PDA

View Full Version : Fraud.Facebook.Messenger



sing4us
2012-07-06, 04:28
Spbot S&D detected this on my computer but could not remove it. Cannot find the files as described in the Manual Removal Guide for Fraud.Facebook.Messenger. Thank you in advance for any help.

DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by j at 21:10:39 on 2012-07-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9789 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
F:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
F:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;<local>
mWinlogon: Userinit=userinit.exe
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Steam] "F:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\j\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "F:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
StartupFolder: C:\Users\j\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - F:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{02076537-BADA-42FB-B56A-D7D66AB8798B} : DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{EBAE774C-CC97-40BF-9373-E4C06B121D07} : DhcpNameServer = 192.168.1.1 71.252.0.12
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "F:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\j\AppData\Roaming\Mozilla\Firefox\Profiles\geanyyh1.default\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\j\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-7-3 469136]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-4 1262400]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-24 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rzjoystk;Razer VJoystick;C:\Windows\system32\DRIVERS\rzjoystk.sys --> C:\Windows\system32\DRIVERS\rzjoystk.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S0 acs6nts;acs6nts;C:\Windows\system32\DRIVERS\acs6nts.sys --> C:\Windows\system32\DRIVERS\acs6nts.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
S3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
.
=============== Created Last 30 ================
.
2012-07-06 01:10:14 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{974EC4C1-FD3E-4836-A89A-C8150E1A8A96}\mpengine.dll
2012-07-05 01:21:01 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-07-05 01:21:01 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-07-05 01:21:01 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-07-05 01:21:01 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-07-05 01:21:01 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-07-05 01:21:01 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-07-05 00:08:00 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-03 13:50:09 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{788FCD2C-68F3-49B1-A3AE-05F1583A6960}\gapaengine.dll
2012-06-26 04:21:34 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-26 04:21:34 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-23 06:26:42 -------- d-----w- C:\Users\j\AppData\Local\SCE
2012-06-22 03:54:04 -------- d-----w- C:\Users\j\AppData\Local\Chromium
2012-06-21 05:13:55 -------- d-----w- C:\Users\j\AppData\Roaming\fltk.org
2012-06-21 05:13:55 -------- d-----w- C:\ProgramData\fltk.org
2012-06-19 02:50:16 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 02:50:11 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 02:50:07 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 02:50:07 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-14 01:11:28 -------- d-----w- C:\Users\j\AppData\Local\Macromedia
2012-06-11 22:10:41 -------- d-----w- C:\Users\j\AppData\Roaming\Braid
2012-06-10 03:32:31 -------- d-----w- C:\Users\j\AppData\Roaming\LoneSurvivor
.
==================== Find3M ====================
.
2012-07-05 00:01:42 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 00:01:42 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-19 14:36:03 45320 ----a-w- C:\Windows\SysWow64\certsentry.dll
2012-05-19 14:35:33 54024 ----a-w- C:\Windows\System32\certsentry.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-16 18:25:18 249856 ------w- C:\Windows\Setup1.exe
2012-05-16 18:25:17 73216 ----a-w- C:\Windows\ST6UNST.EXE
2012-05-16 18:14:18 2829 ----a-w- C:\Windows\DIIUnin.pif
2012-05-16 18:14:17 94208 ----a-w- C:\Windows\DIIUnin.exe
2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-14 05:56:11 2829 ----a-w- C:\Windows\DiabUnin.pif
2012-05-14 05:56:11 118784 ----a-w- C:\Windows\DiabUnin.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 03:45:29 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-05-02 03:45:29 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
.
============= FINISH: 21:12:12.82 ===============


Spybot S&D Log:

--- Report generated: 2012-07-05 00:39 ---

Fraud.Facebook.Messenger: [SBI $63375265] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-360905244-1516868902-3729268617-1000\Software\Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}

Fraud.Facebook.Messenger: [SBI $9191B288] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-360905244-1516868902-3729268617-1000\Software\Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}

Fraud.Facebook.Messenger: [SBI $6D1029B1] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-360905244-1516868902-3729268617-1000\Software\Classes\FacebookUpdate.OnDemandCOMClassUser

