I’m having issues with a Google redirect malware/virus. I have run the following programs with their results:
Malware Bytes, Super Anti Spyware, I-Obit: No unusual results
AVG and Avira Antivirus: No unusual results
Spy No More:
Spyware Name/Category/Location
Trojan/Trojan/HKEY_CURRENTUSER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Trojan.Oficla.Is/Trojan/C:\Users\mwilson\AppData\Local\Temp\BCD.tmp
windrv.sys/Search Hijacker/C:\Windows\system32\windrv.sys
Internet Explorer Hijacker/Altered Setting/HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iexplore.exe
I thought after removing these my issue would be fixed, but it’s not. I have just gone through the 8 posted preliminary removal instructions and pasted the logs below.
Gmer Log: Empty
Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.org
Database version: 6398
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
4/20/2011 4:24:39 PM
mbam-log-2011-04-20 (16-24-39).txt
Scan type: Quick scan
Objects scanned: 189037
Time elapsed: 4 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by mmartin at 16:20:49.97 on Wed 04/20/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3032.2011 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: AVG Anti-Virus Business Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Business Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\atashost.exe
C:\Windows\twain_32\fjscan32\FJTWMKSV.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Intel\AMT\LMS.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
c:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\ProgramData\U3\U3Launcher\LaunchU3.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\mwilson\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = hxxp://172.16.24.*;http://192.168.244.*;http://10.224.224.*;http://172.16.28.*;http://172.16.29.*;https://earchive.*
uInternet Settings,ProxyServer = adserver03.indiana.in1stbank.com:3128
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [FJTWAIN Setup] c:\windows\twain_32\fjscan32\FjtwMkup.exe /Station
mRun: [FtLnSOP_setup] c:\windows\twain_32\fjscan32\sop\FtLnSOP.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\SoundMAX.exe" /tray
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {02E58850-DBD8-40D9-8897-1F9F9471023C} - hxxps://ftp.raddon.com/COM/MOVEitUploadWizard5.0.0.ocx
DPF: {0E409091-0585-415E-88B9-820BDC57094C} - hxxps://filetransfer.opensolutions.com/COM/MOVEitUploadWizard5.5.0.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\274\g2ax_winlogon.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mwilson\appdata\roaming\mozilla\firefox\profiles\b172519m.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.ftp - adserver03.indiana.in1stbank.com
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - adserver03.indiana.in1stbank.com
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - adserver03.indiana.in1stbank.com
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - adserver03.indiana.in1stbank.com
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-7-13 43920]
R2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\fjscan32\FJTWMKSV.exe [2009-7-13 45056]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2011-4-19 312152]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-5-22 2062872]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-12-7 17984]
R3 agloifob;agloifob;C:\agloifob.sys [2011-4-20 100480]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6032.sys [2009-7-13 164864]
R3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2009-7-13 14848]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-9-29 38224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-21 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\274\g2ax_service.exe [2011-4-18 161144]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-19 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-15 1343400]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
.
=============== Created Last 30 ================
.
