TechSpot

HELP! Hijacked webcam

By ramenstyle
Jul 20, 2011
  1. Hey guys,

    So my webcam has been powering on and off by itself (as indicated by the webcam LED which notifies it is in use). I'm 100% sure no other application is using my webcam. I'm pretty much convinced I'm currently being hijacked. Also, the hacker sent me a random message on my computer, but it was just jibberish. He continued to send me messages until I shutdown my laptop. I turned it back on, ran a full system MSE scan and cleaned my computer, but I don't think it helped at all.

    I will attach my HiJackThis log, maybe you guys can help me out here.

    Any other solution?

    Thank you!

    Best Regards,

    EDIT: As a newcomer, I neglected to check the pinned topics. I am currently going through the 7-step (now 5-step) removal procedure. Copy and pasting Malwarebytes log.

    EDIT 2: Added GMER log.

    EDIT 3: Added DDS logs in next 2 posts.



    Here's my HijackThis.log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:45:29 PM, on 7/20/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    C:\Program Files\OSD\Launch_CC.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    C:\Users\Lctalavera\Local Settings\Apps\F.lux\flux.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
    C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    C:\Users\Lctalavera\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Morgan\m3jpegV3\MMTray.exe
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
    C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
    C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyicc.csb.edu:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
    O2 - BHO: WinZip Courier BHO - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Lctalavera\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
    O2 - BHO: SSOIEAddonBHO - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [OSD] c:\Program Files\OSD\Launch.exe
    O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
    O4 - HKLM\..\Run: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files (x86)\Morgan\m3jpegV3\MMTray.exe"
    O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [F.lux] "C:\Users\Lctalavera\Local Settings\Apps\F.lux\flux.exe" /noshow
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MSWUpdate] "C:\Users\Lctalavera\AppData\Roaming\svchost.exe"
    O4 - HKCU\..\Run: [Windows Host] C:\Users\Lctalavera\AppData\Roaming\svchost.exe
    O4 - Startup: Dropbox.lnk = Lctalavera\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Lctalavera\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Lctalavera\AppData\Roaming\FlashGetBHO\GetUrl.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://software.kuaiche.com
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6321/mcfscan.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O20 - Winlogon Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: Vista Session Launcher Service (CustomSvc) - Unknown owner - C:\Program Files\OSD\Service1.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: FAService - Sensible Vision - C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 15479 bytes



    Malwarebytes' Anti-Malware:

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7209

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    7/20/2011 6:11:14 PM
    mbam-log-2011-07-20 (18-11-14).txt

    Scan type: Quick scan
    Objects scanned: 175035
    Time elapsed: 10 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{0FE9BDB2-0FEC-EF3C-2FC2-ADDEB46ACD9F} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{0FE9BDB2-0FEC-EF3C-2FC2-ADDEB46ACD9F} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\VB AND VBA PROGRAM SETTINGS\Micronsoft (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSWUpdate (Trojan.Agent) -> Value: MSWUpdate -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Host (Trojan.Agent) -> Value: Windows Host -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\lctalavera\AppData\Roaming\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\lctalavera\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.



    GMER

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-07-20 20:42:15
    Windows 6.1.7601 Service Pack 1
    Running: t2npcke8.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\701a049bab3b
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\701a049bab3b@0026bb7acf13 0x96 0xDB 0xC5 0x03 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\701a049bab3b (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\701a049bab3b@0026bb7acf13 0x96 0xDB 0xC5 0x03 ...

    ---- Files - GMER 1.0.15 ----

    File C:\Users\Lctalavera\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000590 17364 bytes

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. ramenstyle

    ramenstyle TS Rookie Topic Starter

    Continuation...

    Second post needed to include DDS logs:


    DDS


    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Lctalavera at 20:47:01 on 2011-07-20
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.4085.1965 [GMT 8:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe
    C:\Program Files\Alienware\Command Center\AlienFusionService.exe
    C:\Windows\system32\nvvsvc.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\OSD\Service1.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Tunngle\TnglCtrl.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\UI0Detect.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Alienware\Command Center\AlienFusionController.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\OSD\Launch_CC.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Users\Lctalavera\Local Settings\Apps\F.lux\flux.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Users\Lctalavera\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
    C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    C:\Program Files\OSD\OSD_Main.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Morgan\m3jpegV3\MMTray.exe
    C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Lctalavera\Downloads\t2npcke8.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Xfire\Xfire.exe
    C:\Program Files (x86)\Xfire\xfire64.exe
    C:\Program Files (x86)\Xfire\xfire64.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Lctalavera\Desktop\dds.scr
    C:\Windows\SysWOW64\WSCRIPT.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.alienware.com/
    uInternet Settings,ProxyServer = proxyicc.csb.edu:80
    uInternet Settings,ProxyOverride = <local>
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
    BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Lctalavera\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
    BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
    uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    uRun: [F.lux] "C:\Users\Lctalavera\Local Settings\Apps\F.lux\flux.exe" /noshow
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
    mRun: [OSD] c:\Program Files\OSD\Launch.exe
    mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
    mRun: [FAStartup]
    mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    mRun: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    mRun: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    mRun: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [MMTray] "C:\Program Files (x86)\Morgan\m3jpegV3\MMTray.exe"
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    StartupFolder: C:\Users\LCTALA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Lctalavera\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download all by FlashGet3 - C:\Users\Lctalavera\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: Download by FlashGet3 - C:\Users\Lctalavera\AppData\Roaming\FlashGetBHO\GetUrl.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    Trusted Zone: kuaiche.com\software
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6321/mcfscan.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    LSA: Notification Packages = scecli FAPassSync
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    mRun-x64: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    mRun-x64: [Launch_CC App] c:\program files\osd\launch_cc.exe
    mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    mRun-x64: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
    mRun-x64: [(Default)]
    mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/01/13 14:44:12];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-4-16 146928]
    R2 AESTFilters;Andrea ST Filters Service;C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2011-7-8 89600]
    R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
    R2 CustomSvc;Vista Session Launcher Service;C:\Program Files\OSD\Service1.exe [2010-1-14 13312]
    R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-5 2409800]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-1-14 656624]
    R2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-7-13 737016]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
    R3 copperhd;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys --> C:\Windows\system32\drivers\copperhd.sys [?]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
    R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
    R3 ITECIRfilter;ITECIR Filter Driver;C:\Windows\system32\DRIVERS\ITECIRfilter.sys --> C:\Windows\system32\DRIVERS\ITECIRfilter.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files\OSD\WinRing0x64.sys [2010-1-14 14544]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-16 135664]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-7-6 1030600]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-16 135664]
    S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
    S3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTVE.sys --> C:\Windows\system32\DRIVERS\IAMTVE.sys [?]
    S3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTXPE.sys --> C:\Windows\system32\DRIVERS\IAMTXPE.sys [?]
    S3 ioatdma;Intel(R) QuickData Technology device;C:\Windows\system32\Drivers\qd260x64.sys --> C:\Windows\system32\Drivers\qd260x64.sys [?]
    S3 ioatdma1;ioatdma1;C:\Windows\system32\Drivers\qd162x64.sys --> C:\Windows\system32\Drivers\qd162x64.sys [?]
    S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\system32\Drivers\qd262x64.sys --> C:\Windows\system32\Drivers\qd262x64.sys [?]
    S3 iSSetup;iSSetup;C:\Windows\system32\DRIVERS\iSSetup.sys --> C:\Windows\system32\DRIVERS\iSSetup.sys [?]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-07-20 12:39:15 -------- d-----w- C:\Users\Lctalavera\AppData\Roaming\Xfire
    2011-07-20 12:39:12 -------- d-----w- C:\ProgramData\Xfire
    2011-07-20 12:39:11 -------- d-----w- C:\Program Files (x86)\Xfire
