 18 05:47:00 2012
    ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
    ID: weekdays, enabled:1
    ID: monday, enabled:1, value: false
    ID: tuesday, enabled:1, value: false
    ID: wednesday, enabled:1, value: false
    ID: thursday, enabled:1, value: false
    ID: friday, enabled:1, value: false
    ID: saturday, enabled:1, value: false
    ID: sunday, enabled:1, value: false
    ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
    ID: scanprofile, enabled:1, value:
    ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily3, enabled:1, value: Daily 3
    ID: time, enabled:1, value: Sun Mar 18 11:47:00 2012
    ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
    ID: weekdays, enabled:1
    ID: monday, enabled:1, value: false
    ID: tuesday, enabled:1, value: false
    ID: wednesday, enabled:1, value: false
    ID: thursday, enabled:1, value: false
    ID: friday, enabled:1, value: false
    ID: saturday, enabled:1, value: false
    ID: sunday, enabled:1, value: false
    ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
    ID: scanprofile, enabled:1, value:
    ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily4, enabled:1, value: Daily 4
    ID: time, enabled:1, value: Sun Mar 18 17:47:00 2012
    ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
    ID: weekdays, enabled:1
    ID: monday, enabled:1, value: false
    ID: tuesday, enabled:1, value: false
    ID: wednesday, enabled:1, value: false
    ID: thursday, enabled:1, value: false
    ID: friday, enabled:1, value: false
    ID: saturday, enabled:1, value: false
    ID: sunday, enabled:1, value: false
    ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
    ID: scanprofile, enabled:1, value:
    ID: auto_deal_with_infections, enabled:1, value: false
    ID: updateweekly1, enabled:1, value: Weekly
    ID: time, enabled:1, value: Sun Mar 18 23:47:00 2012
    ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
    ID: weekdays, enabled:1
    ID: monday, enabled:1, value: false
    ID: tuesday, enabled:1, value: false
    ID: wednesday, enabled:1, value: true
    ID: thursday, enabled:1, value: false
    ID: friday, enabled:1, value: false
    ID: saturday, enabled:1, value: false
    ID: sunday, enabled:1, value: true
    ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
    ID: scanprofile, enabled:1, value:
    ID: auto_deal_with_infections, enabled:1, value: false

    Appearance settings:
    ID: appearance, enabled:1
    ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
    ID: showtrayicon, enabled:1, value: true
    ID: autoentertainmentmode, enabled:1, value: true
    ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
    ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

    Realtime protection settings:
    ID: realtime, enabled:1
    ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
    ID: layers, enabled:1
    ID: useantivirus, enabled:1, value: true
    ID: usespywareheuristics, enabled:1, value: true
    ID: maintainbackup, enabled:1, value: true
    ID: modules, enabled:1
    ID: processprotection, enabled:1, value: true
    ID: onaccessprotection, enabled:1, value: true
    ID: registryprotection, enabled:1, value: true
    ID: networkprotection, enabled:1, value: true


    ****************************** System information ******************************
    Computer name: DELLXPS-PC
    Processor name: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
    Processor identifier: Intel64 Family 6 Model 26 Stepping 5
    Processor speed: ~2660MHZ
    Raw info: processorarchitecture 9, processortype 8664, processorlevel 6, processor revision 6661, number of processors 8, processor features: [MMX,SSE,SSE2,SSE3]
    Physical memory available: 10353901568 bytes
    Physical memory total: 12875452416 bytes
    Virtual memory available: 1846116352 bytes
    Virtual memory total: 2147352576 bytes
    Memory load: 19%
    Microsoft Service Pack 1 (build 7601)
    Windows startup mode:

