Hi guys,

so I forgot to turn my antivirus system back on earlier and I downloaded this program. It turned out it didn't work, and I suspect that that is the virus. I tried connecting to google on other web browsers, but it doesn't work! On the page it asks me to complete a survey to unlock the website, so I know it is a virus.

Snapshot:


Page HTML source: Paste Link

My laptop is clean and not experiencing any symptoms, but just need an opinion from an expert to see if my laptop is malware/virus free, thank you.

---------------------DDS contents------------------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.13.2
Run by Administrator at 1:37:59 on 2013-03-02
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5942.4317 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\BatteryCare\BatteryCare.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Users\May\Desktop\Programs\Network Indicator v1.6.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\splwow64.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CKeyScramblerBHO Object: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Foxit Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Foxit Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [BatteryCare] C:\Program Files (x86)\BatteryCare\BatteryCare.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
uPolicies-Explorer: HideSCAPower = dword:0
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{44F5BABE-A795-44D8-88CF-09E2C4B06E41} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: CKeyScramblerBHO Object: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator56109\AppData\Roaming\Mozilla\Firefox\Profiles\fo37dwjz.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-2-17 27800]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2011-12-19 577824]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2011-12-19 43248]
R1 networx;networx;C:\Windows\System32\drivers\networx.sys [2011-3-15 58360]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-10-25 89600]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-2-17 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-2-17 110816]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-2-17 99912]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-4-21 21992]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-9-17 92216]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-6-15 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-9-28 26680]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-25 2533400]
R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-9-3 31088]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-1 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-6-21 287232]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2011-1-30 129384]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 PSMounter;Macrium Reflect Image Explorer Service;C:\Windows\System32\drivers\psmounter.sys [2011-1-17 40600]
S3 PSSDK42;PSSDK42;C:\Windows\System32\drivers\pssdk42.sys [2011-2-5 53312]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-25 232992]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-25 344680]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-5 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 ReflectService;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2011-1-17 301720]
.
=============== File Associations ===============
.
ShellExec: MediaConverter.exe: open="C:\Program Files (x86)\SanDisk\Sansa Media Converter\uMediaConverter.exe" "%1"
.
=============== Created Last 30 ================
.
2013-02-17 13:23:22 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-02-17 12:47:31 -------- d-----w- C:\Users\Administrator56109\AppData\Roaming\Avira
2013-02-17 12:46:56 99912 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-02-17 12:46:56 27800 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-02-17 12:46:50 -------- d-----w- C:\ProgramData\Avira
2013-02-17 12:46:50 -------- d-----w- C:\Program Files (x86)\Avira
2013-02-17 12:41:46 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-02-17 12:40:05 -------- d-----w- C:\Program Files\VLC
2013-02-17 12:38:38 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-02-17 12:31:38 -------- d-----w- C:\Program Files\Axantum
2013-02-17 12:26:39 -------- d-----w- C:\Program Files (x86)\Auslogics
2013-02-15 18:43:12 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{69060A97-AFA5-460E-8ED8-DD7B0D70160A}\mpengine.dll
2013-02-13 05:12:35 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 05:12:35 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 05:10:59 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2013-02-13 05:09:57 5500776 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 05:09:55 3957608 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 05:09:55 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 05:09:53 287576 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 05:09:53 1893224 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-13 05:09:49 3150848 ----a-w- C:\Windows\System32\win32k.sys
2013-02-08 18:45:10 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-08 02:02:16 -------- d-----w- C:\Users\Administrator56109\AppData\Local\temp
2013-02-05 05:04:46 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2013-02-17 12:41:42 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-02-17 12:41:42 1085344 ----a-w- C:\Windows\System32\npdeployJava1.dll
2013-02-05 05:04:34 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-01-17 06:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 05:37:01 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-01-04 05:37:00 243200 ----a-w- C:\Windows\System32\wow64.dll
2013-01-04 05:37:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-01-04 05:36:33 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 05:33:49 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-01-04 05:30:34 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2013-01-04 05:27:03 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-04 05:27:02 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 05:27:01 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 05:27:01 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-04 05:27:00 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 05:27:00 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 05:27:00 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 04:51:09 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:51:08 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-01-04 03:19:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-01-04 02:48:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:48:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:48:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-04 02:48:33 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:43:35 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 02:43:34 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-01-04 02:43:34 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 02:43:34 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-12-16 16:52:02 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:40:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:25:27 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:25:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 05:35:34 2745856 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 04:57:38 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs
.
============= FINISH: 1:38:47.28 ===============

Attached Files

	Attach.zip (3.1 KB)
	ark.zip (632 Bytes)

REposting from original question thread in Internet Explorer Forum, was advised it may be a browser hijack, I did read the "new instructions" in this section, but am none the wiser, too much to read to actually understand what "i" should be doing


I hope someone can help me, I spend way too much time staring at stagnant screens
I have Windows 7 Home Premium, and Internet Explorer 9

Ive tried numerous "fixes" I have found on other sites, to no avail, I can barely recall what all Ive tried Ive tried so much....lol

When I load for example ....my local newspaper (which a few weeks ago and beyond I had NO issues with....and I have not changed anything on my computer since then)....when I click on a story link, it wont go to a new window unless I click the link like 3 times, and even then when it opens to a new window or in the same window, its like hit and miss whether it will load or not.....either it just hangs and does nothing, or it says ie cant load that page type thing

And since Im here asking questions, whats up with my search bars bing, and google (doesnt seem to matter) these days, that too changed recently and for no reason.....used to be, type in search words......it looks for sites pertaining to same.....I click on said site, for example this site..........but instead of it taking me to what was showing in the preview of the search, it loads weird links in the top bar and lands on a site that provides software for said search terms and I never do get to this site like I used to unless I actually type it in the bar
sorry I am blanking on the actual terminology...............anyone understand what I am saying? what is going on?

I recently downloaded an Item and it gave me a virus called Claro Search its malware and I need help getting rid of it.It infected my Internet Programs. I have a boot CD.

Attached Files

	attach.zip (19.4 KB)
	dds.txt (36.2 KB)

Approxamately 1 week ago when I started IE the page opened but the lower part of the page was blank(white). All other web pages loaded just fine. I researched it on your site and PCHelpforums and applied what I read as in turning off all addon's but nothing worked so here we go. Will check back in a couple days to see what other info you need. Thanks for the help.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2
Run by dollhobbs at 13:55:44 on 2013-03-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6183 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\makecab.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
mDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{40CBA3A2-7BE0-4EFB-8483-11068301A523} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A19895FE-39EC-4EDA-A41A-8C7B785D6C88} : DHCPNameServer = 75.75.75.75 75.75.76.76
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 Spyware Info | Spyware Info | spyware software | spyware program | protection spyware
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-2-11 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-2-11 370288]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-2-11 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-2-11 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-21 44808]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-1-25 166408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-1 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-1 15128]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 am7pro;Art*Money*Pro7.40;C:\Games\ArtMoney\am74064.sys [2012-10-21 9728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 spd3ssl;S*pyware P*rocess D*etector v3.22.4;C:\Program Files (x86)\Spyware Process Detector\spd322.sys [2012-4-18 15360]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]
S3 SaiK0CCB;SaiK0CCB;C:\Windows\System32\drivers\SaiK0CCB.sys [2011-3-23 176136]
S3 SaiU0CCB;SaiU0CCB;C:\Windows\System32\drivers\SaiU0CCB.sys [2011-3-23 41352]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-25 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-11 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;E:\Program Files (x86)\realtemp\WinRing0x64.sys [2012-3-18 14544]
S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-13 1153368]
.
=============== Created Last 30 ================
.
2013-03-03 21:26:28 92184 ----a-w- C:\ProgramData\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
2013-03-02 15:57:51 197912 ----a-w- C:\Windows\SysWow64\physxcudart_20.dll
2013-03-02 15:57:51 197912 ----a-w- C:\Windows\System32\physxcudart_20.dll
2013-03-02 03:44:06 -------- d-----w- C:\Users\dollhobbs\AppData\Local\Divinity 2
2013-03-02 03:37:50 -------- d-----w- C:\ProgramData\Divinity 2
2013-03-02 01:02:45 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2716E3C2-7696-4A99-9998-E1B676B170A4}\mpengine.dll
2013-02-26 08:32:36 958120 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
2013-02-26 08:32:32 245872 ----a-w- C:\Windows\System32\nvinitx.dll
2013-02-26 08:32:04 201576 ----a-w- C:\Windows\SysWow64\nvinit.dll
2013-02-24 19:21:21 -------- d-----w- C:\Windows\SysWow64\spool
2013-02-24 19:18:59 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2013-02-24 02:20:58 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-16 13:50:21 -------- d-----w- C:\Program Files (x86)\Origin Games
2013-02-16 03:58:12 106088 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 02:01:37 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 02:01:37 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 01:59:59 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2013-02-14 01:59:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2013-02-14 01:59:59 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2013-02-14 01:59:59 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2013-02-14 01:58:59 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-14 01:58:56 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-14 01:58:54 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-14 01:58:52 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-14 01:58:40 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-14 01:58:38 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-14 01:58:38 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-14 01:58:38 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-14 01:58:38 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-14 01:58:37 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-14 01:57:50 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-14 01:57:50 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-12 02:44:44 -------- d-----w- C:\ProgramData\RELOADED
2013-02-12 02:34:25 -------- d-----w- C:\Program Files (x86)\Torchlight II
.
==================== Find3M ====================
.
2013-02-26 08:32:38 1107440 ----a-w- C:\Windows\System32\nvumdshimx.dll
2013-02-24 02:20:54 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-02-24 02:20:54 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-09 23:48:21 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-01-18 16:15:24 550176 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-01-18 15:00:28 6390048 ----a-w- C:\Windows\System32\nvcpl.dll
2013-01-18 15:00:28 3460896 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-01-18 15:00:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-01-18 15:00:11 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-01-18 15:00:11 2953448 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-01-18 15:00:11 2558240 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-01-18 15:00:11 118560 ----a-w- C:\Windows\System32\nvmctray.dll
2013-01-17 09:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
.
============= FINISH: 13:57:14.29 ===============