2011-04-20 20:17:30 100480 ----a-w- C:\agloifob.sys
2011-04-20 18:58:34 -------- d-----w- c:\program files\SpyNoMore
2011-04-20 13:24:27 -------- d-----w- c:\users\mwilson\appdata\local\ElevatedDiagnostics
2011-04-19 17:17:55 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-04-19 17:17:55 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-19 17:17:55 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-04-19 17:17:54 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-19 16:08:29 -------- d-----w- c:\windows\system32\SPReview
2011-04-19 16:05:59 859648 ----a-w- c:\windows\system32\dsadmin.dll
2011-04-19 16:04:59 7680 ----a-w- c:\windows\system32\spwizres.dll
2011-04-19 16:03:45 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-04-19 16:03:45 257024 ----a-w- c:\windows\system32\dpx.dll
2011-04-19 14:11:25 -------- d-----w- c:\program files\CCleaner
2011-04-19 12:44:14 -------- d-----w- c:\users\mwilson\appdata\roaming\IObit
2011-04-19 12:44:05 -------- d-----w- c:\progra~2\IObit
2011-04-19 12:44:01 -------- d-----w- c:\program files\IObit
2011-04-19 07:00:24 -------- d-----w- C:\7c93843c302316bf28868b650e
2011-04-18 20:03:02 -------- d-----w- c:\program files\KODAK
2011-04-18 17:43:52 90112 --sha-r- c:\windows\system32\wlangpui8.dll
2011-04-18 13:45:33 -------- d-----w- c:\windows\idmu
2011-04-18 13:45:31 -------- d-----w- c:\windows\ADAM
2011-04-18 13:35:04 -------- d-----w- c:\program files\Hyper-V
2011-04-18 13:35:00 -------- d-----w- c:\windows\system32\Windows System Resource Manager
2011-04-18 13:34:57 627712 ----a-w- c:\windows\system32\gpprefbr.dll
2011-04-18 13:34:52 2548736 ----a-w- c:\windows\system32\propshts.dll
2011-04-18 13:34:49 225280 ----a-w- c:\windows\system32\gpregistrybrowser.dll
2011-04-18 13:34:48 166400 ----a-w- c:\windows\system32\gpprefcn.dll
2011-04-18 13:34:47 4342784 ----a-w- c:\windows\system32\gppref.dll
2011-04-18 13:34:41 -------- d-----w- c:\windows\Cluster
2011-04-18 13:34:41 -------- d-----w- C:\inetpub
2011-04-18 13:07:22 110456 ----a-w- c:\users\mwilson\g2ax_customer_downloadhelper_win32_x86.exe
2011-04-15 20:38:54 -------- d-----w- c:\windows\system32\BestPractices
2011-04-15 19:34:37 18944 ----a-w- c:\windows\system32\certpick.dll
2011-04-15 19:34:12 6656 ----a-w- c:\windows\system32\nfsclusrc.dll
2011-04-15 19:34:10 138240 ----a-w- c:\windows\system32\cluster.exe
2011-04-15 19:33:52 80384 ----a-w- c:\windows\system32\vmclusex.dll
2011-04-15 19:33:51 856064 ----a-w- c:\windows\system32\Microsoft.Storage.SanMmc.dll
2011-04-15 19:33:21 98304 ----a-w- c:\windows\system32\mtedit.exe
2011-04-15 19:33:11 13824 ----a-w- c:\windows\system32\dfscmd.exe
2011-04-15 19:33:11 11776 ----a-w- c:\windows\system32\redirusr.exe
2011-04-15 19:33:11 11776 ----a-w- c:\windows\system32\redircmp.exe
2011-04-15 19:33:01 53248 ----a-w- c:\windows\system32\wlbs.exe
2011-04-15 19:33:01 53248 ----a-w- c:\windows\system32\nlb.exe
2011-04-15 19:32:48 46592 ----a-w- c:\windows\system32\gpfixup.exe
2011-04-15 19:32:31 70656 ----a-w- c:\windows\system32\netdom.exe
2011-04-15 19:32:23 59392 ----a-w- c:\windows\system32\Volshext.dll
2011-04-15 19:32:23 393216 ----a-w- c:\windows\system32\DfsrHelper.dll
2011-04-15 19:32:23 33280 ----a-w- c:\windows\system32\avolprop.dll
2011-04-15 19:31:41 98304 ----a-w- c:\windows\system32\SanMgmtR.dll
2011-04-15 19:31:41 22528 ----a-w- c:\windows\system32\StorageRes.dll
2011-04-15 19:29:30 258048 ----a-w- c:\windows\DfsrAdmin.exe
2011-04-15 19:29:16 73728 ----a-w- c:\windows\system32\srmlib.dll
2011-04-15 19:29:16 10752 ----a-w- c:\windows\system32\Interop.DfsrHelper.dll
2011-04-15 19:15:07 -------- d-----w- c:\windows\Panther
2011-04-15 19:12:37 -------- d-----w- c:\windows\system32\Wat
2011-04-15 19:04:21 -------- d--h--w- C:\$WINDOWS.~Q
2011-04-15 18:58:06 65536 ----a-w- c:\windows\system32\a3d.dll
2011-04-15 18:58:06 381056 ----a-w- c:\windows\system32\drivers\senfilt.sys
2011-04-15 18:58:06 259648 ----a-w- c:\windows\system32\drivers\smwdm.sys
2011-04-15 18:58:06 133200 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2011-04-15 18:58:00 -------- d-----w- C:\SoundmaxDrivers