    Running processes:
    PID: 352 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 456 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 544 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 568 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 604 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 612 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 620 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 724 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 784 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 860 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
    PID: 928 name: C:\Windows\System32\atiesrxx.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 972 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
    PID: 1008 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 144 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 660 name: C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 556 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
    PID: 1040 name: C:\Program Files\Dell\DellDock\DockLogin.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1100 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
    PID: 1188 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1312 name: C:\Windows\System32\atieclxx.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1468 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1496 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
    PID: 1848 name: C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1920 name: C:\Program Files (x86)\1Password\Agile1pService.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1988 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 2036 name: C:\Windows\SysWOW64\atashost.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1088 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1236 name: C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 1664 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
    PID: 1940 name: C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE owner: SYSTEM domain: NT AUTHORITY
    PID: 2116 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
    PID: 2172 name: C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 2236 name: C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 2300 name: C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 2348 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 2380 name: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 2456 name: C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 2656 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 2780 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 2444 name: C:\Windows\System32\WUDFHost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
    PID: 3200 name: C:\Windows\System32\taskhost.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 3392 name: C:\Windows\System32\dwm.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 3408 name: C:\Windows\explorer.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 3660 name: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 3672 name: C:\Windows\System32\conhost.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 3780 name: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 3916 name: C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 4036 name: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 4048 name: C:\Program Files\Microsoft IntelliType Pro\itype.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 4056 name: C:\Program Files\Microsoft IntelliPoint\ipoint.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 2896 name: C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 704 name: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 3368 name: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 3108 name: C:\Users\Dell XPS Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 3404 name: C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 3504 name: C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 3152 name: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 3276 name: C:\Program Files (x86)\1Password\Agile1pAgent.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 3632 name: C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 2600 name: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 2584 name: C:\Program Files (x86)\iTunes\iTunesHelper.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 3856 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 3800 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 3688 name: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 3128 name: C:\Windows\System32\conhost.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 4320 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY
    PID: 4364 name: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 4524 name: C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 4008 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 656 name: C:\Windows\System32\vds.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 3712 name: C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 284 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 424 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 392 name: C:\Windows\System32\SearchProtocolHost.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 792 name: C:\Windows\System32\SearchFilterHost.exe owner: SYSTEM domain: NT AUTHORITY
    PID: 2624 name: C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe owner: LOCAL SERVICE domain: NT AUTHORITY
    PID: 3656 name: C:\Program Files (x86)\Dell DataSafe Local Backup\SftVss64.exe owner: Dell XPS Andy domain: DellXPS-PC
    PID: 2132 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: NETWORK SERVICE domain: NT AUTHORITY

    Startup items:
    Name: PDVDDXSrv
    imagepath: "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    Name: GrooveMonitor
    imagepath: "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    Name: StartCCC
    imagepath: "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    Name: dellsupportcenter
    imagepath: "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    Name: AppleSyncNotifier
    imagepath: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    Name: APSDaemon
    imagepath: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    Name: QuickTime Task
    imagepath: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    Name: Agile1pAgent
    imagepath: C:\Program Files (x86)\1Password\Agile1pAgent.exe
    Name: Adobe Reader Speed Launcher
    imagepath: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    Name: Adobe ARM
    imagepath: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    Name: SunJavaUpdateSched
    imagepath: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    Name: iTunesHelper
    imagepath: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    Name: EPSON Stylus Photo R1800 (Copy 1)
    imagepath: C:\Windows\system32\spool\DRIVERS\x64\3\E_IATI9LA.EXE /FU "C:\Windows\TEMP\E_S8D12.tmp" /EF "HKCU"
    Name: "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    imagepath: "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    Name: Launcher
    imagepath: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
    Name: STToasterLauncher
    imagepath: C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    Name: WebCheck
    imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    Name:
    location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    imagepath: C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    Name:
    imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
    Name:
    imagepath: C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

    Bootexecute items:
    Name:
    imagepath: autocheck autochk *
    Name:
    imagepath: lsdelete