Attached Files

ark.zip (27.0 KB)

hello

i ran trojan remover on safe mode before i ran into this tech forum.

it found 2 malware infections. a trojan and a hacking system file.
they both were deleted by the trojan remover program. when i ran it again. nothing was found....but my main concern right now is that i was reading the log that i was given and it said something about some files being locked or in use. and im not sure if the computer is really finally out of harms way.

i do have a boot disc if i have to reformat. but i do run a store AND reformatting is such a huge hassle. i will do it if ihave to. but i would like to know if im still in harms way.

i ran the programs you guys asked and i will be attaching them here.
ALSO i will attach the trojan remover log..just so you see what im talking abt.


the computer started acting up, an the main that it was doing, was everytime i would turn the computer back on, the receipt printer was uninstalled. EVERYTIME.

thanks in advance.

Attached Files

	attach.zip (12.4 KB)
	dds.txt (19.1 KB)
	trojan remover log.TXT (50.1 KB)

I was recently downloading something and I noticed Norton popping up saying easylife was blocked, then another popup saying that it tried to change my browser settings. I am currently running a full system scan now and so far it says 25 items have been detected and dealt with (norton). I am not sure if this will fix it, so if anyone would kindly assist me in removing it? No more downloading stuff anymore. :angry:

Also, Norton thinks its a trojan. I'll make sure not to log on to anything important until it is removed.

Also looked it up, it seems harmless other than resetting your browser and putting advertisements everywhere. I still want to get rid of it though.

Went to add/remove programs and deleted all the stuff that was downloaded on. I think that it's still on the computer though.

No illegal software, etc. Just fyi.

I run MS Essentials as my AV and use MBAM all the time.Both of them tell me i have nothing but my Lenovo PC seems slower.On Sunday morning MS detected Exploit Java but quarantined it.I then deleted it and ran a full scan with MS Essentials and then to be sure MBAM and both came clean.Again i ran today and still nothing.But i decided to try COmbo-Fix just to be sure,here is my logfile Can someone check it and tell me if all is OK? Also i have disabled Java since the New Year as recommended by everyone so my Java is disabled on my browser(Firefox).

>>>>>>ComboFix 13-03-04.01 - al 03/04/2013 20:07:33.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.111 [GMT -5:00]
Running from: d:\documents and settings\al\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\All Users\Application Data\TEMP
d:\documents and settings\All Users\Application Data\TEMP\RAIDTest
.
.
((((((((((((((((((((((((( Files Created from 2013-02-05 to 2013-03-05 )))))))))))))))))))))))))))))))
.
.
2013-03-04 22:53 . 2013-03-04 22:53 -------- d-----w- d:\documents and settings\All Users\Application Data\Licenses
2013-03-04 22:48 . 2013-03-04 22:48 60872 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A573260-68CF-4653-9C65-52E4967AB4B0}\offreg.dll
2013-03-04 22:48 . 2013-03-04 22:48 29904 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A573260-68CF-4653-9C65-52E4967AB4B0}\MpKsl9bd2e292.sys
2013-03-03 18:41 . 2013-02-08 00:45 6954968 ------w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A573260-68CF-4653-9C65-52E4967AB4B0}\mpengine.dll
2013-03-03 14:22 . 2013-02-08 00:45 6954968 ------w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-24 04:00 . 2013-02-24 04:12 -------- d-----w- d:\program files\TunnelBear
2013-02-20 20:26 . 2013-02-20 20:26 -------- d-----w- d:\documents and settings\All Users\Uniblue
2013-02-20 19:36 . 2013-02-20 19:49 -------- d-----w- d:\documents and settings\al\Application Data\Auslogics
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- d:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 01:51 . 2012-12-10 04:52 71024 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-27 01:51 . 2012-12-10 04:52 691568 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2013-01-30 10:53 . 2011-09-25 03:02 232336 ------w- d:\windows\system32\MpSigStub.exe
2013-01-26 03:55 . 2009-01-04 22:44 552448 ----a-w- d:\windows\system32\oleaut32.dll
2013-01-20 20:59 . 2012-03-21 00:44 195296 ----a-w- d:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:28 . 2009-05-24 00:54 2193152 ----a-w- d:\windows\system32\ntoskrnl.exe
2013-01-07 00:45 . 2009-02-06 10:30 2069760 ----a-w- d:\windows\system32\ntkrnlpa.exe
2013-01-04 01:32 . 2009-05-24 00:54 1876224 ----a-w- d:\windows\system32\win32k.sys
2013-01-02 06:48 . 2009-05-24 00:54 1292288 ----a-w- d:\windows\system32\quartz.dll
2013-01-02 06:48 . 2009-01-04 22:44 148992 ----a-w- d:\windows\system32\mpg2splt.ax
2012-12-28 17:55 . 2012-10-06 20:31 74703 ----a-w- d:\windows\system32\mfc45.dat
2012-12-26 20:16 . 2009-05-24 00:54 916480 ----a-w- d:\windows\system32\wininet.dll
2012-12-26 20:16 . 2009-05-24 00:53 43520 ----a-w- d:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2009-05-24 00:53 1469440 ----a-w- d:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2009-05-24 00:53 385024 ----a-w- d:\windows\system32\html.iec
2012-12-19 01:28 . 2012-12-19 01:29 93640 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
2012-12-19 01:28 . 2012-12-19 01:30 143872 ----a-w- d:\windows\system32\javacpl.cpl
2012-12-19 01:28 . 2012-08-06 04:46 859072 ----a-w- d:\windows\system32\npDeployJava1.dll
2012-12-19 01:28 . 2012-08-06 04:46 779704 ----a-w- d:\windows\system32\deployJava1.dll
2012-12-16 12:31 . 2009-05-24 00:53 290560 ----a-w- d:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2012-09-19 19:25 21104 ----a-w- d:\windows\system32\drivers\mbam.sys
2012-12-11 15:58 . 2012-12-11 15:58 8281168 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-02-20 04:08 . 2013-02-20 04:05 263064 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="d:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"jmekey"="d:\windows\jmesoft\hotkey.exe" [2010-12-21 114688]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck\0?\0???
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=d:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^al^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=d:\documents and settings\al\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=d:\windows\pss\Logitech . Product Registration.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 18:36 2793304 ----a-w- d:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-01-27 16:11 947152 ----a-w- d:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ------w- d:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"MsMpSvc"=2 (0x2)
"ioloSystemService"=2 (0x2)
"idsvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Documents and Settings\\al\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"d:\\Documents and Settings\\al\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"d:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R0 MxEFUF;Matrox Extio Upper Function Filter;d:\windows\system32\drivers\MxEFUF32.sys [9/25/2011 12:54 PM 102728]
R0 RapportKELL;RapportKELL;d:\windows\system32\drivers\RapportKELL.sys [7/29/2012 7:52 PM 65848]
R1 MpKsl9bd2e292;MpKsl9bd2e292;d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A573260-68CF-4653-9C65-52E4967AB4B0}\MpKsl9bd2e292.sys [3/4/2013 5:48 PM 29904]
R1 RapportCerberus_43926;RapportCerberus_43926;d:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [10/30/2012 8:02 AM 272216]
R1 RapportEI;RapportEI;d:\program files\Trusteer\Rapport\bin\RapportEI.sys [7/29/2012 7:52 PM 71480]
R1 RapportPG;RapportPG;d:\program files\Trusteer\Rapport\bin\RapportPG.sys [7/29/2012 7:52 PM 166840]
R2 Akamai;Akamai NetSession Interface;d:\windows\System32\svchost.exe -k Akamai [1/4/2009 5:45 PM 14336]
R2 cpuz135;cpuz135;d:\windows\system32\drivers\cpuz135_x32.sys [9/25/2011 12:37 PM 21992]
R2 MBAMScheduler;MBAMScheduler;d:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/19/2012 2:25 PM 398184]
R2 RapportMgmtService;Rapport Management Service;d:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [7/29/2012 7:52 PM 976728]
R2 Secunia Update Agent;Secunia Update Agent;d:\program files\Secunia\PSI\sua.exe [7/25/2012 3:46 AM 681056]
R3 BBUpdate;BBUpdate;d:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [6/11/2012 4:22 PM 240208]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [9/19/2012 2:25 PM 21104]
S2 BBSvc;BingBar Service;d:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [6/11/2012 4:22 PM 193616]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/19/2012 2:25 PM 682344]
S2 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe [11/9/2012 11:20 AM 160944]
S3 esgiguard;esgiguard;\??\d:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> d:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;d:\windows\system32\drivers\libusb0.sys [10/7/2011 12:52 PM 21504]
S3 PSI;PSI;d:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S3 RapportIaso;RapportIaso;d:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [5/28/2012 3:34 PM 21520]
S3 WDC_SAM;WD SCSI Pass Thru driver;d:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]
S4 Secunia PSI Agent;Secunia PSI Agent;d:\program files\Secunia\PSI\psia.exe [7/25/2012 3:46 AM 1326176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL9BD2E292
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-23 14:39 1629648 ----a-w- d:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-05 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-10 01:51]
.
2013-03-05 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-11-06 18:21]
.
2013-03-05 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-11-06 18:21]
.
2013-03-04 d:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- d:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
TCP: DhcpNameServer = 192.168.2.1
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/ot/en/SmartDownloading/cab/npdueng.cab
FF - ProfilePath - d:\documents and settings\al\Application Data\Mozilla\Firefox\Profiles\2d9nun89.default-1344442705218\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-03-04 20:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="d:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-03-04 20:21:15
ComboFix-quarantined-files.txt 2013-03-05 01:21
.
Pre-Run: 123,410,624,512 bytes free
Post-Run: 123,433,422,848 bytes free
.
- - End Of File - - 2C2CA4255F00D24215CBDE6F2878281A

