Fraud.VistaHomeSecurity 2012
well I got this lovely little program, and it has crashed my computer twice and three hours later i am at the point where i can try to go about fixing it.
Things that i have done to this point:
followed instructions from bleeping computer regarding the virus:
http://www.bleepingcomputer.com/virus-removal/remove-vista-internet-security-2012
this helped but internet was still being blocked, and spybot was unable to shut it down before the computer crashed so i went to the next step and used - rkill and then there registry fix file - fixncr
now i am at the point where it is not shutting down spybot and i have completed a full scan but when spybot trys to fix the problem it says i must be in admin mode and another box pops up saying that it cannot create file (c:\windows\wininit.ini) Acces is denied, leaving the bulk of the files unchanged.
I have included the dds log, the attach zip and the S&D log, if you guys can figure this out for me it would save my day.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19170
Run by Crash at 0:43:03 on 2011-12-27
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.12278.8340 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\WTouch\WTouchService.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\consent.exe
C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
c:\program files (x86)\steam\steamapps\common\saints row the third\SaintsRowTheThird.exe
C:\Program Files (x86)\Steam\GameOverlayUI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO: Trixie.Bho: {b0744341-96e0-4341-9ed2-8bc36ce0ccd0} - mscoree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [winupd] C:\Users\Crash\AppData\Local\Temp:winupd.exe
uRun: [p9pl8161828373533996414] \\?\globalroot\Device\HarddiskVolume1\Users\Crash\AppData\Local\Temp\p9pl8161828373533996414.tmp
uRun: [dplaysvr] C:\Users\Crash\AppData\Local\dplaysvr.exe
uRun: [jgfhtdt] \\?\globalroot\Device\HarddiskVolume1\Users\Crash\AppData\Local\Temp\jgfhtdt.exe
uRun: [bfPRWUgkAvye.exe] C:\ProgramData\bfPRWUgkAvye.exe
mRun: [InstantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
mRun: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe"
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe"
mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Crash\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Users\Crash\AppData\Local\Temp\ImpulseNow.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\Windows\system32\mscoree.DLL
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{748A8665-6FE8-4493-8D9A-CB566D46B155} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C4922076-B5B9-4241-AB58-66C98A8DF26F} : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{C9E06351-BEA4-46F0-8815-38DB89561FD5} : DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO-X64: Trixie.Bho: {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [InstantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
mRun-x64: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe"
mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe"
mRun-x64: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
mRun-x64: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun-x64: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Crash\AppData\Roaming\Mozilla\Firefox\Profiles\7yvsnmaz.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Users\Crash\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
.
============= SERVICES / DRIVERS ===============
.
R0 CLBStor;CLBStor;C:\Windows\system32\DRIVERS\CLBStor.sys --> C:\Windows\system32\DRIVERS\CLBStor.sys [?]
R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys --> C:\Windows\system32\DRIVERS\mv61xx.sys [?]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-8-15 86016]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\system32\drivers\CLBUDF.sys --> C:\Windows\system32\drivers\CLBUDF.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-28 2253120]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-6-7 1153368]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-9-9 518472]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-11-10 370504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-8-3 24652]
R2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2011-9-5 278528]
R2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2010-4-30 127272]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9c543d9885441;Google Update Service (gupdate1c9c543d9885441);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-24 133104]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-24 133104]
S3 NPF;Netgroup Packet Filter;C:\Windows\system32\DRIVERS\npf.sys --> C:\Windows\system32\DRIVERS\npf.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;C:\Windows\system32\DRIVERS\WNDA31vx.sys --> C:\Windows\system32\DRIVERS\WNDA31vx.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-12-27 04:13:35 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8323A999-A3BD-4664-ABC0-B7E768CCEE89}\offreg.dll
2011-12-27 04:08:18 450304 ----a-w- C:\ProgramData\bfPRWUgkAvye.exe
2011-12-27 04:05:19 71680 --sh--w- C:\Users\Crash\AppData\Local\dplaysvr.exe
2011-12-27 04:05:19 35840 --sh--w- C:\Users\Crash\AppData\Local\dplayx.dll
2011-12-27 03:31:32 346624 ----a-w- C:\Users\Crash\AppData\Local\qil.exe
2011-12-23 17:06:10 -------- d-----w- C:\Program Files\iPod
2011-12-23 17:06:09 -------- d-----w- C:\Program Files\iTunes
2011-12-23 06:45:59 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8323A999-A3BD-4664-ABC0-B7E768CCEE89}\mpengine.dll
2011-12-21 23:19:26 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-12-21 23:19:13 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-21 23:19:01 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-21 23:19:00 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-21 23:11:32 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-12-21 23:11:32 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-12-23 14:12:24 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-03 06:55:13 1147392 ----a-w- C:\Windows\System32\wininet.dll
2011-11-03 06:50:15 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-03 06:49:54 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-03 06:49:36 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-11-03 06:49:36 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-11-03 06:22:04 916992 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-11-03 05:54:27 479232 ----a-w- C:\Windows\System32\html.iec
2011-11-03 05:22:43 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-03 05:11:55 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-11-03 05:10:39 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 04:45:39 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-11-03 04:43:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-25 23:37:58 280480 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-25 23:37:58 280480 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-24 18:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-15 04:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-10-14 17:30:05 559616 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-14 16:02:19 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-10-04 18:58:42 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-09-29 21:50:05 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
.
============= FINISH: 0:43:39.62 ===============
-----------------------------------------------------------------------------------------------
Fraud.InternetSecurity2011: [SBI $C021A337] Settings (Registry value, fixing failed)
HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Firefox.EXE\shell\open\command\=..."C:\Users\Crash\AppData\Local\qil.exe" -a...
Fraud.InternetSecurity2011: [SBI $3F1FA92F] Settings (Registry value, fixing failed)
HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Firefox.EXE\shell\safemode\command\=..."C:\Users\Crash\AppData\Local\qil.exe" -a...
Fraud.InternetSecurity2011: [SBI $2A617167] Settings (Registry value, fixing failed)
HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\=..."C:\Users\Crash\AppData\Local\qil.exe" -a...
Fraud.InternetSecurity2011: [SBI $07CC9A4D] Settings (Registry change, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Start
Fraud.InternetSecurity2011: [SBI $07CC9A4D] Settings (Registry change, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Start
Fraud.InternetSecurity2011: [SBI $953CC77A] Settings (Registry change, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $953CC77A] Settings (Registry change, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $61C84F7D] Settings (Registry change, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Start
Fraud.InternetSecurity2011: [SBI $61C84F7D] Settings (Registry change, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Start
Fraud.InternetSecurity2011: [SBI $04E0038B] Settings (Registry change, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $04E0038B] Settings (Registry change, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $F5EC9C27] Settings (Registry change, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start
Fraud.InternetSecurity2011: [SBI $F5EC9C27] Settings (Registry change, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start
Fraud.InternetSecurity2011: [SBI $7DE0D860] Settings (Registry change, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $7DE0D860] Settings (Registry change, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall
Microsoft.Windows.Security.InternetExplorer: [SBI $366713D4] Settings (Registry change, fixing failed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
Win32.Banker: [SBI $B7F18365] Executable (File, nothing done)
C:\Users\Public\Documents\19792079
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
DoubleClick: Tracking cookie (Internet Explorer: Crash) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
