safesurf

**baconator** · 2010-09-15, 21:57

avg detecting safesurf threat, among other issues, all seem to go back to some soft of virus or malware issue.

DDS (Ver_10-03-17.01) - NTFSX64
Run by ileandover at 13:35:14.97 on Wed 09/15/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8180.5855 [GMT -4:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\Installer\MSI15BF.tmp
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\OSD\OSD_Service.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\SysWOW64\system\svchost.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\OSD\OSD.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\ileandover\AppData\Roaming\install\server.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\drivers\surfguard.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\jusched.exe
C:\Windows\SysWOW64\drivers\safesurf.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\ileandover\Desktop\dds.com
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
uDefault_Page_URL = hxxp://www.alienware.com/
mLocal Page = c:\windows\syswow64\blank.htm
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files\alienware\command center\aliensense\FAIESSO.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
uRun: [HKCU] c:\users\ileandover\appdata\roaming\install\server.exe
mRun: [FATrayAlert] c:\program files\alienware\command center\aliensense\FATrayMon.exe
mRun: [OSD_LAUNCH] c:\program files (x86)\osd\Launch_OSD.exe
mRun: [RemoteControl8] "c:\program files (x86)\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files (x86)\cyberlink\powerdvd8\language\Language.exe"
mRun: [BDRegion] c:\program files (x86)\cyberlink\shared files\brs.exe
mRun: [UCam_Menu] "c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [FAStartup]
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [jsafesurf] c:\windows\syswow64\drivers\safesurf.exe
dRun: [DelayShred] c:\progra~2\mcafee\mshr\shrcl.exe /p7 /q c:\users\ileand~1\appdata\local\temp\divdee9.sh! c:\users\ileand~1\appdata\local\micros~1\windows\tempor~1\content.ie5\moz6l4as\clb994~1.sh! c:\users\ileand~1\appdata\local\micros~1\windows\tempor~1\content.ie5\p7ldhrrh\vitali~1.sh! c:\users\ileand~1\appdata\local\micros~1\windows\tempor~1\content.ie5\moz6l4as\clec03~1.sh! c:\users\ileand~1\appdata\local\temp\low\hsperf~1.sh! c:\users\ileand~1\appdata\local\temp\hsperf~1.sh! c:\users\ileand~1\appdata\local\micros~1\windows\tempor~1\content.ie5\moz6l4as\cla788~1.sh! c:\users\ileand~1\appdata\local\micros~1\windows\tempor~1\content.ie5\io9ul2vc\vitali~1.sh! c:\users\ileand~1\appdata\local\micros~1\windows\tempor~1\content.ie5\1nheo8wv\cl30f6~1.sh! c:\users\ileand~1\appdata\local\temp\divafbe.sh! c:\users\ileand~1\appdata\local\micros~1\windows\tempor~1\content.ie5\moz6l4as\cl3ce2~1.sh! c:\users\ileand~1\appdata\local\micros~1\windows\tempor~1\content.ie5\p7ldhrrh\claacf~1.sh! c:\users\ileand~1\appdata\local\temp\div98c5.sh! c:\users\ileand~1\appdata\local\micros~1\windows\tempor~1\content.ie5\ui9ztr9q\slap_p~1.sh! c:\users\ileand~1\appdata\local\temp\divf0d3.sh! c:\users\ileand~1\appdata\local\micros~1\windows\tempor~1\content.ie5\q3b1kcg6\slap_p~2.sh! c:\users\ileand~1\appdata\local\micros~1\windows\tempor~1\content.ie5\vhi4f51d\cl5b84~1.sh! c:\users\ileand~1\appdata\local\micros~1\windows\tempor~1\content.ie5\1o2lk7s1\cl90d8~1.sh! c:\users\ileand~1\appdata\local\temp\tempor~1\content.sh! c:\users\ileand~1\appdata\local\temp\tempor~1.sh! c:\users\ileand~1\appdata\local\temp\history\history.sh! c:\users\ileand~1\appdata\local\temp\history.sh! c:\users\ileand~1\appdata\local\temp\div2df2.sh! c:\users\ileand~1\appdata\local\temp\Cookies.SH!
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Notify: FastAccess - c:\program files\alienware\command center\aliensense\FALogNot.dll
STS: CAveStartButtonChangerObject Class: {f791a188-699d-4fd4-955a-eb59e89b1907} - c:\program files (x86)\the skins factory\hyperdesk\common\AveStartButtonChangerInProc.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [AlienFX Controller] "c:\program files\alienware\command center\AlienwareAlienFXController.exe"
mRun-x64: [(Default)]
mRun-x64: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun-x64: [IAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe
mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
AppInit_DLLs-X64: avgrssta.dll
STS-X64: CAveStartButtonChangerObject Class: {F791A188-699D-4FD4-955A-EB59E89B1907} - c:\program files (x86)\the skins factory\hyperdesk\common\AveStartButtonChangerInProc.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-5-24 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-5-24 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-5-24 317520]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-2 308296]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/04/23 08:56:38];c:\program files (x86)\cyberlink\powerdvd8\000.fcl [2009-4-16 146928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_7984240545aadb84\AESTSr64.exe [2010-2-28 89600]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AlienFusionService;Alienware Fusion Service;c:\program files\alienware\command center\AlienFusionService.exe [2009-11-10 13624]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-6 202752]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 FAService;FAService;c:\program files\alienware\command center\aliensense\FAService.exe [2009-6-24 2368776]
R2 HappyOSD;HappyOSD;c:\program files (x86)\osd\OSD_Service.exe [2010-4-23 12800]
R2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\installer\MSI15BF.tmp [2010-5-22 102400]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe64.sys [2010-2-28 60416]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe64.sys [2010-2-28 80896]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe64.sys [2010-2-28 55808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-6-25 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]
R2 Win_Updater;Win32 Updater;c:\windows\syswow64\system\svchost.exe [2010-8-21 1405440]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2010-2-28 25136]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-4-6 6659072]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-4-6 195584]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 54824]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-4-23 35104]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k62x64.sys [2010-2-28 273072]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-7-13 69736]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\drivers\NETw5s64.sys [2010-2-28 6952960]
R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver64.sys [2010-6-20 44088]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-5-12 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\avg\avg9\toolbar\ToolbarBroker.exe [2010-5-24 430152]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-9-24 238848]
S3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\IAMTVE.sys [2010-2-28 43416]
S3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXPE.sys [2010-2-28 51096]
S3 ioatdma;Intel(R) QuickData Technology device;c:\windows\system32\drivers\qd260x64.sys [2010-2-28 41096]
S3 ioatdma1;ioatdma1;c:\windows\system32\drivers\qd162x64.sys [2010-2-28 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\system32\drivers\qd262x64.sys [2010-2-28 41680]
S3 iSSetup;iSSetup;c:\windows\system32\drivers\iSSetup.sys [2010-2-28 171744]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-2 102472]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-5-2 40904]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-5-2 49480]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2009-9-21 315664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-29 1255736]