Hello,

Today I was looking up some information on terminal blocks to help my 12 year old with his electronics project.
I put 'using a terminal block for children' into google search.
One of the entries was labelled 'Terminal Block Electrical' the address underneath was
'smokers news.com/refer/terminal-block-electrical'- I am not sure if this will act as a link once I post so I have put a space between the smokers and the news which was one word. (I didn't notice the address at the time just looked at the title)
When I clicked on 'Terminal Block Electrical' I was greeted with an obscene photo and found I had been taken to a porn site. The site name in my history is Sex datings in Adelaide (this is where I live).

Here is the dds and I have attached the attach and the ark.text. I have access to a windows install disc.
I am sorry to say that I had a similar problem mid 2009 which you helped me fix. I do hope you can help this time also. Since then a lot of things have changed and I may not have the appropriate security.

Thankyou

Cathy

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.13.2
Run by Catherine at 16:51:40 on 2013-03-05
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.2047.895 [GMT 10.5:30]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Advanced System Protector\advancedsystemprotector.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Catherine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Users\Catherine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Catherine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Catherine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Catherine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\prevhost.exe
C:\Users\Catherine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Catherine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Catherine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.myplaycity.com/
mStart Page = hxxp://home.myplaycity.com/
uURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\prxtbNCH_.dll
uURLSearchHooks: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - <orphaned>
mURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\prxtbNCH_.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\prxtbNCH_.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: NCH EN Toolbar: {37483B40-C254-4A72-BDA4-22EE90182C1E} - c:\program files\nch_en\prxtbNCH_.dll
TB: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\prxtbNCH_.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [Google Update] "c:\users\catherine\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "c:\users\catherine\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Advanced System Protector] <no file>
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.15\amvconverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\mp3 player utilities 4.15\mediamanager\grab.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 10.1.1.1
TCP: Interfaces\{2DF55E09-5A98-43BD-BBBC-3552C002648D} : DHCPNameServer = 10.1.1.1
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-15 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-23 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-23 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-23 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-11-30 44808]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-4 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-4 497320]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2012-3-2 21504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-3-14 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-28 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-25 1343400]
.
=============== Created Last 30 ================
.
2013-03-01 21:26:19 6954968 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{77d1a71a-2c22-4cae-b23e-26aecbd1155c}\mpengine.dll
2013-02-27 10:26:59 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-02-27 10:26:57 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-02-15 22:31:23 186432 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-02-14 22:14:27 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-13 23:12:33 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 23:12:13 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 23:12:11 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 23:12:07 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 23:12:06 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 23:12:01 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-12 02:57:05 -------- d-----w- c:\users\catherine\appdata\roaming\Blackboard
2013-02-10 09:48:15 -------- d-----w- c:\program files\directx
2013-02-10 09:48:06 -------- d-----w- c:\program files\GameSpy Arcade
2013-02-10 09:37:34 -------- d-----w- c:\program files\Activision
2013-02-07 09:07:00 -------- d-----w- c:\users\catherine\appdata\roaming\ooVoo Details
2013-02-07 09:06:36 -------- d-----w- c:\program files\ooVoo
.
==================== Find3M ====================
.
2013-02-27 08:27:51 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-27 08:27:50 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-14 22:14:08 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-14 22:14:08 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-16 14:58:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-13 21:17:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 20:30:34 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 20:22:22 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:54:01 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:48:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:02:06 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-04 06:11:21 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 01:19:38 454744 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
.
============= FINISH: 16:52:49.17 ===============

Attached Files

	ark.text.zip (1.3 KB)
	attach.zip (2.2 KB)

Daughter got this bugger: "XP smart defender Pro" on my computer today. I CAN NOT DO ANYTHING! I can't take the first steps, except to go on this laptop and change my passwords, which I have done.

The virus blocks my virus software, any program I want to run. I have "iyogi" and it is blocking it. I can not access combofix, or TDSSKILLER or wordpad, or internet explorer, nothing...it blocks it all.

What can I do? Please help me?

Dell Studio Fingerprint ID + UKASH
Hoping some wise soul has an answer I don't. I have a Dell Studio with fingerprint ID which is what I always used to log on. There is also a password option.

The laptop is a family laptop, children have changed password but forgotten. No problem as my fingerprint still works.....right up until the UKASH malware locks it up. I'm aware that there are ways of remedying this problem in Safe Mode....however the fingerprint ID feature does not appear to be available to log onto the computer in safe mode.

Does anyone have any idea if indeed I can somehow log in with fingerprint ID in safe mode so that I can address the malware issue? I'm so frustrated and perhaps may have to pay someone to help with the issue, but I thought I would try here first. Any ideas are sincerely appreciated.

Thanks, Kerpry

So this rootkit will not allow me to download the dds. What do I do?

As advised by spunk.funk in this thread (http://www.techsupportforum.com/foru...ml#post4038392), i am posting scan results here. I am also noticing cases where random words on all websites become underlined hyperlinks which lead to some dodgy "win a free prize" site.

I don't think i have access to a boot disc at this time (it's a lenovo laptop, and i partitioned the default drives, which means the recovery CD no longer works, nor do i have it with me at the moment).