    Running services:
    Name: AdobeActiveFileMonitor8.0
    displayname: Adobe Active File Monitor V8
    Name: AeLookupSvc
    displayname: Application Experience
    Name: Agile1Password
    displayname: 1Password
    Name: AMD External Events Utility
    displayname: AMD External Events Utility
    Name: Apple Mobile Device
    displayname: Apple Mobile Device
    Name: atashost
    displayname: WebEx Service Host for Support Center
    Name: AudioEndpointBuilder
    displayname: Windows Audio Endpoint Builder
    Name: AudioSrv
    displayname: Windows Audio
    Name: BFE
    displayname: Base Filtering Engine
    Name: BITS
    displayname: Background Intelligent Transfer Service
    Name: Bonjour Service
    displayname: Bonjour Service
    Name: Browser
    displayname: Computer Browser
    Name: btwdins
    displayname: Bluetooth Service
    Name: CryptSvc
    displayname: Cryptographic Services
    Name: CTAudSvcService
    displayname: Creative Audio Service
    Name: DcomLaunch
    displayname: DCOM Server Process Launcher
    Name: Dhcp
    displayname: DHCP Client
    Name: Dnscache
    displayname: DNS Client
    Name: DockLoginService
    displayname: Dock Login Service
    Name: DPS
    displayname: Diagnostic Policy Service
    Name: eventlog
    displayname: Windows Event Log
    Name: EventSystem
    displayname: COM+ Event System
    Name: fdPHost
    displayname: Function Discovery Provider Host
    Name: FDResPub
    displayname: Function Discovery Resource Publication
    Name: FontCache
    displayname: Windows Font Cache Service
    Name: FontCache3.0.0.0
    displayname: Windows Presentation Foundation Font Cache 3.0.0.0
    Name: gpsvc
    displayname: Group Policy Client
    Name: hidserv
    displayname: Human Interface Device Access
    Name: HomeGroupProvider
    displayname: HomeGroup Provider
    Name: IAANTMON
    displayname: Intel(R) Matrix Storage Event Monitor
    Name: IKEEXT
    displayname: IKE and AuthIP IPsec Keying Modules
    Name: IPBusEnum
    displayname: PnP-X IP Bus Enumerator
    Name: iphlpsvc
    displayname: IP Helper
    Name: iPod Service
    displayname: iPod Service
    Name: LanmanServer
    displayname: Server
    Name: LanmanWorkstation
    displayname: Workstation
    Name: Lavasoft Ad-Aware Service
    displayname: Lavasoft Ad-Aware Service
    Name: lmhosts
    displayname: TCP/IP NetBIOS Helper
    Name: MMCSS
    displayname: Multimedia Class Scheduler
    Name: MpsSvc
    displayname: Windows Firewall
    Name: Netman
    displayname: Network Connections
    Name: netprofm
    displayname: Network List Service
    Name: NlaSvc
    displayname: Network Location Awareness
    Name: nsi
    displayname: Network Store Interface Service
    Name: PcaSvc
    displayname: Program Compatibility Assistant Service
    Name: PlugPlay
    displayname: Plug and Play
    Name: Power
    displayname: Power
    Name: ProfSvc
    displayname: User Profile Service
    Name: RpcEptMapper
    displayname: RPC Endpoint Mapper
    Name: RpcSs
    displayname: Remote Procedure Call (RPC)
    Name: SamSs
    displayname: Security Accounts Manager
    Name: SBSDWSCService
    displayname: SBSD Security Center Service
    Name: Schedule
    displayname: Task Scheduler
    Name: SDRSVC
    displayname: Windows Backup
    Name: SeaPort
    displayname: SeaPort
    Name: SENS
    displayname: System Event Notification Service
    Name: ShellHWDetection
    displayname: Shell Hardware Detection
    Name: Spooler
    displayname: Print Spooler
    Name: sprtsvc_DellSupportCenter
    displayname: SupportSoft Sprocket Service (DellSupportCenter)
    Name: SSDPSRV
    displayname: SSDP Discovery
    Name: stisvc
    displayname: Windows Image Acquisition (WIA)
    Name: SysMain
    displayname: Superfetch
    Name: TermService
    displayname: Remote Desktop Services
    Name: Themes
    displayname: Themes
    Name: TrkWks
    displayname: Distributed Link Tracking Client
    Name: UxSms
    displayname: Desktop Window Manager Session Manager
    Name: vds
    displayname: Virtual Disk
    Name: WDDMService
    displayname: WDDMService
    Name: WDFME
    displayname: WD File Management Engine
    Name: WdiServiceHost
    displayname: Diagnostic Service Host
    Name: WdiSystemHost
    displayname: Diagnostic System Host
    Name: WDSC
    displayname: WD File Management Shadow Engine
    Name: WinDefend
    displayname: Windows Defender
    Name: WinHttpAutoProxySvc
    displayname: WinHTTP Web Proxy Auto-Discovery Service
    Name: Winmgmt
    displayname: Windows Management Instrumentation
    Name: WMPNetworkSvc
    displayname: Windows Media Player Network Sharing Service
    Name: WPDBusEnum
    displayname: Portable Device Enumerator Service
    Name: wscsvc
    displayname: Security Center
    Name: WSearch
    displayname: Windows Search
    Name: wuauserv
    displayname: Windows Update
    Name: wudfsvc
    displayname: Windows Driver Foundation - User-mode Driver Framework

  5. #5
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,498

    Default

    Sorry Blade, I must have been half asleep when I replied earlier.
    No problem

    Let Ad-Aware remove its finding (delete c:\users\dell xps andy\downloads\ilividsetupv1.exe manually if needed). Any symptoms with the system?
    Microsoft MVP Consumer Security 2008-2014
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #6
    Member
    Join Date
    Feb 2008
    Posts
    60

    Default Thanks Blade

    Sorry for the delay in responding. I did as you suggested and all seems to be working well. Thanks again for providing this awesome service.

  7. #7
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,498

    Thumbs up You're welcome

    Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

    Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

    If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
    Microsoft MVP Consumer Security 2008-2014
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •