PDA

View Full Version : Spybot is saying Possibly Malicious URL


jpittman
2012-10-07, 07:29
I thought I had cleared off a virus that had infected me, but there is still remenants. I had used the FixComb back last week on my own (I know now I should have just come here instead).

When I type in a search phrase on IE, I get Spybot popping up a dialog saying that it has detected a Possibly Malicious URL. I select Deny, but I think other family members have just ignored it. Spybot is coming up clean when doing the scan.

Here is dds.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Battlefield at 21:29:18 on 2012-10-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16346.9917 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Spybot - Search and Destroy *Enabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe
C:\Program Files\epson\portcommunicationservice\PCSVC.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\KEEBOX\150N Wireless Utility\ANIWConnService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Windows\DAODx.exe
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe
C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\KEEBOX\150N Wireless Utility\WlanMon.exe
C:\Program Files (x86)\KEEBOX\150N Wireless Utility\WZCSLDR2.exe
C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Adobe\Adobe Help\Adobe Help.exe
C:\Program Files (x86)\Adobe\Adobe Edge Inspect\EdgeInspect.exe
C:\Windows\system32\taskhost.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Users\Battlefield\AppData\Local\Apps\2.0\P6H2Q32J.EYW\0V96DPDH.G0N\mast..tion_b23709a01a902614_0001.0000_add0a8c8f0748209\Master Client.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN19Q1R25P05KF:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [RCUI] "C:\PROGRA~2\RINGCE~1\RINGCE~1\RCUI.exe"
uRun: [RCHotKey] "C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe"
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [AdobeBridge]
mRun: [KEEBOX 150N Wireless Utility] C:\Program Files (x86)\KEEBOX\150N Wireless Utility\WlanMon.exe
mRun: [WZCSLDR2] C:\Program Files (x86)\KEEBOX\150N Wireless Utility\WZCSLDR2.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Battlefield\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SignageController.bat
StartupFolder: C:\Users\BATTLE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SIGNAG~1.LNK - C:\Program Files (x86)\SignagePlayer\SignagePlayer.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SELECT~1.LNK - C:\Program Files\EPSON\TMCommandEmulator\PopupWindow.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDQUIC~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WDDMStatus.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
Trusted Zone: houstondogtags.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 75.75.75.75
TCP: Interfaces\{5E6EDCD9-41B9-471A-9F74-AE95EF4B6233} : DhcpNameServer = 8.8.8.8 8.8.4.4 75.75.75.75
TCP: Interfaces\{CE60960A-05CC-4685-B18F-B63497DE832F} : DhcpNameServer = 8.8.8.8 8.8.4.4 75.75.75.75
TCP: Interfaces\{CE60960A-05CC-4685-B18F-B63497DE832F}\34963736F63313136323 : DhcpNameServer = 192.168.1.254 192.168.0.1
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [KEEBOX 150N Wireless Utility] C:\Program Files (x86)\KEEBOX\150N Wireless Utility\WlanMon.exe
mRun-x64: [WZCSLDR2] C:\Program Files (x86)\KEEBOX\150N Wireless Utility\WZCSLDR2.exe
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Battlefield\AppData\Roaming\Mozilla\Firefox\Profiles\yvro0wpn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\system32\DRIVERS\AiChargerPlus.sys --> C:\Windows\system32\DRIVERS\AiChargerPlus.sys [?]
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\system32\DRIVERS\anodlwfx.sys --> C:\Windows\system32\DRIVERS\anodlwfx.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-1 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-11-1 586880]
R2 EPSON_Device_Control_Log_Service;EPSON Device Control Log Service;C:\Program Files\EPSON\portcommunicationservice\DeviceControlLog.exe [2012-6-22 395776]
R2 EPSON_Port_Communication_Service;EPSON Port Communication Service;C:\Program Files\EPSON\portcommunicationservice\PCSVC.exe [2012-6-22 584704]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-10-28 517632]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R2 Nonbrand_WUS-N_WPS;Nonbrand_WUS-N_WPS Service;C:\Program Files (x86)\KEEBOX\150N Wireless Utility\ANIWConnService.exe [2011-10-20 53248]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-9-6 1262400]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-6-30 1248256]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-9-20 1074720]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-9-20 1358360]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-9-20 166528]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2011-8-3 828944]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-8-1 317328]
R2 WDFMEService;WDFMEService;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-8-1 1978256]
R2 WDRulesService;WDRulesService;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-8-1 1338256]
R2 WysePocketCloud;Wyse PocketCloud;C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-5-11 177056]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 EPSON_PCS_Parallel_Port_Driver;EPSON PCS Parallel Port Driver;\??\C:\Windows\system32\DRIVERS\pcslpt.sys --> C:\Windows\system32\DRIVERS\pcslpt.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-21 116648]
S2 hasplms;HASP License Manager;C:\Windows\system32\hasplms.exe -run --> C:\Windows\system32\hasplms.exe -run [?]
S2 Nonbrand_WUS-N;Nonbrand_WUS-N Service;C:\Program Files (x86)\KEEBOX\150N Wireless Utility\ANIWZCSdS.exe [2011-10-20 126976]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 250288]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-21 116648]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-11 113120]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 QuickBooksDB21;QuickBooksDB21;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB21 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB21 [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-06 18:37:32 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-06 15:48:51 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0579F3A7-98F8-4B1B-9AE5-0A1BF8AF7592}\mpengine.dll
2012-10-06 03:53:59 -------- d-----w- C:\adobeTemp
2012-10-06 03:43:12 -------- d-----w- C:\Users\Battlefield\AppData\Local\{2112ABBF-D581-4378-8573-810F2D59DEDA}
2012-10-06 03:26:32 -------- d-----w- C:\ProgramData\RIBS
2012-10-06 03:19:05 -------- d-----w- C:\Users\Battlefield\Adobe Flash Builder 4.6
2012-10-06 02:46:57 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2012-10-05 19:44:26 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-10-05 15:49:01 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C2CEE815-68A0-457E-9861-8EF1D8453DD1}\gapaengine.dll
2012-10-05 15:48:49 9308616 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-05 15:43:00 -------- d-----w- C:\Users\Battlefield\AppData\Local\{9151E738-0F4D-407E-A239-EF2904540889}
2012-10-05 03:37:24 -------- d-----w- C:\Users\Battlefield\AppData\Local\{7FD65371-EDBA-4EB5-BFD4-574A06B63B68}
2012-10-04 15:35:59 -------- d-----w- C:\Users\Battlefield\AppData\Local\{2688A202-EA88-4006-AA43-942998540A68}
2012-10-04 03:35:08 -------- d-----w- C:\Users\Battlefield\AppData\Local\{AEC3EA87-1114-4CF1-8D71-9F70151706EA}
2012-10-03 15:34:56 -------- d-----w- C:\Users\Battlefield\AppData\Local\{654FDAA8-B101-4D98-8043-0317365F0A74}
2012-10-03 15:14:15 -------- d-----w- C:\ProgramData\Automatic Duck
2012-10-03 08:12:54 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-03 08:12:53 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{76E55590-35B1-4327-96CE-6B5139ECB176}\gapaengine.dll
2012-10-02 18:52:40 -------- d-----w- C:\Program Files (x86)\SignageStudio
2012-10-02 17:25:54 -------- d-----w- C:\Users\Battlefield\AppData\Local\{A3EF3FF2-1E4E-4531-B0B2-93850DC93720}
2012-10-02 05:24:52 -------- d-----w- C:\Users\Battlefield\AppData\Local\{693A65FA-85F0-4D4C-BD38-1DAA011E1E61}
2012-10-01 17:24:03 -------- d-----w- C:\Users\Battlefield\AppData\Local\{FE8E5342-2501-4607-B21C-7A365A103C31}
2012-10-01 05:23:52 -------- d-----w- C:\Users\Battlefield\AppData\Local\{E8C111C0-4225-4C3F-A022-3AF2050B71B6}
2012-09-30 17:22:50 -------- d-----w- C:\Users\Battlefield\AppData\Local\{F4B1E23A-8EBC-4F9C-A23D-F2AB30A78211}
2012-09-30 05:22:20 -------- d-----w- C:\Users\Battlefield\AppData\Local\{8DBAF2EB-C996-4A71-BD23-10E3DF9D0873}
2012-09-29 17:21:56 -------- d-----w- C:\Users\Battlefield\AppData\Local\{F0491AE3-9E65-4B3C-9068-AAB1F61B6720}
2012-09-29 15:12:29 -------- d-----w- C:\ProgramData\epson
2012-09-29 15:12:25 202240 ----a-w- C:\Windows\System32\EAPApiData.dll
