Hello,
It's been a while.
I'm trying to help a friend get rid of a virus on their computer. This virus is a bit of a tricky one as it seems to be pretty difficult to remove.
Normally, I can just run MalwareBytes Anti-Malware and that would solve the problem. However, this virus does not allow to run the application. When I try to run it (or any other application), it doesn't do anything. If you take a look at Task Manager Process List while you attempt to open the application, you will see that the process appears and then just disappears again.
I've located the virus in the following location on the computer:
C:\Users\<username>\AppData\Local\dwykacrj\ldqwkcbw
and I attempted to remove the file, however, it's not letting me as it says the file is in use.
Normally, I'd be able to see a Process in the Task Manager for the virus that I can stop and then delete the file, however I cannot see the process for this virus.
So I have to say I'm stuck on how to get rid of the thing, hence why I come to the experts (my favourite experts, might I add :) ).
I've ran the DDS and GMER scripts as per instructions and have attached as required.
DDS.txt says:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088
Run by RNP Marketing Ltd at 19:42:04 on 2014-01-08
Microsoft® Windows Vista Home Premium 6.0.6001.1.1252.44.1033.18.3070.2124 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Windows\system32\schtasks.exe
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Wajam\Updater\WajamUpdater.exe
C:\Program Files\Movdap\WBDesktop.Updater.1.0.0.16.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=b98bcad4-de3d-4137-b57e-868d93f15662&searchtype=ds&q={searchTerms}&installDate=29/09/2013
uSearch Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=b98bcad4-de3d-4137-b57e-868d93f15662&searchtype=ds&q={searchTerms}&installDate=29/09/2013
uSearchAssistant = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=b98bcad4-de3d-4137-b57e-868d93f15662&searchtype=ds&q={searchTerms}&installDate=29/09/2013
mWinlogon: Userinit = c:\windows\system32\userinit.exe,,c:\users\rnpmar~1\appdata\local\temp\dilrmedg.exe,c:\users\rnp marketing ltd\appdata\local\dwykacrj\ldqwkcbw.exe
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: WebCake: {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - c:\program files\betcat\WebCakeIEClient.dll
BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - c:\program files\wajam\ie\priam_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [LdqWkcbw] c:\users\rnp marketing ltd\appdata\local\dwykacrj\ldqwkcbw.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB7.1; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET4.0C; BRI/2)" -"http://www.miniclip.com/games/cab-driver/en/cab_driver.dcr"
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E67C2976-A0A3-41FD-AA6F-FD82889D728B} : DHCPNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [2008-5-28 61688]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 BitGuard;BitGuard;c:\programdata\bitguard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2013-12-30 3780064]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [2009-12-20 126392]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 WajamUpdater;WajamUpdater;c:\program files\wajam\updater\WajamUpdater.exe [2013-5-2 109064]
R2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files\movdap\WBDesktop.Updater.1.0.0.16.exe [2013-8-15 51992]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-2-26 187904]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-7-25 162672]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-1-7 40776]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 143360]
S4 File Backup;File Backup Service;c:\program files\workspace\offSyncService.exe [2010-7-16 1188624]
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-26 30192]
S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2008-10-10 376832]
S4 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2008-12-1 28672]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\McSACore.exe [2011-1-21 95200]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S4 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\SymcPCCULaunchSvc.exe [2009-12-20 123320]
S4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 229376]
S4 WDDMService;WDDMService;c:\program files\western digital\wd smartware\WDDMService.exe [2011-8-1 263056]
S4 WDFMEService;WDFMEService;c:\program files\western digital\wd smartware\WDFME.exe [2011-8-1 1592208]
S4 WDRulesService;WDRulesService;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2011-8-1 1091984]
.
=============== Created Last 30 ================
.
2014-01-07 22:45:51 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-01-07 22:34:04 -------- d-----w- c:\users\rnp marketing ltd\appdata\roaming\Malwarebytes
2014-01-07 22:33:19 -------- d-----w- c:\programdata\Malwarebytes
2014-01-07 22:33:18 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-07 22:33:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2014-01-08 19:27:31 44544 ----a-w- c:\windows\system32\agremove.exe
2014-01-07 22:45:49 99984 ---ha-w- c:\windows\system32\4OCi9H90s
2013-10-28 21:05:33 99984 ---ha-w- c:\windows\4OCi9H90s
.
============= FINISH: 19:43:26.01 ===============
It's been a while.
