savanna
2012-03-26, 03:46
I have some sort of virus that’s infected my machine that initially displayed a message about the computer needing a scan. I know I wasn’t supposed to, but out of desperation I ran Spybot, MalwareBytes, TDSSKiller, Eset, and finally Combo-Fix. I used Safe Mode whenever I could. Eset found something called “Virus.Win32.Rloader.a” and Malwarebytes found something called “Virus.Rloader” and three instances of “Heuristics.Reserved.Word.Exploit”. All were removed.
At least now the computer is usable, but I don’t think it’s fully fixed yet. My desktop has lost its original background setting and the TCIP/IP DNS Server settings keep reverting back to a specific value after I set it to automatic and then reboot.
I think it needs a good cleaning with the help of an expert.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Bob at 19:36:39 on 2012-03-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1296 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MiMedia LLC\MiMedia\MiMedia.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe
C:\Program Files\Expedia\Expedia Fare Alert 2.1\ExpediaFareAlert.exe
svchost.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sendori\SendoriSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\Winword.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = c:\program files\common files\microsoft shared\stationery\Blank.htm
uStart Page = hxxp://twitter.com/
uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10211&home=1
mLocal Page = c:\program files\common files\microsoft shared\stationery\Blank.htm
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
mURLSearchHooks: H - No File
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\devices.exe" -RESTART
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [mylbx] c:\program files\my lockbox\mylbx.exe /a
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\aquari~1.lnk - c:\program files\aquarius soft\pc alarm clock pro\alarm.exe
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\expedi~1.lnk - c:\program files\expedia\expedia fare alert 2.1\ExpediaFareAlert.exe
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mimedia.lnk - c:\program files\mimedia llc\mimedia\MiMedia.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151}
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1F50389D-8DEA-49E5-9593-FA09ACC3563A} : NameServer = 216.146.35.240,216.146.36.240,192.168.1.1
TCP: Interfaces\{1F50389D-8DEA-49E5-9593-FA09ACC3563A} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\vw9a9lod.default\
FF - prefs.js: browser.search.selectedEngine - Complitly
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\bob\application data\mozilla\firefox\profiles\vw9a9lod.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\NPDOC.DLL
FF - plugin: c:\program files\netscape\navigator\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\npdsplay.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\NPJPI142_06.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\nppl3260.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\nprfxins.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\nprjplug.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\npyacs.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2011-4-6 41912]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-5 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-7-13 47640]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Sendori;Sendori;c:\program files\sendori\SendoriSvc.exe [2011-8-5 98168]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-4 5120]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-5-10 127496]
S0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys --> c:\windows\system32\drivers\avgarkt.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\avgarcln.sys --> c:\windows\system32\drivers\AvgArCln.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest home edition\kerneld.wnt [2005-8-18 7168]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys --> c:\windows\system32\drivers\nlndis.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys --> c:\windows\system32\drivers\nlndis.sys [?]
S3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-03-25 20:47:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-25 20:40:25 -------- d-----w- C:\!! Ant-Virus Temp
2012-03-25 16:13:58 98816 ----a-w- c:\windows\sed.exe
2012-03-25 16:13:58 518144 ----a-w- c:\windows\SWREG.exe
2012-03-25 16:13:58 256000 ----a-w- c:\windows\PEV.exe
2012-03-25 16:13:58 208896 ----a-w- c:\windows\MBR.exe
2012-03-25 13:26:39 -------- d-----w- c:\documents and settings\bob\application data\Seh
2012-03-25 13:26:39 -------- d-----w- c:\documents and settings\bob\application data\Octy
2012-03-20 16:34:51 -------- d-----w- C:\TradeStation Brokerage
2012-03-19 17:09:18 -------- d-----w- c:\documents and settings\bob\local settings\application data\{4633C16E-71E6-11E1-826D-B8AC6F996F26}
2012-03-17 10:44:11 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-17 10:44:11 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-12 17:11:18 -------- d-----w- c:\documents and settings\bob\application data\Openworld Learning
2012-03-12 17:07:58 -------- d-----w- C:\flashdigger
2012-03-10 12:09:05 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-03-10 12:09:05 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-03-10 12:09:04 818104 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-03-10 12:09:04 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-03-10 12:09:04 441272 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-03-10 12:09:04 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-03-10 12:09:04 1969080 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2012-03-10 12:09:04 16312 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2012-03-10 12:09:04 101304 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-03-10 12:09:03 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-03-10 12:09:03 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-03-09 14:12:36 121208 -c--a-w- c:\windows\system32\drivers\AnyDVD.sys
2012-03-05 22:27:37 -------- d-----w- c:\documents and settings\bob\application data\SendBlaster2
.
==================== Find3M ====================
.
2012-03-25 20:49:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-03-11 12:14:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-02-01 01:45:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-01 01:44:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-12-28 23:38:47 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-03 16:43:23 8410624 ----a-w- c:\program files\HTML Guardian 7.msi
.
============= FINISH: 19:38:05.73 ===============
At least now the computer is usable, but I don’t think it’s fully fixed yet. My desktop has lost its original background setting and the TCIP/IP DNS Server settings keep reverting back to a specific value after I set it to automatic and then reboot.
I think it needs a good cleaning with the help of an expert.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Bob at 19:36:39 on 2012-03-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1296 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MiMedia LLC\MiMedia\MiMedia.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe
C:\Program Files\Expedia\Expedia Fare Alert 2.1\ExpediaFareAlert.exe
svchost.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sendori\SendoriSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\Winword.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = c:\program files\common files\microsoft shared\stationery\Blank.htm
uStart Page = hxxp://twitter.com/
uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10211&home=1
mLocal Page = c:\program files\common files\microsoft shared\stationery\Blank.htm
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
mURLSearchHooks: H - No File
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\devices.exe" -RESTART
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [mylbx] c:\program files\my lockbox\mylbx.exe /a
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\aquari~1.lnk - c:\program files\aquarius soft\pc alarm clock pro\alarm.exe
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\expedi~1.lnk - c:\program files\expedia\expedia fare alert 2.1\ExpediaFareAlert.exe
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mimedia.lnk - c:\program files\mimedia llc\mimedia\MiMedia.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151}
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1F50389D-8DEA-49E5-9593-FA09ACC3563A} : NameServer = 216.146.35.240,216.146.36.240,192.168.1.1
TCP: Interfaces\{1F50389D-8DEA-49E5-9593-FA09ACC3563A} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\vw9a9lod.default\
FF - prefs.js: browser.search.selectedEngine - Complitly
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\bob\application data\mozilla\firefox\profiles\vw9a9lod.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\NPDOC.DLL
FF - plugin: c:\program files\netscape\navigator\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\npdsplay.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\NPJPI142_06.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\nppl3260.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\nprfxins.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\nprjplug.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\npyacs.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2011-4-6 41912]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-5 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-7-13 47640]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Sendori;Sendori;c:\program files\sendori\SendoriSvc.exe [2011-8-5 98168]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-4 5120]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-5-10 127496]
S0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys --> c:\windows\system32\drivers\avgarkt.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\avgarcln.sys --> c:\windows\system32\drivers\AvgArCln.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest home edition\kerneld.wnt [2005-8-18 7168]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys --> c:\windows\system32\drivers\nlndis.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys --> c:\windows\system32\drivers\nlndis.sys [?]
S3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-03-25 20:47:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-25 20:40:25 -------- d-----w- C:\!! Ant-Virus Temp
2012-03-25 16:13:58 98816 ----a-w- c:\windows\sed.exe
2012-03-25 16:13:58 518144 ----a-w- c:\windows\SWREG.exe
2012-03-25 16:13:58 256000 ----a-w- c:\windows\PEV.exe
2012-03-25 16:13:58 208896 ----a-w- c:\windows\MBR.exe
2012-03-25 13:26:39 -------- d-----w- c:\documents and settings\bob\application data\Seh
2012-03-25 13:26:39 -------- d-----w- c:\documents and settings\bob\application data\Octy
2012-03-20 16:34:51 -------- d-----w- C:\TradeStation Brokerage
2012-03-19 17:09:18 -------- d-----w- c:\documents and settings\bob\local settings\application data\{4633C16E-71E6-11E1-826D-B8AC6F996F26}
2012-03-17 10:44:11 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-17 10:44:11 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-12 17:11:18 -------- d-----w- c:\documents and settings\bob\application data\Openworld Learning
2012-03-12 17:07:58 -------- d-----w- C:\flashdigger
2012-03-10 12:09:05 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-03-10 12:09:05 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-03-10 12:09:04 818104 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-03-10 12:09:04 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-03-10 12:09:04 441272 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-03-10 12:09:04 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-03-10 12:09:04 1969080 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2012-03-10 12:09:04 16312 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2012-03-10 12:09:04 101304 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-03-10 12:09:03 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-03-10 12:09:03 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-03-09 14:12:36 121208 -c--a-w- c:\windows\system32\drivers\AnyDVD.sys
2012-03-05 22:27:37 -------- d-----w- c:\documents and settings\bob\application data\SendBlaster2
.
==================== Find3M ====================
.
2012-03-25 20:49:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-03-11 12:14:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-02-01 01:45:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-01 01:44:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-12-28 23:38:47 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-03 16:43:23 8410624 ----a-w- c:\program files\HTML Guardian 7.msi
.
============= FINISH: 19:38:05.73 ===============