2012-09-29 15:12:25 12288 ----a-w- C:\Windows\System32\EAPDM32.dll
2012-09-29 15:12:25 1133216 ----a-w- C:\Windows\System32\EpsStmApi.dll
2012-09-29 15:12:22 -------- d-----w- C:\Program Files\Common Files\EPSON
2012-09-29 15:12:03 -------- d-----w- C:\Program Files\EPSON
2012-09-29 15:11:56 63096 ----a-w- C:\Windows\System32\drivers\TMUSB64.sys
2012-09-29 15:11:48 475136 ----a-w- C:\Windows\System32\EAPPHPMUI.dll
2012-09-29 15:11:48 235008 ----a-w- C:\Windows\System32\EAPPHPM.dll
2012-09-29 15:11:48 18944 ----a-w- C:\Windows\System32\eaptmco.dll
2012-09-29 15:11:48 148992 ----a-w- C:\Windows\System32\EAPTMLM.dll
2012-09-29 15:11:47 -------- d-----w- C:\Program Files (x86)\EPSON
2012-09-29 14:59:37 -------- d-----w- C:\Program Files (x86)\Network Print Monitor
2012-09-29 14:59:32 306688 ----a-w- C:\Windows\IsUninst.exe
2012-09-29 05:21:05 -------- d-----w- C:\Users\Battlefield\AppData\Local\{622A820F-0309-48B5-93A9-343511261B04}
2012-09-28 17:20:53 -------- d-----w- C:\Users\Battlefield\AppData\Local\{F0206187-23E2-47DE-99FF-F6C641E8BB54}
2012-09-27 14:56:10 -------- d-----w- C:\Users\Battlefield\AppData\Local\{5522BEB5-9714-43E1-A608-A55755CC8B00}
2012-09-27 02:55:08 -------- d-----w- C:\Users\Battlefield\AppData\Local\{CB67CF7C-291D-4BE3-9E49-7ADE44A0BECF}
2012-09-26 14:54:04 -------- d-----w- C:\Users\Battlefield\AppData\Local\{D3CA50E6-E5F6-4EB6-90A3-5422B287F0DF}
2012-09-25 22:52:45 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-25 14:56:49 -------- d-----w- C:\Users\Battlefield\AppData\Local\{B23C015B-1610-4BA6-A43A-0EA83D5D5987}
2012-09-24 17:13:00 -------- d-----w- C:\Users\Battlefield\AppData\Local\{1948E9E1-7BBD-4B65-AFC6-6EB9FE241468}
2012-09-24 05:12:10 -------- d-----w- C:\Users\Battlefield\AppData\Local\{990A2C68-E4A1-4199-91C9-3810223430C0}
2012-09-23 17:11:58 -------- d-----w- C:\Users\Battlefield\AppData\Local\{E74FE0A1-7970-4CBC-B216-B2DE7E15A92E}
2012-09-23 04:37:09 -------- d-----w- C:\Users\Battlefield\AppData\Local\{C7FA9A3B-D27B-4E3D-80AC-CC133886F067}
2012-09-22 16:36:58 -------- d-----w- C:\Users\Battlefield\AppData\Local\{935AE38B-6B6A-4F11-89B0-2D9276BD3891}
2012-09-22 04:36:46 -------- d-----w- C:\Users\Battlefield\AppData\Local\{B7F82F0D-4DB6-46A9-9A07-6752525905D0}
2012-09-22 00:10:11 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-22 00:10:11 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-09-21 16:36:22 -------- d-----w- C:\Users\Battlefield\AppData\Local\{5F06B753-31D9-4CCF-9BE3-6711448DFFED}
2012-09-21 09:34:26 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{840E039D-9FA2-440B-A041-8121306F2DDB}\mpengine.dll
2012-09-20 18:35:09 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-20 18:27:49 98816 ----a-w- C:\Windows\sed.exe
2012-09-20 18:27:49 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-20 18:27:49 256000 ----a-w- C:\Windows\PEV.exe
2012-09-20 18:27:49 208896 ----a-w- C:\Windows\MBR.exe
2012-09-20 18:21:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-20 15:57:27 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-09-20 15:57:24 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-09-20 15:57:21 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-09-20 13:19:47 -------- d-----w- C:\Users\Battlefield\AppData\Local\{A1AC44F2-6289-48F1-9D5A-23222428675E}
2012-09-19 20:28:02 -------- d-----w- C:\Users\Battlefield\AppData\Local\{56AD7E08-DD68-4426-A5A1-67CBEF0F5FF6}
2012-09-19 16:28:29 -------- d-----w- C:\Users\Battlefield\AppData\Local\{257B76A0-0277-11E2-8271-B8AC6F996F26}
2012-09-19 16:27:33 -------- d-----w- C:\Users\Battlefield\AppData\Roaming\Yzap
2012-09-19 07:06:00 -------- d-----w- C:\Users\Battlefield\AppData\Local\{5988EC11-A917-4CC4-9F96-064E84B85B22}
2012-09-18 19:04:57 -------- d-----w- C:\Users\Battlefield\AppData\Local\{E8F1B7B7-869E-4EDE-8903-9012F4E2ABD7}
2012-09-18 07:04:06 -------- d-----w- C:\Users\Battlefield\AppData\Local\{441A0447-40CA-404E-A01F-B0F36F781F9A}
2012-09-17 19:03:54 -------- d-----w- C:\Users\Battlefield\AppData\Local\{470805B1-B440-40C9-8146-7503ABA5C304}
2012-09-17 07:03:31 -------- d-----w- C:\Users\Battlefield\AppData\Local\{A2B0DE23-7321-4A1F-B502-9A0980C7BF2F}
2012-09-16 19:03:07 -------- d-----w- C:\Users\Battlefield\AppData\Local\{B0F8E6CD-3A28-4577-AE9C-39B74B703563}
2012-09-16 18:56:03 183 ----a-w- C:\Users\Battlefield\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SignageController.bat