I'm trying to help a friend get rid of a virus on their computer. This virus is a bit of a tricky one as it seems to be pretty difficult to remove.
Normally, I can just run MalwareBytes Anti-Malware and that would solve the problem. However, this virus does not allow to run the application. When I try to run it (or any other application), it doesn't do anything. If you take a look at Task Manager Process List while you attempt to open the application, you will see that the process appears and then just disappears again.
I've located the virus in the following location on the computer:
C:\Users\<username>\AppData\Local\dwykacrj\ldqwkcbw
and I attempted to remove the file, however, it's not letting me as it says the file is in use.
Normally, I'd be able to see a Process in the Task Manager for the virus that I can stop and then delete the file, however I cannot see the process for this virus.
So I have to say I'm stuck on how to get rid of the thing, hence why I come to the experts (my favourite experts, might I add :) ).
I've ran the DDS and GMER scripts as per instructions and have attached as required.
DDS.txt says:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088
Run by RNP Marketing Ltd at 19:42:04 on 2014-01-08
Microsoft® Windows Vista Home Premium 6.0.6001.1.1252.44.1033.18.3070.2124 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Windows\system32\schtasks.exe
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Wajam\Updater\WajamUpdater.exe
C:\Program Files\Movdap\WBDesktop.Updater.1.0.0.16.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=b98bcad4-de3d-4137-b57e-868d93f15662&searchtype=ds&q={searchTerms}&installDate=29/09/2013
uSearch Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=b98bcad4-de3d-4137-b57e-868d93f15662&searchtype=ds&q={searchTerms}&installDate=29/09/2013
uSearchAssistant = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=GB&userid=b98bcad4-de3d-4137-b57e-868d93f15662&searchtype=ds&q={searchTerms}&installDate=29/09/2013
mWinlogon: Userinit = c:\windows\system32\userinit.exe,,c:\users\rnpmar~1\appdata\local\temp\dilrmedg.exe,c:\users\rnp marketing ltd\appdata\local\dwykacrj\ldqwkcbw.exe
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: WebCake: {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - c:\program files\betcat\WebCakeIEClient.dll
BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - c:\program files\wajam\ie\priam_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [LdqWkcbw] c:\users\rnp marketing ltd\appdata\local\dwykacrj\ldqwkcbw.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB7.1; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET4.0C; BRI/2)" -"http://www.miniclip.com/games/cab-driver/en/cab_driver.dcr"
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E67C2976-A0A3-41FD-AA6F-FD82889D728B} : DHCPNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [2008-5-28 61688]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 BitGuard;BitGuard;c:\programdata\bitguard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2013-12-30 3780064]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [2009-12-20 126392]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 WajamUpdater;WajamUpdater;c:\program files\wajam\updater\WajamUpdater.exe [2013-5-2 109064]
R2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files\movdap\WBDesktop.Updater.1.0.0.16.exe [2013-8-15 51992]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-2-26 187904]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-7-25 162672]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-1-7 40776]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 143360]
S4 File Backup;File Backup Service;c:\program files\workspace\offSyncService.exe [2010-7-16 1188624]
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-26 30192]
S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2008-10-10 376832]
S4 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2008-12-1 28672]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\McSACore.exe [2011-1-21 95200]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S4 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\SymcPCCULaunchSvc.exe [2009-12-20 123320]
S4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 229376]
S4 WDDMService;WDDMService;c:\program files\western digital\wd smartware\WDDMService.exe [2011-8-1 263056]
S4 WDFMEService;WDFMEService;c:\program files\western digital\wd smartware\WDFME.exe [2011-8-1 1592208]
S4 WDRulesService;WDRulesService;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2011-8-1 1091984]
.
=============== Created Last 30 ================
.
2014-01-07 22:45:51 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-01-07 22:34:04 -------- d-----w- c:\users\rnp marketing ltd\appdata\roaming\Malwarebytes
2014-01-07 22:33:19 -------- d-----w- c:\programdata\Malwarebytes
2014-01-07 22:33:18 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-07 22:33:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2014-01-08 19:27:31 44544 ----a-w- c:\windows\system32\agremove.exe
2014-01-07 22:45:49 99984 ---ha-w- c:\windows\system32\4OCi9H90s
2013-10-28 21:05:33 99984 ---ha-w- c:\windows\4OCi9H90s
.
============= FINISH: 19:43:26.01 ===============