    2011-07-20 09:58:44 -------- d-----w- C:\Users\Lctalavera\AppData\Roaming\Malwarebytes
    2011-07-20 09:58:22 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-20 09:58:18 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-07-20 09:58:13 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-07-20 09:58:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-07-20 09:37:10 388096 ----a-r- C:\Users\Lctalavera\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-07-20 09:37:10 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-07-20 09:07:50 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1E7A8352-EC04-4080-98C1-7B7D468A2D8A}\mpengine.dll
    2011-07-20 06:32:05 -------- d-----w- C:\Users\Lctalavera\AppData\Roaming\IrfanView
    2011-07-20 06:30:21 876544 ---h--w- C:\Users\Lctalavera\AppData\Roaming\dolkml.exe
    2011-07-20 06:19:11 -------- d-----w- C:\Users\Lctalavera\AppData\Roaming\WinZip
    2011-07-20 06:14:47 -------- d-----w- C:\ProgramData\WinZipEC
    2011-07-20 06:14:45 -------- d-----w- C:\Program Files (x86)\WinZip Courier
    2011-07-20 06:14:41 -------- d-----w- C:\Windows\CD95F661A5C411AFB2CCABCD21A325B4.TMP
    2011-07-20 06:14:41 -------- d-----w- C:\Users\Lctalavera\AppData\Local\WinZip
    2011-07-19 08:18:31 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
    2011-07-19 03:40:08 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    2011-07-18 07:36:49 -------- d-----w- C:\ProgramData\ALM
    2011-07-16 18:37:01 446976 ----a-r- C:\Program Files (x86)\Microsoft Games\Fable III\paul.dll
    2011-07-16 10:59:19 -------- d-----w- C:\Program Files (x86)\Microsoft Games
    2011-07-15 15:16:47 -------- d-----w- C:\Users\Lctalavera\AppData\Roaming\Sony Creative Software Inc
    2011-07-15 14:04:39 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
    2011-07-15 14:00:50 -------- d-----w- C:\Program Files (x86)\Morgan
    2011-07-15 13:54:52 -------- d-----w- C:\Program Files\Sony
    2011-07-15 13:27:22 -------- d-----w- C:\Program Files (x86)\Lame For Audacity
    2011-07-15 13:23:55 -------- d-----w- C:\Users\Lctalavera\AppData\Local\Sony
    2011-07-15 13:22:24 -------- d-----w- C:\Program Files (x86)\Sony
    2011-07-15 10:01:05 -------- d-----w- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
    2011-07-15 09:37:19 110592 ----a-w- C:\Windows\System32\rtvcvfw32.dll
    2011-07-15 09:37:09 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
    2011-07-13 11:39:19 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-13 11:39:19 338944 ----a-w- C:\Windows\System32\conhost.exe
    2011-07-13 11:39:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-13 11:39:19 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-13 11:39:19 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-07-13 11:39:18 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-13 11:39:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-13 11:39:18 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-13 11:39:18 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-13 11:39:18 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-13 11:39:16 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-13 10:48:24 3137536 ----a-w- C:\Windows\System32\win32k.sys
    2011-07-13 10:00:48 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
    2011-07-13 10:00:48 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
    2011-07-13 08:26:10 -------- d-----w- C:\Users\Lctalavera\AppData\Roaming\Tunngle
    2011-07-13 08:26:10 -------- d-----w- C:\ProgramData\Tunngle
    2011-07-13 08:26:06 31232 ----a-w- C:\Windows\System32\drivers\tap0901t.sys
    2011-07-13 08:26:03 -------- d-----w- C:\Program Files (x86)\Tunngle
    2011-07-13 05:24:37 -------- d-----w- C:\ProgramData\Trymedia
    2011-07-13 04:53:45 -------- d-----w- C:\Program Files (x86)\S.W.A.T. 4
    2011-07-12 13:15:05 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
    2011-07-12 13:14:10 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2011-07-11 14:30:24 -------- d-----w- C:\Program Files (x86)\Eidos
    2011-07-11 14:29:56 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
    2011-07-11 14:29:56 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
    2011-07-11 14:29:55 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
    2011-07-11 14:29:55 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
    2011-07-11 14:29:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2011-07-11 14:29:55 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
    2011-07-11 14:29:55 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
    2011-07-11 14:29:55 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
    2011-07-11 13:41:22 -------- d-----w- C:\Users\Lctalavera\AppData\Local\ElevatedDiagnostics
    2011-07-11 13:11:15 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2011-07-11 13:11:05 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
    2011-07-11 13:10:44 -------- d-----w- C:\Users\Lctalavera\AppData\Roaming\DAEMON Tools Lite
    2011-07-11 13:10:44 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
    2011-07-11 02:02:42 -------- d-----r- C:\Users\Lctalavera\AppData\Roaming\Brother
    2011-07-10 08:08:09 -------- d-----w- C:\Users\Lctalavera\AppData\Roaming\Wargaming.net
    2011-07-10 04:35:51 -------- d-----w- C:\Users\Lctalavera\AppData\Roaming\2K Sports
    2011-07-08 06:40:05 605696 ------w- C:\Windows\System32\stapi64.dll
    2011-07-08 06:40:05 499712 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
    2011-07-08 06:40:05 431616 ----a-w- C:\Windows\System32\stcplx64.dll
    2011-07-08 06:40:05 209920 ----a-w- C:\Windows\System32\st646241.dll
    2011-07-08 06:40:05 1433088 ----a-w- C:\Windows\System32\stapo64.dll
    2011-07-08 06:40:03 -------- d-----w- C:\Program Files\IDT
    2011-07-06 16:24:58 -------- d-----w- C:\Users\Lctalavera\AppData\Local\Diagnostics