I ran the scans after uninstalling daemon tools and restarting into safemode, but it still picked up left over registry entries for daemon tools and alcohol anyway.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2
Run by Question at 16:35:34 on 2013-03-07
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.4077.2983 [GMT 11:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\explorer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
uProxyServer = 96.47.230.49:3128
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - <orphaned>
BHO: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - <orphaned>
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.caminova.net/en/downloads/getmodule.aspx?lang=en
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/us/en/SmartDownloading/cab/npdueng.cab
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E36019BF-902E-4039-BF04-4C8CDA6427AF} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F9562876-E7D2-41FD-A40F-5CC7F0C8A72F} : NameServer = 208.67.222.222,208.67.222.220
TCP: Interfaces\{F9562876-E7D2-41FD-A40F-5CC7F0C8A72F}\245454 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F9562876-E7D2-41FD-A40F-5CC7F0C8A72F}\245454 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{F9562876-E7D2-41FD-A40F-5CC7F0C8A72F}\24545423 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F9562876-E7D2-41FD-A40F-5CC7F0C8A72F}\24545423 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{F9562876-E7D2-41FD-A40F-5CC7F0C8A72F}\349414023757276756C6C69616E6365602E656470223 : NameServer = 208.67.222.222,208.67.222.220
TCP: Interfaces\{F9562876-E7D2-41FD-A40F-5CC7F0C8A72F}\349414023757276756C6C69616E6365602E656470223 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F9562876-E7D2-41FD-A40F-5CC7F0C8A72F}\57E69677964656 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F9562876-E7D2-41FD-A40F-5CC7F0C8A72F}\57E69677964656 : DHCPNameServer = 149.171.96.2 149.171.192.2
TCP: Interfaces\{F9562876-E7D2-41FD-A40F-5CC7F0C8A72F}\57E69677964656F57657563747 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F9562876-E7D2-41FD-A40F-5CC7F0C8A72F}\57E69677964656F57657563747 : DHCPNameServer = 149.171.96.2 149.171.192.2
TCP: Interfaces\{F9562876-E7D2-41FD-A40F-5CC7F0C8A72F}\57E69677964656F577562616574786 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F9562876-E7D2-41FD-A40F-5CC7F0C8A72F}\57E69677964656F577562616574786 : DHCPNameServer = 149.171.96.2 149.171.192.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - <orphaned>
x64-BHO: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - <orphaned>
x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 Spyware Info | Spyware Info | spyware software | spyware program | protection spyware
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Question\AppData\Roaming\Mozilla\Firefox\Profiles\a.test\
FF - prefs.js: network.proxy.ftp - 221.130.23.156
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 221.130.23.156
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 221.130.23.156
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 221.130.23.156
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugins\npwangwang.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Trademanager\npwangwang.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Question\AppData\Local\Alibaba\AliSetup\0.1.0.51\npAliSetupOneClick.dll
FF - plugin: C:\windows\SysWow64\lenovo\update\npdueng.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;C:\windows\System32\drivers\eubakup.sys [2012-3-11 57480]
R0 EUBKMON;EUBKMON;C:\windows\System32\drivers\EUBKMON.sys [2012-3-11 51336]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2010-12-1 39008]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-11-20 52760]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2012-5-5 283200]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-12-1 28176]
R3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;C:\windows\System32\drivers\jmccgp.sys [2010-12-1 17904]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2010-6-8 406056]
R3 PrivacyProtectorMP;PrivacyProtectorMP;C:\windows\System32\drivers\PPFlt.sys [2012-10-12 27160]
S0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
S1 EUDSKACS;EUDSKACS;C:\windows\System32\drivers\eudskacs.sys [2012-3-11 19592]
S1 EUFDDISK;EUFDDISK;C:\windows\System32\drivers\EuFdDisk.sys [2012-3-11 189576]
S2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-12-20 240640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 Guard Agent;Guard Agent;C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-3-11 23176]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-5 398184]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-5 682344]
S2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
S2 pcapsvc;ProxyCap Service;C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe [2012-4-8 2195456]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-11 1153368]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-24 370688]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
S3 btusbflt;Bluetooth USB Filter;C:\windows\System32\drivers\btusbflt.sys [2010-9-3 54824]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2010-12-1 35104]
S3 HTCAND64;HTC Device Driver;C:\windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\windows\System32\drivers\ewusbdev.sys [2011-11-28 114304]
S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2010-9-3 160880]
S3 JmUsbVideo;JMicron 31x Upper Filter Driver;C:\windows\System32\drivers\jmcam.sys [2010-12-1 57072]
S3 JmUsbVideo2;JMicron 31x Lower Filter Driver;C:\windows\System32\drivers\jmcam_lo.sys [2010-12-1 31344]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2011-8-7 24176]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 pwdrvio;pwdrvio;C:\windows\System32\pwdrvio.sys [2011-2-24 19936]
S3 pwdspio;pwdspio;C:\windows\System32\pwdspio.sys [2011-2-24 13280]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-12-13 19456]
S3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
S3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
S3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
S3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-12-13 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-2-27 1255736]
S3 wdmirror;wdmirror;C:\windows\System32\drivers\WDMirror.sys [2007-10-23 5120]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Real Temp\WinRing0x64.sys [2012-6-16 14544]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-22 121840]
S4 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2012-10-11 2438696]
S4 EaseUS Agent;EaseUS Agent;C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-3-11 61064]
.
=============== Created Last 30 ================
.
2013-03-06 21:01:46 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A5C1E953-37CB-4E80-9A5C-341642D49323}\mpengine.dll
2013-03-05 07:02:54 9162192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-05 06:03:35 -------- d-----w- C:\UNSW
2013-03-05 06:02:58 -------- d-----w- C:\Auckland
2013-03-04 10:12:00 -------- d-----w- C:\Program Files (x86)\Haali
2013-03-04 10:11:48 -------- d-----w- C:\Program Files (x86)\CoreCodec
2013-03-02 04:40:55 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-27 02:34:55 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11
2013-02-26 08:29:51 -------- d-----w- C:\Users\Question\AppData\Local\{23720C3A-2DEB-43D0-94CB-E918FE585774}
2013-02-26 06:55:24 71680 ----a-w- C:\windows\System32\frapsv64.dll
2013-02-26 06:55:22 65536 ----a-w- C:\windows\SysWow64\frapsvid.dll
2013-02-22 06:29:06 0 ----a-w- C:\windows\SysWow64\sho1F9D.tmp
2013-02-22 02:45:31 -------- d-----w- C:\Users\Question\AppData\Local\{CE41792F-3038-4116-8C36-4D3096BA2928}
2013-02-21 14:49:12 -------- d-----w- C:\Users\Question\AppData\Local\{7606479C-FAE1-4F63-97AA-654071265F27}
2013-02-21 02:48:49 -------- d-----w- C:\Users\Question\AppData\Local\{8AA1ED70-CD67-4A23-B81D-881DCCAA8088}
2013-02-20 14:48:25 -------- d-----w- C:\Users\Question\AppData\Local\{0F53FD82-CA1C-497F-8C61-6C4255DA4612}
2013-02-20 02:48:02 -------- d-----w- C:\Users\Question\AppData\Local\{4A8A5AC9-C1F2-4EDA-87B6-F2450C9F4B51}
2013-02-19 14:47:38 -------- d-----w- C:\Users\Question\AppData\Local\{3483B628-BDC8-49D3-9868-6982DD151774}