=============== Created Last 30 ================

2010-09-15 16:54:29 0 d-----w- c:\windows\pss
2010-09-15 16:43:06 65536 --sha-w- c:\users\ileandover\ntuser.dat{0dc460c3-c0e7-11df-80d4-d722c90006fd}.TM.blf
2010-09-15 16:43:06 524288 --sha-w- c:\users\ileandover\ntuser.dat{0dc460c3-c0e7-11df-80d4-d722c90006fd}.TMContainer00000000000000000002.regtrans-ms
2010-09-15 16:43:06 524288 --sha-w- c:\users\ileandover\ntuser.dat{0dc460c3-c0e7-11df-80d4-d722c90006fd}.TMContainer00000000000000000001.regtrans-ms
2010-09-15 08:17:12 1 ----a-w- c:\users\ileandover\oashdihasidhasuidhiasdhiashdiuasdhasd
2010-09-14 20:12:47 0 d-----w- c:\program files (x86)\Sophos
2010-09-14 20:03:22 0 --sha-w- C:\ProgramData.LOG2
2010-09-14 20:03:22 0 --sha-w- C:\ProgramData.LOG1
2010-09-14 17:50:13 0 d-----w- c:\program files (x86)\MSSOAP
2010-09-14 17:50:13 0 d-----w- c:\program files (x86)\common files\MSSoap
2010-09-14 17:50:02 1563008 ----a-w- c:\windows\WRSetup.dll
2010-09-14 17:50:02 0 d-----w- c:\program files (x86)\Webroot
2010-09-14 17:45:53 0 d-----w- c:\users\ileand~1\appdata\roaming\Malwarebytes
2010-09-14 17:45:03 0 d-----w- c:\programdata\Malwarebytes
2010-09-14 17:45:01 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-14 17:25:14 24 ----a-w- c:\users\ileand~1\appdata\roaming\dfyspu.dat
2010-09-14 07:01:58 0 d-----w- c:\users\ileand~1\appdata\roaming\install
2010-09-14 02:12:30 0 d-----w- c:\windows\syswow64\install
2010-09-14 02:11:49 0 d-----w- c:\programdata\PlayPond
2010-09-13 22:35:51 0 d-----w- c:\programdata\PlayFirst
2010-09-13 22:35:09 4286 ----a-w- c:\windows\syswow64\ico.ico
2010-09-13 22:35:09 0 d-----w- c:\windows\syswow64\system
2010-09-13 22:35:06 0 d-----w- c:\windows\syswow64\webem
2010-09-11 19:46:32 80260467 ----a-w- c:\users\ileand~1\appdata\roaming\Mystery Legends Sleepy Hollow.exe
2010-09-11 01:16:00 0 d-----w- c:\users\ileand~1\appdata\roaming\RipIt4Me
2010-09-11 01:15:14 99384 ----a-w- c:\users\ileand~1\appdata\roaming\inst.exe
2010-09-11 01:15:14 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-09-11 01:15:14 82816 ----a-w- c:\users\ileand~1\appdata\roaming\pcouffin.sys
2010-09-10 15:37:17 0 d-sh--w- c:\programdata\SecuROM
2010-09-10 15:22:32 0 d-----w- c:\users\ileand~1\appdata\roaming\Bioshock2
2010-09-10 12:51:30 0 d-----w- c:\windows\syswow64\xlive
2010-09-10 12:51:30 0 d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2010-09-10 12:43:05 0 d-----w- c:\program files (x86)\2K Games
2010-09-10 12:42:41 14 ----a-w- c:\windows\syswow64\SysEngine2.SYS
2010-09-10 12:42:41 1129 ----a-w- c:\windows\DVDXRestrictionFree.ini
2010-09-10 11:07:44 602112 ----a-w- c:\users\ileand~1\appdata\roaming\radu.exe
2010-09-10 02:09:44 0 d-----w- c:\programdata\SlySoft
2010-09-10 02:09:33 0 d-----w- c:\program files (x86)\Elaborate Bytes
2010-09-10 02:08:36 0 d-----w- c:\program files (x86)\SlySoft
2010-09-10 00:29:54 0 d-----w- C:\VOCABULARY
2010-09-09 23:43:47 0 d-----w- c:\programdata\DVD Shrink
2010-08-30 23:28:13 0 d-----w- c:\program files (x86)\RCA
2010-08-30 19:37:06 0 d-----w- c:\program files (x86)\Bagatrix
2010-08-26 19:33:50 0 d-----w- c:\program files (x86)\Steam
2010-08-26 19:31:40 0 d-----w- c:\program files (x86)\Team17
2010-08-26 01:40:12 0 d-----w- c:\programdata\InstallShield
2010-08-26 01:39:39 43168 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-08-26 01:39:39 312480 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-08-24 22:09:16 0 d-----w- c:\users\ileand~1\appdata\roaming\The Path
2010-08-24 20:28:26 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-24 20:28:26 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-21 14:39:50 0 d-----w- c:\program files (x86)\Aliens Vs Predator
2010-08-21 14:02:56 0 d-----w- c:\program files\ASC Games
2010-08-21 14:01:52 315904 ----a-w- c:\windows\IsUninst.exe
2010-08-20 12:19:44 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-08-20 12:19:44 452440 ----a-w- c:\windows\syswow64\d3dx10_40.dll
2010-08-20 12:19:44 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-08-20 12:19:44 2036576 ----a-w- c:\windows\syswow64\D3DCompiler_40.dll
2010-08-20 12:19:43 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-08-20 12:19:43 4379984 ----a-w- c:\windows\syswow64\D3DX9_40.dll
2010-08-20 12:18:48 0 d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2010-08-20 01:30:50 0 d-----w- c:\program files (x86)\NVIDIA Corporation
2010-08-20 01:30:44 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-08-19 19:30:32 0 d-----w- c:\programdata\Exorcist DS 7
2010-08-19 02:37:11 580096 ----a-w- c:\windows\system32\ac3filter64.acm
2010-08-19 02:37:11 497664 ----a-w- c:\windows\syswow64\ac3filter.acm
2010-08-19 02:37:10 0 d-----w- c:\program files (x86)\AC3Filter
2010-08-18 17:25:16 0 d-----w- c:\program files (x86)\GPL MPEG Decoder
2010-08-16 23:06:33 0 d-----w- c:\users\ileand~1\appdata\roaming\Mobipocket

