Removed it but keeps, reinstalling. Browser redirects on IE, Firefox and Chrome. When I d/l anything I can't open d/l folder or run anything I've d/l. Microsoft Security essentials doesn't run anymore and I can't uninstall it either, Ccleaner can't uninstall msse also. Can't log in anywhere keeps changing my login name. Will d/l dds and gmer from 30 year old laptop and try to run on other laptop. I was able to run dds, but cannot run gmer or extract it to desktop. Cannot copy and paste to desktop either.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 1.6.0_24
Run by astral at 11:19:29 on 2013-05-27
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.1789.881 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\PROGRA~1\DAILYB~2\bar\1.bin\2vbarsvc.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Brother\BPRSP\resources\BrSupSsp.exe
C:\Program Files\AnalogX\MaxMem\maxmem.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Users\astral\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = google.com
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
uRun: [Google Update] "c:\users\astral\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [Pokki] c:\windows\system32\rundll32.exe "c:\users\astral\appdata\local\pokki\engine\LaunchDeskband.dll",RunLaunchDeskband
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [eRecoveryService] <no file>
StartupFolder: c:\users\astral\appdata\roaming\micros~1\windows\startm~1\programs\startup\maxmem.lnk - c:\program files\analogx\maxmem\maxmem.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\brothe~1.lnk - c:\windows\installer\{8040527f-dd74-4b45-8a06-c4bf145b6c76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mimedia.lnk - c:\program files\mimedia llc\mimedia\MiMedia.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Copy to &Lightning Note - c:\program files\wordperfect lightning\programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks\norton cleanup\WCQuick.lnk
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{81B9C31E-4F4B-4B90-96F1-17480B08C62F} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D132784B-6AB7-4226-9237-4C0F67AE1B15} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 Spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\astral\appdata\roaming\mozilla\firefox\profiles\aiiger5n.default-1369580194724\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\dailybibleguide\bar\1.bin\NP2vStub.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\astral\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-04-28 10:33; 2vffxtbr@DailyBibleGuide.com; c:\program files\dailybibleguide\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-10-31 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-10-31 35712]
R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-10-17 299280]
R2 DailyBibleGuideService;DailyBibleGuideService;c:\progra~1\dailyb~2\bar\1.bin\2vbarsvc.exe [2013-4-28 42504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-10-10 245760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 100328]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-9 1153368]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\razer\razer game booster\driver\WinRing0.sys [2012-11-13 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
SUnknown NisSrv;NisSrv; [x]
.
=============== Created Last 30 ================
.
2013-05-26 23:24:52 -------- d-----w- c:\program files\ESET
2013-05-26 04:09:42 225280 ----a-w- c:\programdata\microsoft\media tools\MediaIconsOverlays.dll
2013-05-26 04:08:24 -------- d-----w- c:\program files\x264 Video Codec
2013-05-25 12:16:00 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{86941efd-2695-4b70-b40c-8ee11e87f8a8}\mpengine.dll
2013-05-23 22:42:11 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-05-22 23:18:22 262552 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-21 23:01:20 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5666bf10-2e17-45b5-8568-4219616a6e24}\gapaengine.dll
2013-05-18 14:40:16 -------- d-----w- c:\programdata\SecTaskMan
2013-05-18 14:40:08 -------- d-----w- c:\program files\Security Task Manager
2013-05-14 23:35:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-14 22:55:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-14 22:55:02 149632 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-05-14 22:55:00 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-05-14 22:48:26 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-14 22:48:26 37376 ----a-w- c:\windows\system32\cdd.dll
2013-05-14 22:46:13 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-05-10 07:57:26 187456 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-04-28 15:33:34 -------- d-----w- c:\users\astral\appdata\local\DailyBibleGuide
2013-04-28 15:33:19 -------- d-----w- c:\program files\DailyBibleGuide
.
==================== Find3M ====================
.