    2011-07-06 11:24:23 50808 ----a-w- C:\Windows\System32\drivers\SeratoUsb.sys
    2011-07-06 07:42:48 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
    2011-07-06 07:41:39 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared
    2011-07-06 07:39:22 -------- d-----w- C:\Users\Lctalavera\AppData\Roaming\Autodesk
    2011-07-06 07:39:22 -------- d-----w- C:\Users\Lctalavera\AppData\Local\Autodesk
    2011-07-06 07:39:22 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared
    2011-07-06 07:39:22 -------- d-----w- C:\Program Files\AutoCAD 2010
    2011-07-06 02:09:16 -------- d-----w- C:\Users\Lctalavera\AppData\Local\CrashRpt
    2011-07-05 18:23:30 -------- d-----w- C:\Users\Lctalavera\AppData\Local\Activision
    2011-07-05 15:49:35 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-07-05 12:00:46 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
    2011-07-04 18:54:22 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
    2011-07-04 12:52:07 -------- d-----w- C:\ProgramData\Alienware
    2011-07-04 12:42:40 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CD0066EE-9066-4256-B022-09603A114FE1}\gapaengine.dll
    2011-07-04 12:21:31 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA4D1F67-1AC9-4EB9-AC8B-FA8286543AC8}\mpengine.dll
    2011-07-04 12:08:42 -------- d-----w- C:\Downloads
    2011-07-04 12:08:25 -------- d-----w- C:\Users\Lctalavera\AppData\Roaming\BITS
    2011-07-04 12:08:17 -------- d-----w- C:\Users\Lctalavera\AppData\Roaming\FlashGet
    2011-07-04 12:08:14 -------- d-----w- C:\Users\Lctalavera\AppData\Roaming\FlashGetBHO
    2011-07-04 12:08:11 -------- d-----w- C:\Program Files (x86)\FlashGet Network
    2011-07-04 12:06:16 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2011-07-04 12:06:09 -------- d-----w- C:\Program Files\Microsoft Security Client
    2011-07-04 12:04:23 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
    2011-07-03 07:13:13 -------- d-----w- C:\Music
    2011-07-03 04:04:59 -------- d-----w- C:\Games
    2011-07-03 03:57:24 61440 ----a-r- C:\Users\Lctalavera\AppData\Roaming\Microsoft\Installer\{3F7423FB-8E9A-4EF4-BB8A-EAD6314CCB3D}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
    2011-07-03 03:57:24 61440 ----a-r- C:\Users\Lctalavera\AppData\Roaming\Microsoft\Installer\{3F7423FB-8E9A-4EF4-BB8A-EAD6314CCB3D}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe
    2011-07-03 03:57:22 -------- d-----w- C:\Program Files (x86)\Serato
    2011-07-03 03:56:28 -------- d-----w- C:\Windows\Downloaded Installations
    2011-07-02 17:55:26 -------- d-----w- C:\_ScratchLIVE_ 1
    2011-07-02 17:46:32 -------- d-----w- C:\ProgramData\Blizzard Entertainment
    2011-07-02 17:42:28 -------- d-----w- C:\Users\Lctalavera\My Backup Files
    2011-07-02 17:41:52 -------- d-----w- C:\Users\Lctalavera\AppData\Local\SoftThinks
    2011-07-02 17:33:25 -------- d-----w- C:\_ScratchLive_ Backup
    2011-07-02 14:29:25 -------- d-----w- C:\DJ ALAM NA
    2011-07-02 10:11:36 -------- d-----w- C:\Program Files (x86)\StarCraft II
    2011-07-01 17:05:12 360960 ----a-w- C:\Windows\System32\AACACM.acm
    2011-06-30 17:05:53 -------- d-----w- C:\Users\Lctalavera\AppData\Local\Electronic Arts
    2011-06-30 12:08:29 -------- d-----w- C:\Users\Lctalavera\AppData\Local\Apps
    2011-06-25 03:53:31 -------- d-----w- C:\Users\Lctalavera\AppData\Local\Apple Computer
    2011-06-25 03:53:03 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2011-06-25 03:53:03 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2011-06-25 03:53:03 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2011-06-25 03:52:52 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2011-06-25 03:52:52 -------- d-----w- C:\Program Files\iTunes
    2011-06-25 03:52:52 -------- d-----w- C:\Program Files\iPod
    2011-06-25 03:52:52 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-06-25 03:49:53 -------- d-----w- C:\Users\Lctalavera\AppData\Local\Apple
    2011-06-24 18:51:18 36352 ----a-w- C:\Windows\SysWow64\xfcodec.dll
    .
    ==================== Find3M ====================
    .
    2011-07-04 12:08:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-06-10 14:11:28 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    2011-05-18 19:00:00 222536 ----a-r- C:\Windows\tabctl32.ocx
    2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
    2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
    2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
    2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
    2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
    2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
    2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
    2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
    2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
    2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
    2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
    2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
    2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
    2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
    2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
    2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
    2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
    2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
    2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-04-30 17:24:51 4112 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
    2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-04-27 07:25:24 84864 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-04-25 14:44:44 6533584 ----a-w- C:\Users\Lctalavera\XobniSetup.exe
    2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
    2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    .
    ============= FINISH: 20:48:00.82 ===============
     