Fraud.Facebook.Messenger: [SBI $7F45EA00] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-360905244-1516868902-3729268617-1000\Software\Classes\FacebookUpdate.OnDemandCOMClassUser.1.0

Fraud.Facebook.Messenger: [SBI $59117437] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-360905244-1516868902-3729268617-1000\Software\Facebook

Fraud.Facebook.Messenger: [SBI $62F77180] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}

Fraud.Facebook.Messenger: [SBI $9051916D] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}

Fraud.Facebook.Messenger: [SBI $573FFD1B] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{132885F2-8DE9-40F2-BEAE-1B31FDBAB159}

Fraud.Facebook.Messenger: [SBI $BAA66334] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3B692A7D-330E-4388-A955-724500AC0BC5}

Fraud.Facebook.Messenger: [SBI $C061D222] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{649D9E01-9847-4EE9-9145-2CB4BC8298D0}

Fraud.Facebook.Messenger: [SBI $6B188C64] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{71692661-DCBA-484A-BD41-A39404532B52}

Fraud.Facebook.Messenger: [SBI $D849531E] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B72C7377-0AA5-4F52-BDA2-85C4D1DB930E}

Fraud.Facebook.Messenger: [SBI $06D47759] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D0843545-5E7C-4C6D-B4E2-05948F759440}

Fraud.Facebook.Messenger: [SBI $CBFA731D] Autorun settings (Facebook Update) (Registry value, nothing done)
HKEY_USERS\S-1-5-21-360905244-1516868902-3729268617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Facebook Update

Fraud.Facebook.Messenger: [SBI $CBFA731D] Program file (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\FacebookUpdate.exe
Properties.size=137536
Properties.md5=FCC7C432FBF465C38FD5D940580EF9B7
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $917BFFAB] Program directory (Directory, nothing done)
C:\Users\j\AppData\Local\Facebook\

Fraud.Facebook.Messenger: [SBI $21F6393C] Program directory (Directory, nothing done)
C:\Users\j\AppData\Local\Facebook\CrashReports\

Fraud.Facebook.Messenger: [SBI $05D5B32B] Program directory (Directory, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\

Fraud.Facebook.Messenger: [SBI $32DFB147] Program directory (Directory, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\