2011-04-15 18:49:58 -------- d--h--w- C:\$INPLACE.~TR
2011-04-15 18:19:52 -------- d-----w- c:\windows\pss
2011-04-15 17:33:44 -------- d-----w- c:\users\mwilson\appdata\local\VirtualStore
2011-04-15 17:33:22 -------- d-sh--w- C:\Recovery
2011-04-15 16:43:19 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-15 16:43:18 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-15 16:43:18 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-15 16:43:14 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-04-15 16:43:08 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-15 16:43:08 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 16:43:04 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-04-15 16:43:04 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 16:43:04 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 16:42:38 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-15 16:42:37 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-04-15 16:42:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-15 16:41:54 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-04-15 16:41:07 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 16:41:05 802304 ----a-w- c:\windows\system32\WFS.exe
2011-04-15 16:41:05 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 16:39:55 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-15 16:25:57 -------- d-----w- c:\windows\system32\wbem\Performance
2011-04-15 15:20:54 -------- d-----w- c:\progra~2\SonicFocus
2011-04-15 15:20:53 -------- d-----w- c:\program files\Analog Devices
2011-04-14 20:33:51 -------- d-----w- C:\cf8e69e39a84a7179a95e0ec9f9a1e01
2011-04-11 13:33:30 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-04-08 20:01:09 -------- d-----w- c:\users\mwilson\appdata\local\Microsoft Corporation
.
==================== Find3M ====================
.
2011-04-19 16:12:30 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-02-24 05:38:54 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-11 23:26:38 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2011-02-11 23:26:32 137752 ----a-w- c:\windows\system32\igfxtray.exe
2011-02-11 23:26:30 267800 ----a-w- c:\windows\system32\igfxsrvc.exe
2011-02-11 23:26:30 172568 ----a-w- c:\windows\system32\igfxpers.exe
2011-02-11 23:26:28 179224 ----a-w- c:\windows\system32\igfxext.exe
2011-02-11 23:26:26 171032 ----a-w- c:\windows\system32\hkcmd.exe
2011-02-11 23:26:22 3157528 ----a-w- c:\windows\system32\GfxUI.exe
2011-02-11 23:20:00 81920 ----a-w- c:\windows\system32\igfxCoIn_v2302.dll
2011-02-11 23:12:16 4967424 ----a-w- c:\windows\system32\igdumd32.dll
2011-02-11 23:09:48 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2011-02-11 23:04:40 4411392 ----a-w- c:\windows\system32\igd10umd32.dll
2011-02-11 22:51:10 11039744 ----a-w- c:\windows\system32\ig4icd32.dll
2011-02-11 22:41:30 261632 ----a-w- c:\windows\system32\igfxTMM.dll
2011-02-11 22:41:30 195584 ----a-w- c:\windows\system32\igfxpph.dll
2011-02-11 22:41:30 115200 ----a-w- c:\windows\system32\igfxcpl.cpl
2011-02-11 22:41:28 23552 ----a-w- c:\windows\system32\igfxexps.dll
2011-02-11 22:41:12 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-02-11 22:40:56 130048 ----a-w- c:\windows\system32\igfxdo.dll
2011-02-11 22:40:48 95232 ----a-w- c:\windows\system32\hccutils.dll
2011-02-11 22:40:42 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
2011-02-11 22:40:40 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2011-02-11 22:40:38 85504 ----a-w- c:\windows\system32\igfxrenu.lrc
2011-02-11 22:40:38 828928 ----a-w- c:\windows\system32\igfxress.dll
2011-02-11 22:40:38 228864 ----a-w- c:\windows\system32\igfxdev.dll
2011-02-11 22:35:00 208896 ----a-w- c:\windows\system32\iglhsip32.dll
2011-02-11 22:35:00 147456 ----a-w- c:\windows\system32\iglhcp32.dll
2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 16:22:33.86 ===============
Attach Log.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/15/2011 1:33:23 PM
System Uptime: 4/20/2011 4:13:35 PM (0 hours ago)
.