  3. ramenstyle

    ramenstyle TS Rookie Topic Starter

    Sorry for the triple-post, another post needed to fit DDS' log:


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/10/2011 11:18:17 AM
    System Uptime: 7/20/2011 8:09:58 PM (0 hours ago)
    .
    Motherboard: Alienware | |
    Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | CPU 1 | 1597/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 154.521 GiB free.
    D: is CDROM ()
    E: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: facap, FastAccess Video Capture
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Sensible Vision
    Name: facap, FastAccess Video Capture
    PNP Device ID: ROOT\IMAGE\0000
    Service: FACAP
    .
    ==== System Restore Points ===================
    .
    RP114: 7/17/2011 9:36:32 PM - Installed DirectX
    RP115: 7/19/2011 4:17:57 PM - Installed Microsoft XNA Framework Redistributable 4.0
    RP116: 7/20/2011 2:13:36 PM - Installed WinZip 15.5
    RP117: 7/20/2011 5:07:19 PM - Windows Update
    RP118: 7/20/2011 5:36:48 PM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Adobe AIR
    Adobe Community Help
    Adobe Dreamweaver CS5
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Illustrator CS5.1
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader 9.4.5
    Adobe Shockwave Player 11.5
    Advertising Center
    Apple Application Support
    Apple Software Update
    Audacity 1.3.13 (Unicode)
    Call of Duty: Black Ops
    Call of Duty: Black Ops - Multiplayer
    Citrix XenApp Web Plugin
    Command Center
    CyberLink PowerDVD 8
    CyberLink YouCam
    DAEMON Tools Lite
    Dead Space™ 2
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    DivX Player
    DivX Plus DirectShow Filters
    DivX Setup
    Dragon Age II
    Dropbox
    EA Download Manager
    F.lux
    Fable III
    FlashGet 3.3
    Google Chrome
    Google Update Helper
    HiJackThis
    Hitman Blood Money
    IDT Audio
    ImagXpress
    Installer
    Java Auto Updater
    Java(TM) 6 Update 26
    LAME v3.98.3 for Audacity
    Left 4 Dead 2
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Men of War: Assault Squad
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft XNA Framework Redistributable 4.0
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Morgan M-JPEG codec V3
    MSI Afterburner 2.2.0 Beta 5
    MSVCRT Redists
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    Nero 9 Essentials
    Nero BurnRights
    Nero BurnRights Help
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero Rescue Agent
    Nero StartSmart
    Nero StartSmart Help
    NeroExpress
    neroxml
    NVIDIA PhysX
    PDF Settings CS5
    QuickTime
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01
    S.W.A.T. 4
    Sanctum
    Scratch Live 2.2.0 (22033)
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype Toolbars
    Skype™ 5.3
    SSF Realism Mod
    Steam
    SWAT 4 - The Stetchkov Syndicate
    Terraria
    Tunngle beta
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2553975)
    VC80CRTRedist - 8.0.50727.4053
    Visual Studio 2008 x64 Redistributables
    WinRAR
    WinZip 15.5
    WinZip Courier
    Xfire (remove only)
    Yahoo! Messenger
    Yahoo! Software Update
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/20/2011 8:10:34 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
    7/20/2011 7:27:09 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.XZ&threatid=2147625929 Name: VirTool:Win32/Obfuscator.XZ ID: 2147625929 Severity: Severe Category: Tool Path: containerfile:_C:\Users\Lctalavera\Downloads\Fable III Crack & Update ONLY-SKIDROW.rar;containerfile:_C:\Users\Lctalavera\Downloads\Fable.III-SKIDROW\sr-fable3.iso;file:_C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{17DD00F1-0B83-494C-92DF-2D42C239D63F}-paul.dll;file:_C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{6797A614-29CA-4826-B6FA-5ED8A645EDA3}-paul.dll;file:_C:\Users\Lctalavera\AppData\Roaming\Microsoft\Windows\Recent\Fable III Crack & Update ONLY-SKIDROW.lnk;file:_C:\Users\Lctalavera\AppData\Roaming\Microsoft\Windows\Recent\sr-fable3.lnk;file:_C:\Users\Lctalavera\Downloads\Fable III Crack & Update ONLY-SKIDROW.rar->SKIDROW\paul.dll;file:_C:\Users\Lctalavera\Downloads\Fable.III-SKIDROW\sr-fable3.iso->SKIDROW\paul.dll Detection Origin: Local machine Detection Type: Heuristics Detection Source: User User: VINCE-LAPTOP\Lctalavera Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x800700df Error description: The file size exceeds the limit allowed and cannot be saved. Signature Version: AV: 1.107.2139.0, AS: 1.107.2139.0, NIS: 9.196.0.0 Engine Version: AM: 1.1.7000.0, NIS: 2.0.5854.0
    7/17/2011 5:11:45 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DHCP Client service, but this action failed with the following error: An instance of the service is already running.
    7/17/2011 5:10:45 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio service, but this action failed with the following error: An instance of the service is already running.