Fraud.Facebook.Messenger: [SBI $A3326F91] Executable (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe
Properties.size=137536
Properties.md5=FCC7C432FBF465C38FD5D940580EF9B7
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $0882F4BD] Executable (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdate.exe
Properties.size=137536
Properties.md5=FCC7C432FBF465C38FD5D940580EF9B7
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $1A9E005F] Executable (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdateHelper.msi
Properties.size=26112
Properties.md5=2377EBEE9CEF900891BBC13B0A00BFD3
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $1E22B0D0] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdate.dll
Properties.size=686912
Properties.md5=5F3D08EB54D3B707290874E2A2541096
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $C0703DE7] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ar.dll
Properties.size=25920
Properties.md5=0CAF2E8332BBC22091E1C761D4199884
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $BF28B1AC] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bg.dll
Properties.size=28992
Properties.md5=1301F1EF03AEEB2841C042A82587D690
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $26437A43] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bn.dll
Properties.size=27968
Properties.md5=91450D0B9324C6FAADCDF609EBCDFDC3
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $8B3E4A60] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ca.dll
Properties.size=28480
Properties.md5=9237D534E09BBA16D2183EC7201A9DB6
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $0756FB5C] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_cs.dll
Properties.size=27968
Properties.md5=676DF9C1DF1206B6DCDD704C02352FD5
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $B5F3B0C0] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_da.dll
Properties.size=27968
Properties.md5=1BEA12019302AFCEF66357A5D52C0DD9
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $83DB18A1] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_de.dll
Properties.size=29504
Properties.md5=CB0077D51823AEC6D088BF046EA6C412
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $741C9662] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_el.dll
Properties.size=30016
Properties.md5=DB9ADAC98D8FA91617C39DC5CEF7324A
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $76470121] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en.dll
Properties.size=26944
Properties.md5=569A65D848C81102ED818D851CF9960F
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $106AA51F] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en-GB.dll
Properties.size=26944
Properties.md5=ACE7A4B51E2847BF93DDEAE1FBD304BF
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $8D93C0F6] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es.dll
Properties.size=29504
Properties.md5=FD27B889574854AF48E348B520C206A9
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $74BEB732] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es-419.dll
Properties.size=27968
Properties.md5=76C3D735D7705272796838F7A630B4E2
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $DC577C1A] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_et.dll
Properties.size=27456
Properties.md5=3492BAFEDC0BD78F123D2608DD01AC96
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $A60470A4] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fa.dll
Properties.size=26432
Properties.md5=25A0AED23D27401C73F552EF51EF6C41
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $5EED0071] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fi.dll
Properties.size=27968
Properties.md5=BEAFA1C2200B45434A142CE554EEAF67
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $D4A718C0] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fil.dll
Properties.size=28992
Properties.md5=B8443EC747041AA2A50399FECB56529F
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $BAE04299] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fr.dll
Properties.size=29504
Properties.md5=FC8325C5133F673210DFF23F88DF773D
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $F886BE43] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_gu.dll
Properties.size=27968
Properties.md5=A6B28F6991DA351003216446AE63FF50
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $FF8E3203] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hi.dll
Properties.size=27456
Properties.md5=C07627A9082B1E549CC3B0594FCCCC60
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $3B312B40] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hr.dll
Properties.size=28480
Properties.md5=7077EF57E58100A63EDB06C0FE6F5B2F
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $393A33D7] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hu.dll
Properties.size=28992
Properties.md5=AFD971D685FF8E9C22252988E3FA827C
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:45