==================== Find3M ====================

2010-08-15 14:56:15 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-21 15:46:43 368640 ----a-w- c:\windows\syswow64\ReWire.dll
2010-07-21 15:46:43 233472 ----a-w- c:\windows\syswow64\REX Shared Library.dll
2010-07-18 14:39:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-07-17 09:00:12 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-07-17 09:00:12 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-07-17 09:00:10 145184 ----a-w- c:\windows\syswow64\java.exe
2010-07-17 09:00:04 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-16 13:30:45 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-07-16 04:38:54 392704 ----a-w- c:\windows\syswow64\ICH.exe
2010-06-30 13:42:43 9232 ----a-w- c:\users\ileandover\mqdmmdfl.sys
2010-06-30 13:42:43 92064 ----a-w- c:\users\ileandover\mqdmmdm.sys
2010-06-30 13:42:43 79328 ----a-w- c:\users\ileandover\mqdmserd.sys
2010-06-30 13:42:43 66656 ----a-w- c:\users\ileandover\mqdmbus.sys
2010-06-30 13:42:43 6208 ----a-w- c:\users\ileandover\mqdmcmnt.sys
2010-06-30 13:42:43 5936 ----a-w- c:\users\ileandover\mqdmwhnt.sys
2010-06-30 13:42:43 4048 ----a-w- c:\users\ileandover\mqdmcr.sys
2010-06-30 13:42:43 25600 ----a-w- c:\users\ileandover\usbsermptxp.sys
2010-06-30 13:42:43 22768 ----a-w- c:\users\ileandover\usbsermpt.sys
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-25 23:10:57 256 ----a-w- C:\pool.bin
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:36:06.85 ===============

**Blade81** · 2010-09-20, 16:47

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent
LimeWire
Soulseek

I'd like you to read this thread.

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).

After that:

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Please post contents of that file in your next reply.

---

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\System32\Wbem\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

**Blade81** · 2010-09-26, 11:42

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.

Thread: safesurf

Thread Tools

Display

safesurf

Tags for this Thread

Posting Permissions