2012-09-15 16:55:02 -------- d-----w- C:\Users\Battlefield\AppData\Local\{B04D1F54-1EB0-4306-A9BD-6C984B99004C}
2012-09-14 21:13:04 -------- d-----w- C:\Program Files (x86)\Clubspeed
2012-09-14 17:48:51 -------- d-----w- C:\Users\Battlefield\AppData\Local\{1BAFFE19-D64D-4F4C-9615-363A57DB5577}
2012-09-14 05:48:27 -------- d-----w- C:\Users\Battlefield\AppData\Local\{35B235A0-C39C-4E71-B21A-F6FCF6591C89}
2012-09-13 17:47:26 -------- d-----w- C:\Users\Battlefield\AppData\Local\{24C414EC-9C13-4A13-A018-6316446A9057}
2012-09-13 02:39:09 -------- d-----w- C:\Users\Battlefield\AppData\Local\{A5F640D5-ABC2-4DC7-A18C-1085A66269E2}
2012-09-12 14:38:57 -------- d-----w- C:\Users\Battlefield\AppData\Local\{2FA0CA9A-C85F-48F8-AC49-1F62697BEE91}
2012-09-12 04:32:18 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 04:32:18 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 04:27:10 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 04:27:10 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 04:27:10 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 04:27:10 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 04:27:09 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 01:15:49 -------- d-----w- C:\Users\Battlefield\AppData\Local\{B9162058-1933-44E7-A157-5DAC0E22984E}
2012-09-11 13:15:25 -------- d-----w- C:\Users\Battlefield\AppData\Local\{8979499D-7D40-4705-AB6C-A0E038E271B9}
2012-09-11 01:14:22 -------- d-----w- C:\Users\Battlefield\AppData\Local\{CC3EB35A-81F1-4B23-935E-22BBE4040AB1}
2012-09-10 13:13:58 -------- d-----w- C:\Users\Battlefield\AppData\Local\{F1542D41-2FA3-4334-9D31-26A352984132}
2012-09-09 18:59:22 -------- d-----w- C:\Users\Battlefield\AppData\Local\{79207CBD-F332-4BB7-8372-948633FE734A}
2012-09-09 06:58:21 -------- d-----w- C:\Users\Battlefield\AppData\Local\{9AE8AF64-E1C0-4E7B-9078-67D5A1C50A65}
2012-09-08 18:57:17 -------- d-----w- C:\Users\Battlefield\AppData\Local\{493BAAB5-913D-44B5-9394-B4ABAFD7636C}
2012-09-07 15:54:05 -------- d-----w- C:\Users\Battlefield\AppData\Local\{CBB1C625-AF32-4652-AAE5-6C33015F95E4}
.
==================== Find3M ====================
.
2012-10-06 18:37:28 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-06 18:37:12 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-05 19:44:22 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-10-05 19:44:22 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-09-20 21:28:24 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-20 21:28:24 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-31 03:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 03:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-09 05:40:10 864208 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
2012-07-09 05:40:10 501712 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
2012-07-09 05:40:10 28616 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
2012-07-09 05:40:10 17840 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2012-07-09 04:24:30 856016 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll
2012-07-09 04:24:30 613840 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll
2012-07-09 04:24:30 30160 ----a-w- C:\Windows\System32\aspnet_counters.dll
2012-07-09 04:24:30 17824 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2010-09-26 15:04:34 94208 ----a-w- C:\Program Files (x86)\Common Files\regdll.dll
2010-09-26 15:04:34 69632 ----a-w- C:\Program Files (x86)\Common Files\ClacAdv.dll
2010-09-26 15:04:34 28672 ----a-w- C:\Program Files (x86)\Common Files\MYSWHelpComp.dll
2010-09-26 15:04:34 126976 ----a-w- C:\Program Files (x86)\Common Files\ClacStmp.dll
.
============= FINISH: 21:29:37.79 ===============
ken545
2012-10-16, 00:31
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR




Important! Please do not perform any fix options offered in aswMBR

Please download aswMBR (http://public.avast.com/%7Egmerek/aswMBR.exe) to your desktop.



Double click the aswMBR icon to run it.
Click the Scan button to start scan.
If you are asked to update the Avast Virus database please allow it to do so.
When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your next reply.


http://i1224.photobucket.com/albums/ee380/jeffce74/aswmbrscan.jpg (http://i1224.photobucket.com/albums/ee380/jeffce74/aswmbrscan.jpg)





Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
ken545
2012-10-20, 12:31
Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.