2013-02-19 08:27:12 -------- d-----w- C:\Users\Question\AppData\Local\Razer
2013-02-19 02:47:14 -------- d-----w- C:\Users\Question\AppData\Local\{68A50B1B-B420-46AF-8AC0-392B7A54CB31}
2013-02-18 14:46:51 -------- d-----w- C:\Users\Question\AppData\Local\{DAC750E0-3004-4AD3-A036-232D38CDFFEF}
2013-02-18 02:46:27 -------- d-----w- C:\Users\Question\AppData\Local\{F38A3F56-D587-40C4-AC6A-4BB86E7CA504}
2013-02-17 14:46:04 -------- d-----w- C:\Users\Question\AppData\Local\{12186A29-CCE7-4C87-AFE1-067EDBF07415}
2013-02-17 02:45:40 -------- d-----w- C:\Users\Question\AppData\Local\{31B8DF2B-FECC-486A-AE93-D8639E8C364B}
2013-02-16 14:45:02 -------- d-----w- C:\Users\Question\AppData\Local\{802075A2-2556-4A37-BA67-1AD0DF7A0FCB}
2013-02-16 02:44:39 -------- d-----w- C:\Users\Question\AppData\Local\{56857050-4CD0-427A-9DF8-00E9142A74F9}
2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-15 14:44:15 -------- d-----w- C:\Users\Question\AppData\Local\{25178065-7390-4C01-9A4D-C180619B1EE5}
2013-02-15 04:55:48 -------- d-----w- C:\Users\Question\AppData\Roaming\Sierra
2013-02-15 02:43:50 -------- d-----w- C:\Users\Question\AppData\Local\{4AFA41B9-B5E9-481C-B7C9-240365DF6E7A}
2013-02-14 14:43:26 -------- d-----w- C:\Users\Question\AppData\Local\{F86260A2-71D3-4EBC-A2B6-9B2B4D8F52C8}
2013-02-14 02:43:02 -------- d-----w- C:\Users\Question\AppData\Local\{5E5DD588-D0A0-4867-A7C6-79A816D927AF}
2013-02-13 14:42:38 -------- d-----w- C:\Users\Question\AppData\Local\{7070178F-9FC5-4588-93D1-E146D39FE173}
2013-02-13 03:35:42 0 ----a-w- C:\windows\SysWow64\sho9B7E.tmp
2013-02-13 03:06:46 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 03:06:46 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 03:01:36 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-02-13 03:01:36 215040 ----a-w- C:\windows\System32\winsrv.dll
2013-02-13 03:01:35 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-02-13 03:01:35 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-02-13 03:01:35 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-02-13 03:01:34 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-02-13 03:01:29 5553512 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-02-13 03:01:28 3967848 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 03:01:28 3913064 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-02-13 03:01:27 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 03:01:27 1913192 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-02-13 03:01:20 3153408 ----a-w- C:\windows\System32\win32k.sys
2013-02-13 02:42:07 -------- d-----w- C:\Users\Question\AppData\Local\{9244BEFD-B068-40D0-8B32-C2F9FC0BF534}
2013-02-12 13:40:26 -------- d-----w- C:\Users\Question\AppData\Local\{EDECBD2F-8D64-4557-93FA-AA2B60DF05B6}
2013-02-12 01:40:01 -------- d-----w- C:\Users\Question\AppData\Local\{B496B29F-7A3E-40D3-AA24-8C7DA1DF84A1}
2013-02-11 13:39:32 -------- d-----w- C:\Users\Question\AppData\Local\{A3384845-F42F-4C60-932D-C57E78B5CFDE}
2013-02-11 01:39:12 -------- d-----w- C:\Users\Question\AppData\Local\{E526D066-A827-407B-A381-68831DC2BE7A}
2013-02-10 12:55:23 -------- d-----w- C:\Users\Question\AppData\Local\{A20D647C-FC4B-4AB8-8717-9BECDE4007D6}
2013-02-10 00:55:10 -------- d-----w- C:\Users\Question\AppData\Local\{C0FA3296-90B5-4439-BDD8-2325DFA77975}
2013-02-09 05:31:09 -------- d-----w- C:\Users\Question\AppData\Local\{8C357B72-6587-4626-A2B1-4A12EEE0D6A0}
2013-02-08 17:30:45 -------- d-----w- C:\Users\Question\AppData\Local\{0C4E2CAF-17C1-4474-B784-25FDB6EF7BB5}
2013-02-08 05:30:21 -------- d-----w- C:\Users\Question\AppData\Local\{9655817D-B96F-47F1-8A6E-E7C6EFC58F97}
2013-02-07 17:29:56 -------- d-----w- C:\Users\Question\AppData\Local\{7E05432A-1CCC-4E23-97E2-DB188057CACF}
2013-02-07 13:42:20 -------- d-----w- C:\Fraps
2013-02-07 05:29:15 -------- d-----w- C:\Users\Question\AppData\Local\{13532F58-4E9D-4C45-92BD-6270782780B6}
2013-02-06 17:28:52 -------- d-----w- C:\Users\Question\AppData\Local\{C7DB3804-04F5-4838-8D4B-B9F0333CCD00}
2013-02-06 05:28:26 -------- d-----w- C:\Users\Question\AppData\Local\{E3AA36BB-4EEE-4F94-9E0E-2B24A76B9B70}
2013-02-05 17:28:01 -------- d-----w- C:\Users\Question\AppData\Local\{B152207F-C6F0-4154-BD86-D7EA36BA2B4E}
.
==================== Find3M ====================
.
2013-03-02 04:40:46 861088 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2013-03-02 04:40:46 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-02-28 09:44:00 71024 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-28 09:44:00 691568 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-01-30 10:53:22 273840 ------w- C:\windows\System32\MpSigStub.exe
2013-01-20 04:59:04 230320 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2013-01-20 04:59:04 130008 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2013-01-09 01:19:09 2312704 ----a-w- C:\windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2012-12-23 08:40:49 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2012-12-19 20:50:14 5630200 ----a-w- C:\windows\SysWow64\atiumdag.dll
2012-12-19 20:48:48 11278336 ----a-w- C:\windows\System32\drivers\atikmdag.sys
2012-12-19 20:29:36 23461376 ----a-w- C:\windows\System32\atio6axx.dll
2012-12-19 20:22:50 70144 ----a-w- C:\windows\System32\coinst_9.012.dll
2012-12-19 20:19:46 163840 ----a-w- C:\windows\System32\atiapfxx.exe
2012-12-19 20:18:04 51200 ----a-w- C:\windows\System32\aticalrt64.dll
2012-12-19 20:18:02 46080 ----a-w- C:\windows\SysWow64\aticalrt.dll
2012-12-19 20:17:54 44544 ----a-w- C:\windows\System32\aticalcl64.dll
2012-12-19 20:17:52 44032 ----a-w- C:\windows\SysWow64\aticalcl.dll
2012-12-19 20:17:40 16082944 ----a-w- C:\windows\System32\aticaldd64.dll
2012-12-19 20:13:24 13703168 ----a-w- C:\windows\SysWow64\aticaldd.dll
2012-12-19 20:12:44 18982400 ----a-w- C:\windows\SysWow64\atioglxx.dll
2012-12-19 20:09:52 960512 ----a-w- C:\windows\SysWow64\aticfx32.dll
2012-12-19 20:08:04 1151488 ----a-w- C:\windows\System32\aticfx64.dll
2012-12-19 20:06:00 6681088 ----a-w- C:\windows\SysWow64\atidxx32.dll
2012-12-19 19:59:44 5087744 ----a-w- C:\windows\System32\atiumd6a.dll
2012-12-19 19:57:00 442368 ----a-w- C:\windows\System32\atidemgy.dll
2012-12-19 19:56:46 550912 ----a-w- C:\windows\System32\atieclxx.exe
2012-12-19 19:56:00 240640 ----a-w- C:\windows\System32\atiesrxx.exe
2012-12-19 19:54:38 120320 ----a-w- C:\windows\System32\atitmm64.dll
2012-12-19 19:54:22 21504 ----a-w- C:\windows\System32\atimuixx.dll
2012-12-19 19:54:18 59392 ----a-w- C:\windows\System32\atiedu64.dll
2012-12-19 19:54:12 43520 ----a-w- C:\windows\SysWow64\ati2edxx.dll
2012-12-19 19:49:00 7370752 ----a-w- C:\windows\System32\atidxx64.dll
2012-12-19 19:44:28 4162048 ----a-w- C:\windows\SysWow64\atiumdva.dll
2012-12-19 19:44:12 6786560 ----a-w- C:\windows\System32\atiumd64.dll
2012-12-19 19:33:50 56320 ----a-w- C:\windows\System32\atimpc64.dll
2012-12-19 19:33:50 56320 ----a-w- C:\windows\System32\amdpcom64.dll
2012-12-19 19:33:42 619008 ----a-w- C:\windows\System32\atiadlxx.dll
2012-12-19 19:33:40 56832 ----a-w- C:\windows\SysWow64\atimpc32.dll
2012-12-19 19:33:40 56832 ----a-w- C:\windows\SysWow64\amdpcom32.dll
2012-12-19 19:33:32 421888 ----a-w- C:\windows\SysWow64\atiadlxy.dll
2012-12-19 19:33:18 17920 ----a-w- C:\windows\System32\atig6pxx.dll
2012-12-19 19:33:14 14848 ----a-w- C:\windows\SysWow64\atiglpxx.dll
2012-12-19 19:33:14 14848 ----a-w- C:\windows\System32\atiglpxx.dll
2012-12-19 19:33:10 41984 ----a-w- C:\windows\System32\atig6txx.dll
2012-12-19 19:33:04 33280 ----a-w- C:\windows\SysWow64\atigktxx.dll
2012-12-19 19:32:54 552960 ----a-w- C:\windows\System32\drivers\atikmpag.sys
2012-12-19 19:31:14 130048 ----a-w- C:\windows\System32\atiuxp64.dll
2012-12-19 19:31:08 109568 ----a-w- C:\windows\SysWow64\atiuxpag.dll
2012-12-19 19:31:00 104448 ----a-w- C:\windows\System32\atiu9p64.dll
2012-12-19 19:30:52 83968 ----a-w- C:\windows\SysWow64\atiu9pag.dll
2012-12-19 19:30:16 53248 ----a-w- C:\windows\System32\drivers\ati2erec.dll
2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-14 05:49:28 24176 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs
.
============= FINISH: 16:37:16.97 ===============