Fraud.Facebook.Messenger: [SBI $E77DA7B5] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_id.dll
Properties.size=27456
Properties.md5=92F468CFB0C30BFA86665111F481EC18
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $088D8DA7] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_is.dll
Properties.size=27456
Properties.md5=2301B129B0390FDC4B8CEA00C6D2EF8A
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $08310182] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_it.dll
Properties.size=28992
Properties.md5=E8CAE66666DC4776365CD4C4907735A4
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $07BD1032] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_iw.dll
Properties.size=24896
Properties.md5=2BA1866ACD2F3A8D154A2E8033F063C6
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $E72DF6E1] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ja.dll
Properties.size=23360
Properties.md5=13275AA919F107C81B9EDD6998D71A5C
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $E0CD0DB6] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_kn.dll
Properties.size=27456
Properties.md5=BCD36EE98BD650D1E006718850A4D83D
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $D87129DB] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ko.dll
Properties.size=23360
Properties.md5=DE40A67E948F717448169061C80E4135
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $C67188F9] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lt.dll
Properties.size=27456
Properties.md5=3F9039DBABE3A6D2025B635805734049
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $1769D961] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lv.dll
Properties.size=28480
Properties.md5=56E5B97361F9E7F071E022113239EFC8
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $AE8C6D31] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ml.dll
Properties.size=30528
Properties.md5=B9BB000B3E248388CD3F425881BF8022
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $19F00E02] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_mr.dll
Properties.size=27456
Properties.md5=153D4BC8C96E8E49CB928C15A4391463
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $53C9C6EB] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ms.dll
Properties.size=27456
Properties.md5=5B65952605E1A89ADAF595B11A2F0621
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $2278A514] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_nl.dll
Properties.size=28992
Properties.md5=AF9979F2403DCDC3343C53A802D49AA3
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $EC3384E4] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_no.dll
Properties.size=27968
Properties.md5=CEF23029D93B7D844F4CC3E698D24A0D
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $E182BA82] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_or.dll
Properties.size=27968
Properties.md5=32B23EBAD11BB8DEEA59BB1828BE72A0
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $75268DF5] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pl.dll
Properties.size=28992
Properties.md5=A3C6757434FCE8512ACEC595365D29F4
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $14190684] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-BR.dll
Properties.size=28480
Properties.md5=F5EF1BF9D63CF68732974A77B9B576FE
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $B08CE60A] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-PT.dll
Properties.size=27968
Properties.md5=34E194593ADC90B2686E6A517FE9AC7A
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $DCC31BFF] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ro.dll
Properties.size=28992
Properties.md5=0F4B75BAA342E5BE3C421AF1F961B05F
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $A8509526] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ru.dll
Properties.size=27456
Properties.md5=59F29A804A73FEBFB9EA079430E0CE37
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $38F645A4] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sk.dll
Properties.size=27968
Properties.md5=C2AC21C45EF1E8E45E99A1F2DEF50BAD
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $DF4D0F89] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sl.dll
Properties.size=28480
Properties.md5=4C4E873787DB4323A128B95A1A50B739
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $EE9C755B] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sr.dll
Properties.size=27968
Properties.md5=67A25E2599D155908AD979594F613A7A
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $108B17A1] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sv.dll
Properties.size=27456
Properties.md5=4BD4C281B6F69DADB6A3791139D111F4
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $F468730F] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ta.dll
Properties.size=28992
Properties.md5=A4BA3B15244DA0766D34CAA35F20B7FC
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $83B2CCCB] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_te.dll
Properties.size=28480
Properties.md5=0C9AD2C2D90322A10470B478FED4F771
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $06C3B288] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_th.dll
Properties.size=26432
Properties.md5=271ACC5FF8F6592DACAA75E2168D886A
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $1164144A] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_tr.dll
Properties.size=27968
Properties.md5=9C95CC2930EFB25E71B5CCC455596F39
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $2B79FAC0] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_uk.dll
Properties.size=27968
Properties.md5=300447CCC836FB2334E65A1E69022B99
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $231F51C3] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ur.dll
Properties.size=27456
Properties.md5=48FFD635FA2D9231A77C337D2F08C238
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $B1399BFD] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_vi.dll
Properties.size=26944
Properties.md5=D8134527C83DA7E7AA24AF6DE192452F
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $BDCB35F1] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-CN.dll
Properties.size=21312
Properties.md5=F3D8E8ECE88065BEC19C7F66C95DAF87
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $7B14CC0D] Library (File, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-TW.dll
Properties.size=21312
Properties.md5=D2848BC8A517A9D8CF53EEB330DCD2D0
Properties.filedate=1332127726
Properties.filedatetext=2012-03-18 23:28:46

Fraud.Facebook.Messenger: [SBI $CC858234] Program directory (Directory, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\Download\

Fraud.Facebook.Messenger: [SBI $EA825272] Program directory (Directory, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\Manifest\

Fraud.Facebook.Messenger: [SBI $EB8149C2] Program directory (Directory, nothing done)
C:\Users\j\AppData\Local\Facebook\Update\Manifest\Initial\


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-12-24 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-07-03 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-06-19 Includes\Hijackers.sbi (*)
2012-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-06-18 Includes\Malware.sbi (*)
2012-07-03 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-06-20 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-06-19 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-05-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-07-02 Includes\TrojansC-02.sbi (*)
2012-06-21 Includes\TrojansC-03.sbi (*)
2012-06-25 Includes\TrojansC-04.sbi (*)
2012-05-23 Includes\TrojansC-05.sbi (*)
2012-07-03 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Blade81
2012-07-13, 14:49
Hi,

If help still needed post fresh dds logs.

sing4us
2012-07-14, 03:22
Hello,

I do not know if this is relevant, but ERUNT was unable to make backups, and Spybot has been unable to detect the Trojan since the first time.