Motherboard: Intel Corporation | | DQ45CB
Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz | LGA775 | 2497/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 158.257 GiB free.
D: is CDROM ()
H: is NetworkDisk (NTFS) - 62 GiB total, 1.279 GiB free.
O: is NetworkDisk (NTFS) - 200 GiB total, 82.305 GiB free.
P: is NetworkDisk (NTFS) - 200 GiB total, 82.305 GiB free.
Q: is NetworkDisk (NTFS) - 200 GiB total, 82.305 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&FA6E15C&0&1
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&FA6E15C&0&1
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
32 Bit HP BiDi Channel Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Acrobat 9.4.3 - CPSID_83708
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
CCleaner
Cooking Aficionado Professional 3.1
Distributed Document Services Component
eWebEditPro 4 Client
FBViewerCtrl
File Renamer - Basic
Google Update Helper
GoToAssist Customer 1.5.0.274
GoToAssist Expert 1.5.0.274
GoToMeeting 4.5.0.457
Host OpenAL (ADI)
Intel Reseller Tracking Utility
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel(R) Network Connections 13.1.4.0
Intel® Active Management Technology
IObit Security 360
Java Auto Updater
KODAK Capture Pro Software Find and View
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 7.1
Microsoft IntelliType Pro 7.1
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
OGA Notifier 2.0.0048.0
OneTouch 4.0
PaperPort 9.0
PrimoPDF
QuickTime
RiskID Communicator
Scanner Utility for Microsoft Windows
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2434737)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Software Operation Panel
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
SpyNoMore 2.98
SUPERAntiSpyware Free Edition
U3Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2522999)
VCRedistSetup
Vid-Center (Build 18223)
WebEx
Windows Media Player Firefox Plugin
ZipGenius 6 (6.3.1.2590)
.
==== End Of File ===========================
Please help, I'm out of options.
Malware Bytes, Super Anti Spyware, I-Obit: No unusual results
AVG and Avira Antivirus: No unusual results
Spy No More:
Spyware Name/Category/Location
Trojan/Trojan/HKEY_CURRENTUSER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Trojan.Oficla.Is/Trojan/C:\Users\mwilson\AppData\Local\Temp\BCD.tmp
windrv.sys/Search Hijacker/C:\Windows\system32\windrv.sys
Internet Explorer Hijacker/Altered Setting/HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iexplore.exe
I thought after removing these my issue would be fixed, but it’s not. I have just gone through the 8 posted preliminary removal instructions and pasted the logs below.
Gmer Log: Empty
Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.org
Database version: 6398
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
4/20/2011 4:24:39 PM
mbam-log-2011-04-20 (16-24-39).txt
Scan type: Quick scan
Objects scanned: 189037
Time elapsed: 4 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by mmartin at 16:20:49.97 on Wed 04/20/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3032.2011 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: AVG Anti-Virus Business Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Business Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\atashost.exe
C:\Windows\twain_32\fjscan32\FJTWMKSV.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Intel\AMT\LMS.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
c:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\ProgramData\U3\U3Launcher\LaunchU3.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\mwilson\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = hxxp://172.16.24.*;http://192.168.244.*;http://10.224.224.*;http://172.16.28.*;http://172.16.29.*;https://earchive.*
uInternet Settings,ProxyServer = adserver03.indiana.in1stbank.com:3128
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [FJTWAIN Setup] c:\windows\twain_32\fjscan32\FjtwMkup.exe /Station
mRun: [FtLnSOP_setup] c:\windows\twain_32\fjscan32\sop\FtLnSOP.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\SoundMAX.exe" /tray
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {02E58850-DBD8-40D9-8897-1F9F9471023C} - hxxps://ftp.raddon.com/COM/MOVEitUploadWizard5.0.0.ocx
DPF: {0E409091-0585-415E-88B9-820BDC57094C} - hxxps://filetransfer.opensolutions.com/COM/MOVEitUploadWizard5.5.0.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\274\g2ax_winlogon.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mwilson\appdata\roaming\mozilla\firefox\profiles\b172519m.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.ftp - adserver03.indiana.in1stbank.com
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - adserver03.indiana.in1stbank.com
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - adserver03.indiana.in1stbank.com
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - adserver03.indiana.in1stbank.com
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-7-13 43920]
R2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\fjscan32\FJTWMKSV.exe [2009-7-13 45056]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2011-4-19 312152]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-5-22 2062872]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-12-7 17984]
R3 agloifob;agloifob;C:\agloifob.sys [2011-4-20 100480]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6032.sys [2009-7-13 164864]
R3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2009-7-13 14848]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-9-29 38224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-21 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\274\g2ax_service.exe [2011-4-18 161144]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-19 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-15 1343400]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
.