Attached Files

attach.zip (6.2 KB)

Hello,
I have this problem for 2 days or so...
Every time I open Firefox, instead of google.com it opens "http://u-search.net/?a=1&e=1". Even if I set it back to google.com, it automatically sets back to "http://u-search.net/?a=1&e=1", also every new tab I open is u-search.
when I googled how to deal with this problem, I've found articles, that this "u-search" thing not just changes my homepage, it also gathers my information.
example: View topic - How to Remove u-search.net? (Browser Hijacker Virus Removal Guide)- AnviSoft or Remove u-search.net (Uninstall Guide)
now that I think of it, I did downloaded "free youtube downloader" and "grooveshark" downloader" :( (I have no idea are thous programs are legal, since they popped up in first google search page by typing "youtube downloader")

P.S.
pc restarted itself with blue screen 2 times when I ran gmer.exe, it never happened before, ever.


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.13.2
Run by MM at 14:10:19 on 2013-03-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3583.2511 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Razer\Synapse\RzSynapse.exe
C:\Program Files\Razer\Naga\RazerNagaSysTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://u-search.net/?a=1&e=1
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Razer Synapse] "c:\program files\razer\synapse\RzSynapse.exe"
mRun: [Razer Naga Driver] c:\program files\razer\naga\RazerNagaSysTray.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 212.59.2.2 212.59.1.1
TCP: Interfaces\{05F8114A-71E6-424C-8970-363A8B0818CF} : DHCPNameServer = 212.59.2.2 212.59.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mm\appdata\roaming\mozilla\firefox\profiles\en5at2od.default\
FF - prefs.js: browser.search.defaulturl - hxxp://u-search.net/?a=1&e=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://u-search.net/?a=1&e=1
FF - prefs.js: keyword.URL - hxxp://u-search.net/?a=1&e=2&q=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-01-21 13:41; {7473b6bd-4691-4744-a82b-7854eb3d70b6}; c:\users\mm\appdata\roaming\mozilla\firefox\profiles\en5at2od.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.defaultengine - u-Search
FF - user.js: browser.search.defaultenginename - u-Search
FF - user.js: browser.search.order.1 - u-Search
FF - user.js: browser.newtab.url - hxxp://u-search.net/?a=1&e=1
FF - user.js: browser.startup.homepage - hxxp://u-search.net/?a=1&e=1
FF - user.js: browser.search.defaulturl - hxxp://u-search.net/?a=1&e=2&q=
FF - user.js: keyword.URL - hxxp://u-search.net/?a=1&e=2&q=
.
============= SERVICES / DRIVERS ===============
.
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-10-23 170656]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2012-11-26 1329304]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2012-10-23 104712]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-3-6 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-3-6 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-3-6 168384]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-12-29 383416]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 rzudd;Razer Keyboard Driver;c:\windows\system32\drivers\rzudd.sys [2012-11-7 94592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2009-9-19 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2009-9-19 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2009-9-19 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [2009-9-19 100224]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-1-22 1343400]
.
=============== Created Last 30 ================
.
2013-03-07 12:01:40 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b4990fab-9311-40ff-9657-27458ce4bde3}\offreg.dll
2013-03-07 11:53:44 737072 ----a-w- c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2013-03-07 11:43:24 2876528 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
2013-03-07 11:43:12 42776 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2013-03-07 11:43:03 539984 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2013-03-07 11:40:19 -------- d-----w- c:\programdata\Nero
2013-03-06 09:58:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-03-06 09:58:07 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-03-06 09:58:04 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-03-06 09:57:29 -------- d-----w- c:\users\mm\appdata\local\Programs
2013-03-06 09:33:07 -------- d-----w- c:\program files\Enigma Software Group
2013-03-06 09:32:48 -------- d-----w- c:\windows\D8167CA8236B4334B77DF388F494EE18.TMP
2013-03-06 09:32:48 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2013-03-05 18:39:03 6954968 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b4990fab-9311-40ff-9657-27458ce4bde3}\mpengine.dll
2013-03-04 21:52:19 -------- d-----w- c:\users\mm\appdata\roaming\Groovedown_Uninstall
2013-03-04 21:52:19 -------- d-----w- c:\users\mm\appdata\roaming\Groovedown
2013-03-04 21:40:58 -------- d-----w- c:\program files\Nero
2013-03-04 21:27:24 -------- d-----w- c:\programdata\YTD Video Downloader
2013-03-04 21:27:22 -------- d-----w- c:\program files\GreenTree Applications
2013-02-25 08:54:35 -------- d-----w- c:\users\mm\appdata\roaming\iMobie
2013-02-25 08:54:29 -------- d-----w- c:\program files\iMobie
2013-02-19 13:13:09 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-19 13:13:09 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-19 13:12:59 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-18 20:32:38 -------- d-----w- c:\users\mm\appdata\local\ElevatedDiagnostics
2013-02-18 12:02:58 962612 ----a-w- c:\windows\system32\mfc42d.dll
2013-02-18 12:02:58 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL
2013-02-18 12:02:49 24576 ----a-w- c:\windows\system32\AsIO.dll
2013-02-18 12:02:49 12400 ----a-w- c:\windows\system32\drivers\AsIO.sys
2013-02-18 12:02:46 -------- d-----w- c:\program files\ASUS
2013-02-16 23:59:41 -------- d-----w- c:\windows\CheckSur
2013-02-13 06:26:35 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 06:26:29 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 06:26:28 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 06:26:27 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 06:26:27 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 06:26:26 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-05 16:16:34 -------- d-----w- c:\program files\CCleaner
.
==================== Find3M ====================
.
2013-02-18 12:00:25 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-18 12:00:25 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-16 23:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-13 21:17:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 20:30:34 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 20:22:22 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:54:01 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:48:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:37:57 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-04 06:11:21 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2012-12-29 10:26:54 8904632 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-29 10:26:54 889784 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-29 10:26:54 7931896 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-29 10:26:54 6263784 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-29 10:26:54 2720696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-29 10:26:54 2504248 ----a-w- c:\windows\system32\nvapi.dll
2012-12-29 10:26:54 20450232 ----a-w- c:\windows\system32\nvoglv32.dll
2012-12-29 10:26:54 1985976 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-29 10:26:54 17560504 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-29 10:26:54 15129064 ----a-w- c:\windows\system32\nvd3dum.dll
2012-12-29 10:26:54 12641120 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-12-29 10:26:54 1017272 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-29 08:26:22 4129720 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:26:22 3001272 ----a-w- c:\windows\system32\nvsvc.dll
2012-12-29 08:25:57 639928 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:25:57 62904 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:25:57 108984 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-29 00:54:24 550328 ----a-w- c:\windows\system32\nvStreaming.exe
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
.
============= FINISH: 14:10:28.91 ===============

Hope you can help me guys,
Thanks.

Attached Files

attach.zip (2.9 KB)

Hi, i was referred to this sub-forum from the 'Microsoft/windows 7 support' forum.
Here's a copy an paste of my op;

"'I recently installed Bitdeffender and after scanning my computer it found a few malware/viruses. But as it was cleaning/deleting the infected files I got a BSOD. Now ever since my keyboard will not respond at all, even in safe mode.But my mouse works fine!? I've tried multiple different keyboards as well so that's not the prob here. :/ Oh and I tried the Driver Verifier and it found no driver problems i think.. which seems odd to me.."'

Since then I have tried the "SFC /SCANNOW" Command thinking it could have had something to do with my sys files but no errors where found.

And yes I have access to my windows installer disk.
Anyone willing to help would be a lifesaver, this virtual 'click' keyboard is driving me insane!

Attached Files

	Attach.zip (8.9 KB)
	dds.txt (44.1 KB)

Hello,

Please help clean up this computer. It is covered in malware and other nefarious scripts. Here are the scans as requested, below and attached.

Thanks in advance!