    7/17/2011 5:10:45 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the HomeGroup Provider service, but this action failed with the following error: An instance of the service is already running.
    7/17/2011 5:09:45 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/17/2011 5:09:45 PM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/17/2011 5:09:45 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    7/17/2011 5:09:45 PM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    7/17/2011 5:09:45 PM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/17/2011 5:09:45 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    7/17/2011 2:10:06 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    7/17/2011 2:07:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    7/17/2011 2:07:24 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    7/17/2011 2:07:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    7/17/2011 2:07:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    7/17/2011 2:07:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    7/17/2011 2:07:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/17/2011 2:07:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    7/17/2011 2:07:02 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr Tcpip tdx Wanarpv6 WfpLwf
    7/17/2011 2:07:02 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/17/2011 2:07:02 AM, Error: Service Control Manager [7001] - The TunngleService service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
    7/17/2011 2:07:02 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/17/2011 2:07:02 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/17/2011 2:07:02 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    7/17/2011 2:07:02 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/17/2011 2:07:02 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/17/2011 2:07:02 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    7/17/2011 2:07:02 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/17/2011 2:07:02 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
    7/17/2011 2:07:02 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/17/2011 2:07:02 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/17/2011 2:07:02 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/14/2011 3:39:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.107.1567.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x80072ee2 Error description: The operation timed out
    7/14/2011 3:02:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 3 for x64-based Systems (KB973685).
    7/13/2011 4:29:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    7/13/2011 4:29:54 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/13/2011 4:21:50 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {9C0BA3C1-2B67-45EB-BF69-BED9658D28D2} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -Embedding
    7/13/2011 12:34:40 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    .
    ==== End Of File ===========================
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I will attempt to find out where the 'hijack' is coming from.

    Thank you. Many don't bother going back and doing this. It is much appreciated as we don't 'screen' for malware using HijackThis..
    =============================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    These 2 processes are from the W32/SillyFD-V worm. This infection is commonly, but not always, seen in a users Application Data path
    O4 - HKCU\..\Run: [MSWUpdate] "C:\Users\Lctalavera\AppData\Roaming\svchost.exe"
    O4 - HKCU\..\Run: [Windows Host] C:\Users\Lctalavera\AppData\Roaming\svchost.exe

    They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.

    And the Microsoft Antimalware flagged VirTool:Win32/Obfuscator on 7/20 on a program that appears to have been pirated: Fable.III These are detections for programs that have had their purpose obfuscated to hinder analysis or detection by anti-virus scanners. They commonly employ a combination of methods including encryption, compression, anti-debugging and anti-emulation techniques.
    =======================================
    Mbam has removed some entries. We will find and remove others. If you are using a flash drive, it needs to be disinfected:
    • Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
    • Install and run it.
    • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.
    There are 18 processes created on 7/20, the same date the logs were created. Of those, only 7 are for the security scans. There are also multiple files created in the two days before. You are using multiple file sharing programs. If you continue to use them, you will continue to get malware.
    ==================================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ======================================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...