=============== Created Last 30 ================
.
2011-04-20 20:17:30 100480 ----a-w- C:\agloifob.sys
2011-04-20 18:58:34 -------- d-----w- c:\program files\SpyNoMore
2011-04-20 13:24:27 -------- d-----w- c:\users\mwilson\appdata\local\ElevatedDiagnostics
2011-04-19 17:17:55 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-04-19 17:17:55 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-19 17:17:55 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-04-19 17:17:54 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-19 16:08:29 -------- d-----w- c:\windows\system32\SPReview
2011-04-19 16:05:59 859648 ----a-w- c:\windows\system32\dsadmin.dll
2011-04-19 16:04:59 7680 ----a-w- c:\windows\system32\spwizres.dll
2011-04-19 16:03:45 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-04-19 16:03:45 257024 ----a-w- c:\windows\system32\dpx.dll
2011-04-19 14:11:25 -------- d-----w- c:\program files\CCleaner
2011-04-19 12:44:14 -------- d-----w- c:\users\mwilson\appdata\roaming\IObit
2011-04-19 12:44:05 -------- d-----w- c:\progra~2\IObit
2011-04-19 12:44:01 -------- d-----w- c:\program files\IObit
2011-04-19 07:00:24 -------- d-----w- C:\7c93843c302316bf28868b650e
2011-04-18 20:03:02 -------- d-----w- c:\program files\KODAK
2011-04-18 17:43:52 90112 --sha-r- c:\windows\system32\wlangpui8.dll
2011-04-18 13:45:33 -------- d-----w- c:\windows\idmu
2011-04-18 13:45:31 -------- d-----w- c:\windows\ADAM
2011-04-18 13:35:04 -------- d-----w- c:\program files\Hyper-V
2011-04-18 13:35:00 -------- d-----w- c:\windows\system32\Windows System Resource Manager
2011-04-18 13:34:57 627712 ----a-w- c:\windows\system32\gpprefbr.dll
2011-04-18 13:34:52 2548736 ----a-w- c:\windows\system32\propshts.dll
2011-04-18 13:34:49 225280 ----a-w- c:\windows\system32\gpregistrybrowser.dll
2011-04-18 13:34:48 166400 ----a-w- c:\windows\system32\gpprefcn.dll
2011-04-18 13:34:47 4342784 ----a-w- c:\windows\system32\gppref.dll
2011-04-18 13:34:41 -------- d-----w- c:\windows\Cluster
2011-04-18 13:34:41 -------- d-----w- C:\inetpub
2011-04-18 13:07:22 110456 ----a-w- c:\users\mwilson\g2ax_customer_downloadhelper_win32_x86.exe
2011-04-15 20:38:54 -------- d-----w- c:\windows\system32\BestPractices
2011-04-15 19:34:37 18944 ----a-w- c:\windows\system32\certpick.dll
2011-04-15 19:34:12 6656 ----a-w- c:\windows\system32\nfsclusrc.dll
2011-04-15 19:34:10 138240 ----a-w- c:\windows\system32\cluster.exe
2011-04-15 19:33:52 80384 ----a-w- c:\windows\system32\vmclusex.dll
2011-04-15 19:33:51 856064 ----a-w- c:\windows\system32\Microsoft.Storage.SanMmc.dll
2011-04-15 19:33:21 98304 ----a-w- c:\windows\system32\mtedit.exe
2011-04-15 19:33:11 13824 ----a-w- c:\windows\system32\dfscmd.exe
2011-04-15 19:33:11 11776 ----a-w- c:\windows\system32\redirusr.exe
2011-04-15 19:33:11 11776 ----a-w- c:\windows\system32\redircmp.exe
2011-04-15 19:33:01 53248 ----a-w- c:\windows\system32\wlbs.exe
2011-04-15 19:33:01 53248 ----a-w- c:\windows\system32\nlb.exe
2011-04-15 19:32:48 46592 ----a-w- c:\windows\system32\gpfixup.exe