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by j at 20:15:41 on 2012-07-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.10171 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
F:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
F:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;<local>
mWinlogon: Userinit=userinit.exe
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Steam] "F:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\j\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "F:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mRunOnce: [Malwarebytes Anti-Malware] F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\j\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - F:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{02076537-BADA-42FB-B56A-D7D66AB8798B} : DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{EBAE774C-CC97-40BF-9373-E4C06B121D07} : DhcpNameServer = 192.168.1.1 71.252.0.12
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "F:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mRunOnce-x64: [Malwarebytes Anti-Malware] F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\j\AppData\Roaming\Mozilla\Firefox\Profiles\geanyyh1.default\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\j\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-7-3 469136]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-4 1262400]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-24 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rzjoystk;Razer VJoystick;C:\Windows\system32\DRIVERS\rzjoystk.sys --> C:\Windows\system32\DRIVERS\rzjoystk.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S0 acs6nts;acs6nts;C:\Windows\system32\DRIVERS\acs6nts.sys --> C:\Windows\system32\DRIVERS\acs6nts.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 250056]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
S3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
.
=============== Created Last 30 ================
.
2012-07-11 20:40:05 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 19:05:10 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 18:59:26 -------- d--h--w- C:\ProgramData\Common Files
2012-07-11 18:59:26 -------- d-----w- C:\ProgramData\MFAData
2012-07-06 01:10:14 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{974EC4C1-FD3E-4836-A89A-C8150E1A8A96}\mpengine.dll
2012-07-05 01:21:01 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-07-05 01:21:01 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-07-05 01:21:01 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-07-05 01:21:01 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-07-05 01:21:01 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-07-05 01:21:01 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-07-05 00:08:00 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-03 13:50:09 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{788FCD2C-68F3-49B1-A3AE-05F1583A6960}\gapaengine.dll
2012-06-26 04:21:34 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-26 04:21:34 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-23 06:26:42 -------- d-----w- C:\Users\j\AppData\Local\SCE
2012-06-22 03:54:04 -------- d-----w- C:\Users\j\AppData\Local\Chromium
2012-06-21 05:13:55 -------- d-----w- C:\Users\j\AppData\Roaming\fltk.org
2012-06-21 05:13:55 -------- d-----w- C:\ProgramData\fltk.org
2012-06-19 02:50:16 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 02:50:11 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 02:50:07 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 02:50:07 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-14 01:11:28 -------- d-----w- C:\Users\j\AppData\Local\Macromedia
.
==================== Find3M ====================
.
2012-07-14 00:13:38 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-14 00:13:38 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-19 14:36:03 45320 ----a-w- C:\Windows\SysWow64\certsentry.dll
2012-05-19 14:35:33 54024 ----a-w- C:\Windows\System32\certsentry.dll
2012-05-16 18:25:18 249856 ------w- C:\Windows\Setup1.exe
2012-05-16 18:25:17 73216 ----a-w- C:\Windows\ST6UNST.EXE
2012-05-16 18:14:18 2829 ----a-w- C:\Windows\DIIUnin.pif
2012-05-16 18:14:17 94208 ----a-w- C:\Windows\DIIUnin.exe
2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-14 05:56:11 2829 ----a-w- C:\Windows\DiabUnin.pif
2012-05-14 05:56:11 118784 ----a-w- C:\Windows\DiabUnin.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 03:45:29 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-05-02 03:45:29 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 20:17:40.96 ===============

Blade81
2012-07-14, 10:33
Hi,


I do not know if this is relevant, but ERUNT was unable to make backups, and Spybot has been unable to detect the Trojan since the first time.
ERUNT issue can be ignored. It seems either Spybot or some other program removed the problem if it's not showing up in scans anymore.


Are you able to update Microsoft Security Essentials? It shows as outdated.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 7 Update 5 (http://www.oracle.com/technetwork/java/javase/downloads/index.html).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.


* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.



Post back its report & a fresh dds.txt log.

sing4us
2012-07-14, 22:32
Hello,

Here are the results.