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by AACL at 23:20:02 on 2013-03-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2991.1749 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\WINDOWS\system32\CmgShieldSvc.exe
C:\WINDOWS\system32\EMSService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\Program Files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\ArcSecurity.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\uArcCapture.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\System32\accelerometerST.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\EmsServiceHelper.exe
C:\WINDOWS\System32\CMGShieldUI.exe
C:\Program Files\AClient\Bin\XCDiffCache.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Documents and Settings\AACL\Application Data\Spotify\Spotify.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Documents and Settings\AACL\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://isearch.avg.com/?cid={488DAF98-FCCE-4740-8A49-270FF09F3184}&mid=12cc068c200847d090c289dd2d2d2427-08b984e01789a5555e6d05575a24320baf425271&lang=en&ds=gl011&pr=sa&d=2012-08-24 08:41:58&v=12.2.0.5&sap=hp
uSearch Bar = hxxp://www.bing.com/sphome.aspx?mkt={SUB_RFC1766}
uSearch Page = hxxp://www.bing.com
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=56F1A88001CC0E67270D05F9&src_id=30028&camp_id=2588&tb_version=1.0.7000.4(B)
mSearchAssistant = hxxp://www.bing.com/sphome.aspx?mkt={SUB_RFC1766}
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - c:\program files\alotappbar\bin\bho\alotappbarBHO.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - c:\program files\alotappbar\bin\alotappbar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [BMUpdate] c:\windows\system32\BMUpdate.exe
uRun: [Apple] rundll32.exe "c:\documents and settings\aacl\local settings\application data\applicationhistory\apple\oibyopny.dll",gettextW
uRun: [Spotify] "c:\documents and settings\aacl\application data\spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "c:\documents and settings\aacl\application data\spotify\data\SpotifyWebHelper.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\accelerometerST.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [QLBController] c:\program files\hewlett-packard\hp hotkey support\QLBController.exe /start
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [HPPowerAssistant] c:\program files\hewlett-packard\hp power assistant\HPPA_Main.exe /hidden
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [DTRun] c:\program files\arcsoft\totalmedia suite\totalmedia theatre 3\uDTRun.exe
mRun: [Cpqset] "c:\program files\hewlett-packard\default settings\cpqset.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Aflac_Do_Not_Remove] c:\aflac2000\WSPInfo.exe
mRun: [WSPPurge] c:\program files\aflac\common\WSPPurge.exe
mRun: [VerifyAfariaDownload] c:\program files\aflac\sng\VerifyAfariadownload.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [EmsService] EmsServiceHelper.exe
mRun: [CMGShieldUI] c:\windows\system32\CMGShieldUI.exe
mRun: [Afaria Client File Differencing] c:\program files\aclient\bin\XCDiffCache.exe
mRun: [Afaria Client Event Monitor] c:\program files\aclient\bin\XCMonitor.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [Apple] rundll32.exe "c:\documents and settings\aacl\local settings\application data\applicationhistory\apple\oibyopny.dll",gettextW
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: _NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284468098640
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1284472602968
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7438AC46-61C8-471A-A63D-86744970184E} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.152\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 CmgShieldCEF;CmgShieldCEF;c:\windows\system32\drivers\CMGShCEF.sys [2008-4-29 195128]
R0 CMGShieldReg;CMGShieldReg;c:\windows\system32\drivers\CmgShREG.sys [2008-4-29 89656]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-24 33112]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-14 214024]
R2 Arcsoft Security Service;Arcsoft Security Service;c:\program files\arcsoft\totalmedia suite\totalmedia theatre 3\ArcSecurity.exe [2009-11-22 80384]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-8-11 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-8-11 108392]
R2 CMGShield;CMGShield;c:\windows\system32\CmgShieldSvc.exe [2008-4-29 1103152]
R2 EMS;EMS;c:\windows\system32\EmsService.exe [2008-4-29 644400]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2009-12-16 102968]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2009-12-16 102968]
R2 HPDayStarterService;HP DayStarter Service;c:\program files\hewlett-packard\hp quicklook\HPDayStarterService.exe [2010-1-7 81920]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2009-12-10 251448]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2009-12-11 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\hewlett-packard\hp hotkey support\hpHotkeyMonitor.exe [2010-1-4 264248]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-8-11 1822296]
R2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2010-9-10 506472]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-9-10 113664]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\drivers\ArcSoftVCapture.sys [2010-9-10 27648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-10-22 106656]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-9-10 125696]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-9-10 205824]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20130307.019\NAVENG.SYS [2013-3-7 93296]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20130307.019\NAVEX15.SYS [2013-3-7 1603824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 CmgShieldNP;CmgShieldNP;c:\windows\system32\CmgShieldNP.dll [2008-4-29 156976]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-8-11 23888]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-1-14 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-1-14 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-1-14 34248]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-9-25 18432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-1-14 181792]
S3 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-9-10 2320920]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-1-14 635416]
S4 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 1639728]
.
=============== File Associations ===============
.
ShellExec: DigitalTheatre.exe: open="c:\program files\arcsoft\totalmedia suite\totalmedia theatre 3\uDTStart.exe" "%1"
.
=============== Created Last 30 ================
.
2013-02-22 03:32:08 -------- d-----w- c:\program files\InterActual
2013-02-15 22:04:52 208448 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-02-14 05:16:03 98304 --sha-r- c:\windows\system32\igfxrtrkd.dll
.
==================== Find3M ====================
.
2013-02-27 07:44:55 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-27 07:44:55 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-18 23:00:21 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
.
============= FINISH: 23:20:29.93 ===============

Attached Files

attach.zip (16.0 KB)

Hi Forum,

Need a little bit of a sanity check pls. :grin:

I'm running a virtual windows 2003 server & I've noticed that on startup I get a message to say "at least one service or driver failed during startup ...."
I'm also seeing sometimes a microsoft window that pop's after I login saying that Covenantee's dicaryotic brachycome has had problems - do you want to submit a error report to MS,

I'm also seeing messages that DEP (i think thats what its called) has stopped Covenantee's dicaryotic brachycome unfallingness's from running.


Gut feeling reckons this is some type of virus / Malware that I've pickup (not sure how as I'm sat behind a firewall, with Antivirus running on the machine & is fully patched) but poking around the system I can't see anything abnormal, nothing untoward in the running tasks etc
Google brings up nothing at all out this either :confused:

Any ideas ??? anyone seen this before ?

If I can get a screen shot .. I'll post it

NOTE: The rootkit kept rebooting the computer when I ran GMER so I don't have the ARK.txt file.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.16982
Run by Brent at 21:18:54 on 2012-09-15
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2038.1048 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\WUDFHost.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Netscape Accelerator\slipcore.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: PBlockHelper Class: {4115122b-85ff-4dd3-9515-f075bede5eb5} - c:\program files\netscape accelerator\PBHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: NOW!Imaging: {9aa2f14f-e956-44b8-8694-a5b615cdf341} - c:\program files\netscape accelerator\components\NOWImaging.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [<NO NAME>]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [SlipStream] "c:\program files\netscape accelerator\slipcore.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
LSP: c:\progra~1\netsca~2\sliplsp.dll
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{E33BEE49-EC61-4901-B1B7-E8EE2FE35D53} : DhcpNameServer = 192.168.1.254 75.153.176.9
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brent\appdata\roaming\mozilla\firefox\profiles\ebfw7x1n.default\
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20120706.001\IDSvix86.sys [2012-7-8 287792]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-11 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-9-3 1251720]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-1-9 38200]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-7-3 106656]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-8 113120]
S3 PKS;PKS;c:\users\brent\appdata\local\temp\PKS.exe [2012-6-28 555904]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 528896]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-07-09 01:28:01 268800 ----a-w- c:\windows\system32\es.dll
2012-07-05 02:11:43 15360 ----a-w- c:\windows\system32\netevent.dll
2012-07-05 02:11:42 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-07-05 02:11:42 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-07-05 02:11:42 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-07-05 02:11:41 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-07-05 02:11:41 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-07-05 02:11:41 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-07-05 02:11:41 103936 ----a-w- c:\windows\system32\netiohlp.dll
2012-07-05 02:11:41 10240 ----a-w- c:\windows\system32\finger.exe
2012-07-05 02:09:59 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2012-07-05 02:09:57 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2012-07-05 02:09:40 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2012-07-05 02:09:33 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-07-05 02:09:14 542720 ----a-w- c:\windows\system32\sysmain.dll
2012-07-05 02:07:46 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2012-07-05 02:07:45 194560 ----a-w- c:\windows\system32\WebClnt.dll
2012-07-05 02:06:43 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2012-07-05 02:06:38 47104 ----a-w- c:\windows\system32\wlanapi.dll
2012-07-05 02:06:37 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2012-07-05 02:06:36 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2012-07-05 02:06:34 502272 ----a-w- c:\windows\system32\wlansvc.dll
2012-07-05 02:06:34 297984 ----a-w- c:\windows\system32\wlansec.dll
2012-07-05 02:05:19 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-05 02:05:19 1260032 ----a-w- c:\windows\system32\msxml3.dll
2012-07-05 02:05:16 1406464 ----a-w- c:\windows\system32\msxml6.dll
2012-07-05 02:05:15 2048 ----a-w- c:\windows\system32\msxml6r.dll
2012-07-05 02:04:08 216576 ----a-w- c:\windows\system32\msv1_0.dll
2012-07-05 02:02:37 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-07-05 02:02:36 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-07-05 02:02:36 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-07-05 02:00:47 2855424 ----a-w- c:\windows\system32\mf.dll
2012-07-05 02:00:46 98816 ----a-w- c:\windows\system32\mfps.dll
2012-07-05 02:00:46 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2012-07-05 02:00:45 2048 ----a-w- c:\windows\system32\mferror.dll
2012-07-05 02:00:44 24576 ----a-w- c:\windows\system32\mfpmp.exe
2012-07-05 01:59:15 3504008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-05 01:59:14 3470216 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-05 01:58:15 378368 ----a-w- c:\windows\system32\winhttp.dll
2012-07-05 01:55:52 434176 ----a-w- c:\windows\system32\vbscript.dll
2012-07-05 01:54:23 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-07-05 01:54:21 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2012-07-05 01:50:55 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2012-07-05 01:50:55 30208 ----a-w- c:\windows\system32\xolehlp.dll
2012-07-05 01:50:22 156160 ----a-w- c:\windows\system32\wkssvc.dll
2012-07-05 01:49:52 116736 ----a-w- c:\windows\system32\aaclient.dll
2012-07-05 01:49:51 36352 ----a-w- c:\windows\system32\tsgqec.dll
2012-07-05 01:49:51 1871872 ----a-w- c:\windows\system32\mstscax.dll
2012-07-05 01:49:16 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2012-07-05 01:48:19 713728 ----a-w- c:\windows\system32\timedate.cpl
2012-07-05 01:44:32 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui
2012-07-04 01:13:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-07-04 01:13:55 289792 ----a-w- c:\windows\system32\atmfd.dll
2012-07-04 01:13:55 156672 ----a-w- c:\windows\system32\t2embed.dll
2012-07-04 01:13:54 72704 ----a-w- c:\windows\system32\fontsub.dll
2012-07-04 01:13:54 24064 ----a-w- c:\windows\system32\lpk.dll
2012-07-04 01:13:54 10240 ----a-w- c:\windows\system32\dciman32.dll
2012-07-04 01:11:49 72704 ----a-w- c:\windows\system32\admparse.dll
2012-07-04 01:11:48 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2012-07-04 01:11:47 832512 ----a-w- c:\windows\system32\wininet.dll
2012-07-04 01:11:42 389120 ----a-w- c:\windows\system32\html.iec
2012-07-04 01:11:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-07-04 01:11:41 48128 ----a-w- c:\windows\system32\mshtmler.dll
2012-07-04 01:11:40 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-04 01:11:36 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-04 01:11:34 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2012-07-04 01:11:31 56320 ----a-w- c:\windows\system32\iesetup.dll
2012-07-04 01:07:50 61440 ----a-w- c:\windows\system32\winipsec.dll
2012-07-04 01:07:50 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2012-07-04 01:07:50 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2012-07-04 01:07:50 272896 ----a-w- c:\windows\system32\polstore.dll
2012-07-04 01:05:39 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-07-04 01:05:38 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2012-07-04 01:04:18 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2012-07-04 01:04:17 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2012-07-04 01:04:17 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2012-07-04 00:58:40 71680 ----a-w- c:\windows\system32\atl.dll
2012-07-04 00:57:35 297472 ----a-w- c:\windows\system32\gdi32.dll
2012-07-04 00:53:07 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2012-07-04 00:48:41 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2012-07-04 00:48:40 428032 ----a-w- c:\windows\system32\EncDec.dll
2012-07-04 00:48:39 80896 ----a-w- c:\windows\system32\MSNP.ax
2012-07-04 00:48:39 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-07-04 00:48:39 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-07-04 00:48:37 292352 ----a-w- c:\windows\system32\psisdecd.dll
2012-07-04 00:48:36 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-07-04 00:48:29 1244672 ----a-w- c:\windows\system32\mcmde.dll
2012-07-04 00:44:36 2048 ----a-w- c:\windows\system32\tzres.dll
2012-07-04 00:43:35 696832 ----a-w- c:\windows\system32\localspl.dll
2012-07-04 00:42:16 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2012-07-04 00:42:15 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2012-07-04 00:42:15 17464 ----a-w- c:\windows\system32\drivers\intelide.sys
2012-07-04 00:42:15 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2012-07-04 00:42:13 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-07-04 00:42:13 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2012-07-04 00:41:36 2923520 ----a-w- c:\windows\explorer.exe
2012-07-04 00:40:58 8704 ----a-w- c:\windows\system32\hcrstco.dll
2012-07-04 00:40:58 8704 ----a-w- c:\windows\system32\hccoin.dll
2012-07-04 00:40:58 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-07-04 00:40:58 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
.
============= FINISH: 21:19:26.74 ===============