2011-04-15 19:32:31 70656 ----a-w- c:\windows\system32\netdom.exe
2011-04-15 19:32:23 59392 ----a-w- c:\windows\system32\Volshext.dll
2011-04-15 19:32:23 393216 ----a-w- c:\windows\system32\DfsrHelper.dll
2011-04-15 19:32:23 33280 ----a-w- c:\windows\system32\avolprop.dll
2011-04-15 19:31:41 98304 ----a-w- c:\windows\system32\SanMgmtR.dll
2011-04-15 19:31:41 22528 ----a-w- c:\windows\system32\StorageRes.dll
2011-04-15 19:29:30 258048 ----a-w- c:\windows\DfsrAdmin.exe
2011-04-15 19:29:16 73728 ----a-w- c:\windows\system32\srmlib.dll
2011-04-15 19:29:16 10752 ----a-w- c:\windows\system32\Interop.DfsrHelper.dll
2011-04-15 19:15:07 -------- d-----w- c:\windows\Panther
2011-04-15 19:12:37 -------- d-----w- c:\windows\system32\Wat
2011-04-15 19:04:21 -------- d--h--w- C:\$WINDOWS.~Q
2011-04-15 18:58:06 65536 ----a-w- c:\windows\system32\a3d.dll
2011-04-15 18:58:06 381056 ----a-w- c:\windows\system32\drivers\senfilt.sys
2011-04-15 18:58:06 259648 ----a-w- c:\windows\system32\drivers\smwdm.sys
2011-04-15 18:58:06 133200 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2011-04-15 18:58:00 -------- d-----w- C:\SoundmaxDrivers
2011-04-15 18:49:58 -------- d--h--w- C:\$INPLACE.~TR
2011-04-15 18:19:52 -------- d-----w- c:\windows\pss
2011-04-15 17:33:44 -------- d-----w- c:\users\mwilson\appdata\local\VirtualStore
2011-04-15 17:33:22 -------- d-sh--w- C:\Recovery
2011-04-15 16:43:19 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-15 16:43:18 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-15 16:43:18 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-15 16:43:14 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-04-15 16:43:08 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-15 16:43:08 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 16:43:04 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-04-15 16:43:04 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 16:43:04 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 16:42:38 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-15 16:42:37 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-04-15 16:42:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-15 16:41:54 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-04-15 16:41:07 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 16:41:05 802304 ----a-w- c:\windows\system32\WFS.exe
2011-04-15 16:41:05 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 16:39:55 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-15 16:25:57 -------- d-----w- c:\windows\system32\wbem\Performance
2011-04-15 15:20:54 -------- d-----w- c:\progra~2\SonicFocus
2011-04-15 15:20:53 -------- d-----w- c:\program files\Analog Devices
2011-04-14 20:33:51 -------- d-----w- C:\cf8e69e39a84a7179a95e0ec9f9a1e01
2011-04-11 13:33:30 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-04-08 20:01:09 -------- d-----w- c:\users\mwilson\appdata\local\Microsoft Corporation
.
==================== Find3M ====================
.