ESET:
C:\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger14.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger14.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger14.zip Win32/Bagle.gen.zip worm


DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by j at 15:26:24 on 2012-07-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.8566 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
F:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
F:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;<local>
mWinlogon: Userinit=userinit.exe
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Steam] "F:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\j\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "F:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\j\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - F:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{02076537-BADA-42FB-B56A-D7D66AB8798B} : DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{EBAE774C-CC97-40BF-9373-E4C06B121D07} : DhcpNameServer = 192.168.1.1 71.252.0.12
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "F:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\j\AppData\Roaming\Mozilla\Firefox\Profiles\geanyyh1.default\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\j\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\NPSWF32.dll
FF - plugin: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-7-3 469136]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-4 1262400]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-24 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rzjoystk;Razer VJoystick;C:\Windows\system32\DRIVERS\rzjoystk.sys --> C:\Windows\system32\DRIVERS\rzjoystk.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S0 acs6nts;acs6nts;C:\Windows\system32\DRIVERS\acs6nts.sys --> C:\Windows\system32\DRIVERS\acs6nts.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 250056]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
S3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
.
=============== Created Last 30 ================
.
2012-07-14 18:09:00 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-14 18:07:31 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-07-14 18:07:31 839152 ----a-w- C:\Windows\System32\deployJava1.dll
2012-07-14 18:02:54 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-14 18:00:05 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E74CF779-E89D-4E33-8BBB-E8DB98C7865A}\mpengine.dll
2012-07-14 04:37:42 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-11 20:40:05 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 19:05:10 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 18:59:26 -------- d--h--w- C:\ProgramData\Common Files
2012-07-11 18:59:26 -------- d-----w- C:\ProgramData\MFAData
2012-07-05 01:21:01 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-07-05 01:21:01 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-07-05 01:21:01 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-07-05 01:21:01 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-07-05 01:21:01 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-07-05 01:21:01 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-07-03 13:50:09 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{788FCD2C-68F3-49B1-A3AE-05F1583A6960}\gapaengine.dll
2012-06-26 04:21:34 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-26 04:21:34 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-23 06:26:42 -------- d-----w- C:\Users\j\AppData\Local\SCE
2012-06-22 03:54:04 -------- d-----w- C:\Users\j\AppData\Local\Chromium
2012-06-21 05:13:55 -------- d-----w- C:\Users\j\AppData\Roaming\fltk.org
2012-06-21 05:13:55 -------- d-----w- C:\ProgramData\fltk.org
2012-06-19 02:50:16 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 02:50:11 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 02:50:07 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 02:50:07 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-14 00:13:38 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-14 00:13:38 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-19 14:36:03 45320 ----a-w- C:\Windows\SysWow64\certsentry.dll
2012-05-19 14:35:33 54024 ----a-w- C:\Windows\System32\certsentry.dll
2012-05-16 18:25:18 249856 ------w- C:\Windows\Setup1.exe
2012-05-16 18:25:17 73216 ----a-w- C:\Windows\ST6UNST.EXE
2012-05-16 18:14:18 2829 ----a-w- C:\Windows\DIIUnin.pif
2012-05-16 18:14:17 94208 ----a-w- C:\Windows\DIIUnin.exe
2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-14 05:56:11 2829 ----a-w- C:\Windows\DiabUnin.pif
2012-05-14 05:56:11 118784 ----a-w- C:\Windows\DiabUnin.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 03:45:29 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-05-02 03:45:29 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 15:28:14.53 ===============

Blade81
2012-07-14, 23:59
Hi,

Go to C:\Documents and Settings\All Users\Spybot - Search & Destroy\Recovery folder and delete FraudFacebookMessenger14.zip file.

Then go to C:\ProgramData\Spybot - Search & Destroy\Recovery folder and delete FraudFacebookMessenger14.zip.

Finally, go to C:\Users\All Users\Spybot - Search & Destroy\Recovery folder and delete FraudFacebookMessenger14.zip file.

Any issues left?

sing4us
2012-07-15, 05:38
Hello,

I don't know if it's relevant, but after I deleted FraudFacebookMessenger14.zip from the first location, it was not present in the other directories. Ran ESET and no problems were detected.

Hope I'm in the clear. Thank you very much for your help.

Blade81
2012-07-15, 15:41
Let's see the final steps :)


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.



Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

sing4us
2012-07-17, 19:42
Hello,

Followed all of your instructions, and scans aren't finding anything. Computer also seems to be running fine. Thank you for your help!

Blade81
2012-07-17, 22:25
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.