Please help, Rogue Secruity Program - win 7 home security 2011

[Paranoidpotato]

A couple of week ago my computer got infected with a program call win 7 home security 2011, it disabled firefox and chrome, and I am unable to run any scans to diagnose what is actually happening.

Please help at the soonest convenience.

[ken545]

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

This infection will not allow you to download any removal tools from the infected computer or run any programs to remove it, it lew of me typing all the instructions see if you can follow this one from BC, let me know if you cant and I will break it down and help you. Once you get Malwarebytes to remove this pest post the log please as there may be more to remove

http://www.bleepingcomputer.com/viru...-security-2011

[Paranoidpotato]

Apologies for the late post, Here is the Malwarebytes log.
__


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6401

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/19/2011 11:23:21 PM
mbam-log-2011-04-19 (23-23-21).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Objects scanned: 330306
Time elapsed: 31 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 28

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\ryan nakai\AppData\Local\pjm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\Local\rog.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\Local\sqb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\Local\Temp\0.2739298318671154.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\13\4f9f18cd-24604301 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\13\5ca3dccd-7fc42843 (Rogue.Agent) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\14\1f668cce-6f210c23 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\21\20b47915-238b5add (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\23\288d3797-116c2b5e (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\26\3cfc999a-30c53fe2 (Rogue.Agent) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\31\6bf3c11f-4ee2f35b (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\34\7333eb62-6364a495 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\35\4e2bf823-65d80c51 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\35\9eb3ee3-68536023 (Rogue.Agent) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\37\3f5ab6e5-23c61636 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\37\5517da65-63e78d43 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\38\4950f2e6-3376e0a5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\43\71c712b-7d7bcd29 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\46\3b816a6e-5740f644 (Rogue.Agent) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\52\5c1732b4-57604862 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\53\2f534435-71025c3f (Rogue.Agent) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\6\2de5d206-6c0c96f8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\6\4133ba46-493627a4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\6\59530d06-6cfb53c9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\60\69d6447c-6661a4b7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\LocalLow\Sun\Java\deployment\cache\6.0\60\cd1d23c-5a78f4e2 (Rogue.Agent) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\AppData\Roaming\camstudioportablebackup.reg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
c:\Users\ryan nakai\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

[ken545]

Great

Where the instructions easy for you to follow? Bleeping Computer is a great site and on top of keeping us all informed about the newer threats.

With this garbage there may be more to remove



Download DDS from one of the links below to your desktop

Link 1
Link 2

• Double click the tool to run it.
• A black Screen will open, just read the contents and do nothing.
• When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
• Copy/Paste the contents of 'DDS.txt' into your post.
• 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)

[Paranoidpotato]

DDS log
__

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Ryan Nakai at 7:15:29.79 on Wed 04/20/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6977 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.0.0.128\InstStub.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Users\Ryan Nakai\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan Nakai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ryan Nakai\Downloads\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
uRun: [Google Update] "C:\Users\Ryan Nakai\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\RYANNA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\RYANNA~1\AppData\Roaming\Mozilla\Firefox\Profiles\ofoqk13c.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Users\Ryan Nakai\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-3 203264]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2011-4-19 101048]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [2010-9-10 126904]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-9-10 635416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-3-3 7767552]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-3-3 279040]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-3-3 116752]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-9-10 852256]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-9-10 346144]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-9-10 38456]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2010/09/10 17:59:38;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-9-10 245232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\System32\drivers\lgx64gps.sys [2011-1-9 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-28 1255736]
.
=============== Created Last 30 ================
.
2011-04-20 04:46:51 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-04-01 16:15:57 -------- d-sh--w- C:\found.000
2011-04-01 15:43:47 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{7BB8E032-3A87-4FAD-957E-82C1105A8438}\mpengine.dll
2011-03-26 04:49:25 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-26 04:49:25 728024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-26 04:49:25 1975768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-26 04:49:25 1893336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-26 04:49:25 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-03-26 04:49:25 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-26 04:49:25 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-03-26 04:49:25 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
.
==================== Find3M ====================
.
2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
2011-02-24 06:30:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-18 06:37:05 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-18 05:36:26 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-12 06:14:41 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-02-05 12:41:43 556928 ----a-w- C:\Windows\System32\winresume.efi
2011-02-05 12:41:35 640896 ----a-w- C:\Windows\System32\winload.efi
2011-02-05 12:41:24 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-05 12:41:24 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-05 12:41:23 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-05 12:39:21 603976 ----a-w- C:\Windows\System32\winload.exe
2011-02-05 12:39:21 518160 ----a-w- C:\Windows\System32\winresume.exe
2011-02-03 00:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
.
============= FINISH: 7:15:51.75 ===============

[ken545]

It looks like Symantec is your main Antivirus program but I am seeing some entries for McAfee, have you tried to uninstall McAfee at one time ? If you did it may have been a borked uninstall, you may want to run this removal tool. More than one AV can really suck up system resources and cause all kinds of issues.

http://majorgeeks.com/McAfee_Consume...ool_d5420.html
http://service.mcafee.com/FAQDocument.aspx?id=TS100507



ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Make sure that the option "Remove found threats" is Unchecked
9. Push the Start button.
10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
11. When the scan completes, push
12. Push , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
13. Push the button.
14. Push

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

[Paranoidpotato]

eset scan log
__
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\27e8c01-766c1216 a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\2d85064e-3517c84f a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\55a2d3ce-307cc400 a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4b89915-5d1a7a2d a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\530c4f16-7fe93814 multiple threats
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2b854b99-64091453 a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\1131b71b-56f1ccd2 a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\d6429c3-1d2fffed a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\eee2921-7d56b2d9 multiple threats
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\3e85f8e5-7dd5a9de a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\465f12ac-36a398e4 multiple threats
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\629cc8ec-680fba94 multiple threats
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\6dd632b0-10030286 multiple threats
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\729a4e73-1df92cb7 a variant of Java/TrojanDownloader.OpenStream.NBG trojan
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\121b07f9-4743c91a multiple threats
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\18396c39-6a1ecafb a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\458317b9-228159a5 Java/TrojanDownloader.OpenStream.AF trojan
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\52a2a7ba-7b2b4861 a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\4a5bb93f-4c0b4afa multiple threats
C:\Users\Ryan Nakai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\77bb66c7-48060ee2 multiple threats

[ken545]

Hey,

Your Java Cache is infected, lets run this other cleaner

Download TFC to your desktop

• Close any open windows.
• Double click the TFC icon to run the program
• TFC will close all open programs itself in order to run,
• Click the Start button to begin the process.
• Allow TFC to run uninterrupted.
• The program should not take long to finish it's job
• Once its finished it should automatically reboot your machine,
• if it doesn't, manually reboot to ensure a complete clean

Then do this, your version of Java may be different but its all basically the same

1. Click Start > Settings > Control Panel.
2. Double-click the Java Plug-in icon in the control panel.
3. Click the Cache tab.
4. Click Clear A confirmation dialog box appears.
5. Click Yes to confirm.
6. Click Apply.


How are things running now ?

[Paranoidpotato]

things are running much better now!

[ken545]

Did you clear the cache ?