2011-04-19 16:12:30 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-02-24 05:38:54 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-11 23:26:38 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2011-02-11 23:26:32 137752 ----a-w- c:\windows\system32\igfxtray.exe
2011-02-11 23:26:30 267800 ----a-w- c:\windows\system32\igfxsrvc.exe
2011-02-11 23:26:30 172568 ----a-w- c:\windows\system32\igfxpers.exe
2011-02-11 23:26:28 179224 ----a-w- c:\windows\system32\igfxext.exe
2011-02-11 23:26:26 171032 ----a-w- c:\windows\system32\hkcmd.exe
2011-02-11 23:26:22 3157528 ----a-w- c:\windows\system32\GfxUI.exe
2011-02-11 23:20:00 81920 ----a-w- c:\windows\system32\igfxCoIn_v2302.dll
2011-02-11 23:12:16 4967424 ----a-w- c:\windows\system32\igdumd32.dll
2011-02-11 23:09:48 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2011-02-11 23:04:40 4411392 ----a-w- c:\windows\system32\igd10umd32.dll
2011-02-11 22:51:10 11039744 ----a-w- c:\windows\system32\ig4icd32.dll
2011-02-11 22:41:30 261632 ----a-w- c:\windows\system32\igfxTMM.dll
2011-02-11 22:41:30 195584 ----a-w- c:\windows\system32\igfxpph.dll
2011-02-11 22:41:30 115200 ----a-w- c:\windows\system32\igfxcpl.cpl
2011-02-11 22:41:28 23552 ----a-w- c:\windows\system32\igfxexps.dll
2011-02-11 22:41:12 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-02-11 22:40:56 130048 ----a-w- c:\windows\system32\igfxdo.dll
2011-02-11 22:40:48 95232 ----a-w- c:\windows\system32\hccutils.dll
2011-02-11 22:40:42 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
2011-02-11 22:40:40 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2011-02-11 22:40:38 85504 ----a-w- c:\windows\system32\igfxrenu.lrc
2011-02-11 22:40:38 828928 ----a-w- c:\windows\system32\igfxress.dll
2011-02-11 22:40:38 228864 ----a-w- c:\windows\system32\igfxdev.dll
2011-02-11 22:35:00 208896 ----a-w- c:\windows\system32\iglhsip32.dll
2011-02-11 22:35:00 147456 ----a-w- c:\windows\system32\iglhcp32.dll
2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 16:22:33.86 ===============
Attach Log.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/15/2011 1:33:23 PM
System Uptime: 4/20/2011 4:13:35 PM (0 hours ago)
.
Motherboard: Intel Corporation | | DQ45CB
Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz | LGA775 | 2497/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 158.257 GiB free.
D: is CDROM ()
H: is NetworkDisk (NTFS) - 62 GiB total, 1.279 GiB free.
O: is NetworkDisk (NTFS) - 200 GiB total, 82.305 GiB free.
P: is NetworkDisk (NTFS) - 200 GiB total, 82.305 GiB free.
Q: is NetworkDisk (NTFS) - 200 GiB total, 82.305 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&FA6E15C&0&1
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&FA6E15C&0&1
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
32 Bit HP BiDi Channel Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Acrobat 9.4.3 - CPSID_83708
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
CCleaner
Cooking Aficionado Professional 3.1
Distributed Document Services Component
eWebEditPro 4 Client
FBViewerCtrl
File Renamer - Basic
Google Update Helper
GoToAssist Customer 1.5.0.274
GoToAssist Expert 1.5.0.274
GoToMeeting 4.5.0.457
Host OpenAL (ADI)
Intel Reseller Tracking Utility
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel(R) Network Connections 13.1.4.0
Intel® Active Management Technology
IObit Security 360
Java Auto Updater
KODAK Capture Pro Software Find and View
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 7.1
Microsoft IntelliType Pro 7.1
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
OGA Notifier 2.0.0048.0
OneTouch 4.0
PaperPort 9.0
PrimoPDF
QuickTime
RiskID Communicator
Scanner Utility for Microsoft Windows
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2434737)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Software Operation Panel
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
SpyNoMore 2.98
SUPERAntiSpyware Free Edition
U3Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2522999)
VCRedistSetup
Vid-Center (Build 18223)
WebEx
Windows Media Player Firefox Plugin
ZipGenius 6 (6.3.1.2590)
.
==== End Of File ===========================
Please help, I'm out of options.