2013-05-15 03:59:01 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 03:59:01 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-11 13:25:50 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25:50 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-09 01:28:08 64000 ----a-w- c:\windows\system32\smss.exe
2013-03-08 03:53:50 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 03:52:22 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-03-03 19:07:52 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
============= FINISH: 11:23:15.37 ===============SAS report
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 1.6.0_24
Run by astral at 11:19:29 on 2013-05-27
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.1789.881 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\PROGRA~1\DAILYB~2\bar\1.bin\2vbarsvc.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Brother\BPRSP\resources\BrSupSsp.exe
C:\Program Files\AnalogX\MaxMem\maxmem.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Users\astral\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = google.com
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
uRun: [Google Update] "c:\users\astral\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [Pokki] c:\windows\system32\rundll32.exe "c:\users\astral\appdata\local\pokki\engine\LaunchDeskband.dll",RunLaunchDeskband
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [eRecoveryService] <no file>
StartupFolder: c:\users\astral\appdata\roaming\micros~1\windows\startm~1\programs\startup\maxmem.lnk - c:\program files\analogx\maxmem\maxmem.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\brothe~1.lnk - c:\windows\installer\{8040527f-dd74-4b45-8a06-c4bf145b6c76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mimedia.lnk - c:\program files\mimedia llc\mimedia\MiMedia.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Copy to &Lightning Note - c:\program files\wordperfect lightning\programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks\norton cleanup\WCQuick.lnk
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{81B9C31E-4F4B-4B90-96F1-17480B08C62F} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D132784B-6AB7-4226-9237-4C0F67AE1B15} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 Spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\astral\appdata\roaming\mozilla\firefox\profiles\aiiger5n.default-1369580194724\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\dailybibleguide\bar\1.bin\NP2vStub.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\astral\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-04-28 10:33; 2vffxtbr@DailyBibleGuide.com; c:\program files\dailybibleguide\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-10-31 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-10-31 35712]
R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-10-17 299280]
R2 DailyBibleGuideService;DailyBibleGuideService;c:\progra~1\dailyb~2\bar\1.bin\2vbarsvc.exe [2013-4-28 42504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-10-10 245760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 100328]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-9 1153368]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\razer\razer game booster\driver\WinRing0.sys [2012-11-13 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
SUnknown NisSrv;NisSrv; [x]
.
=============== Created Last 30 ================
.
2013-05-26 23:24:52 -------- d-----w- c:\program files\ESET
2013-05-26 04:09:42 225280 ----a-w- c:\programdata\microsoft\media tools\MediaIconsOverlays.dll
2013-05-26 04:08:24 -------- d-----w- c:\program files\x264 Video Codec
2013-05-25 12:16:00 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{86941efd-2695-4b70-b40c-8ee11e87f8a8}\mpengine.dll
2013-05-23 22:42:11 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-05-22 23:18:22 262552 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-21 23:01:20 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5666bf10-2e17-45b5-8568-4219616a6e24}\gapaengine.dll
2013-05-18 14:40:16 -------- d-----w- c:\programdata\SecTaskMan
2013-05-18 14:40:08 -------- d-----w- c:\program files\Security Task Manager
2013-05-14 23:35:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-14 22:55:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-14 22:55:02 149632 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-05-14 22:55:00 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-05-14 22:48:26 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-14 22:48:26 37376 ----a-w- c:\windows\system32\cdd.dll
2013-05-14 22:46:13 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-05-10 07:57:26 187456 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-04-28 15:33:34 -------- d-----w- c:\users\astral\appdata\local\DailyBibleGuide
2013-04-28 15:33:19 -------- d-----w- c:\program files\DailyBibleGuide
.
==================== Find3M ====================
.
2013-05-15 03:59:01 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 03:59:01 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-11 13:25:50 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25:50 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-09 01:28:08 64000 ----a-w- c:\windows\system32\smss.exe
2013-03-08 03:53:50 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 03:52:22 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-03-03 19:07:52 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
============= FINISH: 11:23:15.37 ===============SAS report