Attached Files

Attach.zip (1.7 KB)

I'm using a pretty new HP Notebook with Window 7.

For the past week, I've been getting random ads, occasionally what sounds like porn clips, voices having a one sided conversation, music. etc All of which occur regardless if I'm browsing the internet or it's sitting without any programs open. I will get a high CPU usage alert when these sounds start.

I'm using Nortons which did not find anything. I've ran CCleaner, MalwareBytes, and I just finished running the Sophos rootkit remover which showed nothing.

Everything else on the laptop runs fine and I haven't noticed any interference when using Opera.

Any help with this matter would be appreciated.

Thanks for your time.
Payton

My logs

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464
Run by Page at 20:14:14 on 2013-03-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8087.3646 [GMT -8:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\Page\AppData\Local\Temp\ToolbarUpdater.exe
C:\Windows\system32\valWBFPolicyService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Windows\splwow64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\SysWOW64\WinMonitor.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredibar.com/mb128?a=6R8GNwC0cy&i=26
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRunOnce: [Application Restart #1] C:\Users\Page\AppData\Local\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session --flag-switches-begin --flag-switches-end --flag-switches-begin --flag-switches-end --flag-switches-begin --flag-switches-end --flag-switches-begin --flag-switches-end
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Page\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B603E05D-33CF-4753-953D-A8D63553BB31} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B603E05D-33CF-4753-953D-A8D63553BB31}\C696E6B6379737 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B86F93B5-A844-4639-8F0B-8BC0969296D3} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2012-10-19 645952]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-10-19 27456]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2011-12-5 16152]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-1-29 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-1-29 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-2-26 1388120]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-1-29 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130308.001\IDSviA64.sys [2013-3-1 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-1-29 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-1-29 405624]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2012-8-10 1641320]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-1 7168]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-10-19 128896]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-1 165760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-25 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-25 682344]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-1-29 138272]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 TolbarUpdater;Toolbar Updater;C:\Users\Page\AppData\Local\Temp\ToolbarUpdater.exe [2012-8-14 508416]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-1 364416]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2012-9-6 28160]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-2 138912]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-8-1 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2011-12-5 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2011-12-5 785688]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-25 24176]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-8-1 1860672]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-1 565352]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2011-10-13 20016]
R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2012-7-16 401256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-28 19456]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-8-1 259688]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-28 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-28 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-4 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-03-03 00:59:25 -------- d-----w- C:\ProgramData\Sophos
2013-03-03 00:59:04 73728 ----a-r- C:\Users\Page\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-03 00:59:04 73728 ----a-r- C:\Users\Page\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-03 00:59:04 73728 ----a-r- C:\Users\Page\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-03-03 00:58:55 -------- d-----w- C:\Program Files (x86)\Sophos
2013-03-02 04:22:06 -------- d-----w- C:\ComputerRequirementsTemp
2013-03-02 04:08:27 -------- d-----w- C:\Program Files (x86)\SP60050
2013-03-01 22:59:36 -------- d-----w- C:\Program Files (x86)\Computer Requirements
2013-02-27 05:39:40 -------- d-----w- C:\Program Files\CCleaner
2013-02-26 04:00:37 -------- d-----w- C:\Users\Page\AppData\Roaming\Malwarebytes
2013-02-26 04:00:24 -------- d-----w- C:\ProgramData\Malwarebytes
2013-02-26 04:00:23 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-02-26 04:00:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-26 04:00:09 -------- d-----w- C:\Users\Page\AppData\Local\Programs
2013-02-24 22:39:58 128512 ----a-w- C:\Windows\SysWow64\WinMonitor.exe
2013-02-07 20:49:16 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-06 14:14:20 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-06 14:14:20 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-06 14:13:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-06 14:13:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-06 14:13:00 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-06 14:13:00 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-02-06 14:13:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-02-06 14:13:00 182816 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-02-06 14:13:00 149528 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-02-06 07:05:45 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-06 07:05:45 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-06 07:05:44 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-06 07:05:41 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-06 07:05:40 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-06 07:05:40 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-06 07:05:40 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-06 07:05:40 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-06 07:05:40 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-06 07:05:40 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-06 07:05:38 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-06 07:05:38 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-06 06:31:06 -------- d-----w- C:\Users\Page\AppData\Local\Apple Computer
2013-02-06 06:30:56 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-02-06 06:30:06 -------- d-----w- C:\Program Files\iPod
2013-02-06 06:30:05 -------- d-----w- C:\Program Files\iTunes
2013-02-06 06:30:05 -------- d-----w- C:\Program Files (x86)\iTunes
2013-02-06 06:29:08 -------- d-----w- C:\Users\Page\AppData\Local\Apple
2013-02-06 06:28:11 -------- d-----w- C:\Program Files\Bonjour
2013-02-06 06:28:11 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M ====================
.
2013-02-20 22:51:33 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-20 22:51:33 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-05 03:59:02 17864381 ----a-w- C:\Windows\SysWow64\libs.exe
2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
.
============= FINISH: 20:14:43.91 ===============

When I try to.logon to the internet I get redirected to a page threatening me with being arrested for viewing banned material on the web and I am instructed to pay $300 to get my computer unblocked or be prosecuted by the FBI. This is all nonsense and I think my computer has been hacked or I've downloaded a virus. I cannot logon to safe mode and the computer goes straight to this webpage which displays the web provider. My ip address, it even took a picture of me using my webcam. Can you pleasr help me.