Resolved Help me about this malware: C:\Windows\assembly\temp\kwrd.dll

Status
Not open for further replies.
D

dnomhcir

I'm using VIPRE PREMIUM ANTIVIRUS. kwrd.dll & desktop.ini keeps appearing.
My Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122701

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

12/27/2011 4:13:32 PM
mbam-log-2011-12-27 (16-13-32).txt

Scan type: Quick scan
Objects scanned: 207872
Time elapsed: 6 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ONETWO (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svflooje (Trojan.PWS) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\6669 (Trojan.Agent.BH) -> Value: 6669 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ONETWO\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ONETWO\Description (Trojan.Agent) -> Value: Description -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe, svdhalp.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\local settings\Temp\pifoubsafwo.bat (Trojan.Agent.BH) -> Quarantined and deleted successfully.
c:\Windows\System32\backup_account.exe (Trojan.Bat.Disabler) -> Quarantined and deleted successfully.
c:\Windows\System32\svdhalp.exe.ini311 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\svdhalp.exe.ini458 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\svdhalp.exe686 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\svdhalp.exe738 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\backup_account.exe (Trojan.Bat.Disabler) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\svdhalp.exe.ini311 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\svdhalp.exe.ini458 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\svdhalp.exe686 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\svdhalp.exe738 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\svflooje.exe43 (Spyware.Password) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\drivers\svflooje.exe43 (Spyware.Password) -> Quarantined and deleted successfully.
c:\Users\SOLAR\AppData\Local\Temp\006657d1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\015d73bf.tmp (Spyware.Password) -> Quarantined and deleted successfully.
c:\Windows\Temp\015db5fc.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\0165dc9f.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\nvidia corporation\Update\daemonupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\syskey2i.drv (Trojan.Spybot) -> Quarantined and deleted successfully.



==GMER==
no results

==DDS==

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0
Run by SOLAR at 16:46:01 on 2011-12-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1783.530 [GMT 8:00]
.
AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Sunbelt VIPRE *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
svchost.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\SOLAR\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Users\SOLAR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SOLAR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SOLAR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SOLAR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\SOLAR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Users\SOLAR\Downloads\Compressed\I-Hacks\Hotspot_Shield_2.18_powered_by_Portable_Openvpn_2.1_DEC_2,_2011-GLOBE\Hotspot Shield.exe
C:\Users\SOLAR\Downloads\Compressed\I-Hacks\Hotspot_Shield_2.18_powered_by_Portable_Openvpn_2.1_DEC_2,_2011-GLOBE\app\bin\openvpn-gui.exe
C:\Users\SOLAR\Downloads\Compressed\I-Hacks\Hotspot_Shield_2.18_powered_by_Portable_Openvpn_2.1_DEC_2,_2011-GLOBE\app\bin\openvpn.exe
C:\Windows\system32\conhost.exe
C:\Users\SOLAR\Downloads\Compressed\I-Hacks\Hotspot_Shield_2.18_powered_by_Portable_Openvpn_2.1_DEC_2,_2011-GLOBE\data\config\FINGER.exe
C:\Users\SOLAR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://search.autocompletepro.com/?si=10211&bi=400
uStart Page = hxxp://fb.com/
uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=10211&bi=400
uSearch Bar = hxxp://search.autocompletepro.com/?si=10211&bi=400
uInternet Settings,ProxyOverride = local
mSearchAssistant = hxxp://start.facemoods.com/?a=xnd&s={searchTerms}&f=4
uURLSearchHooks: H - No File
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB: {F897EB0E-A3A4-46C3-80EB-2729699D8892} - No File
uRun: [<NO NAME>]
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [F.lux] "C:\Users\SOLAR\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe
mRun: [SBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [Google Update] C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\gupdate.exe /app 2EF345EF00EA6B4904B1BF311B6E7EAA
mExplorerRun: [6669] C:\PROGRA~3\LOCALS~1\Temp\pifoubsafwo.bat
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACROBA~1.LNK - C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: Interfaces\{3F17E23F-E133-426B-B6AC-B0E6F59DAA4A} : NameServer = 10.62.40.1
TCP: Interfaces\{50808393-2F5A-4841-82C4-A3DE7BD7836A} : NameServer = 4.2.2.1 4.2.2.2
TCP: Interfaces\{D68778AA-943C-4F57-99AE-2D956DEBCF76} : NameServer = 202.126.40.5 222.127.143.5
TCP: Interfaces\{F47A9EFB-F477-42F6-837E-49FC9C43E7DB} : NameServer = 10.3.16.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
IFEO: acrodist.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: acrotray.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: connectify.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: generatelogs.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: troubleshooter.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {F897EB0E-A3A4-46C3-80EB-2729699D8892} - No File
mRun-x64: [SBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
IFEO-X64: acrodist.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: acrotray.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: connectify.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: generatelogs.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: troubleshooter.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SOLAR\AppData\Roaming\Mozilla\Firefox\Profiles\6t79tltg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - fb.com
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8000
FF - prefs.js: network.proxy.gopher - sneakme.net
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8000
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8000
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8000
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Users\SOLAR\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\SOLAR\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\SOLAR\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: C:\Users\SOLAR\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\SOLAR\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\SOLAR\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 cnnctfy2;Connectify LightWeight Filter;C:\Windows\system32\DRIVERS\cnnctfy2.sys --> C:\Windows\system32\DRIVERS\cnnctfy2.sys [?]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-8-29 101720]
R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-12-9 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-12-9 8456]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\system32\DRIVERS\ewusbdev.sys --> C:\Windows\system32\DRIVERS\ewusbdev.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 SbHips;SbHips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
.
=============== Created Last 30 ================
.
2011-12-27 08:27:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-27 08:27:44 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-27 08:27:27 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-27 08:27:27 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-27 08:03:21 -------- d-----w- C:\Users\SOLAR\AppData\Roaming\Malwarebytes
2011-12-27 08:02:47 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-27 08:02:43 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-27 08:02:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-26 15:22:49 -------- d-----w- C:\Windows\SysWow64\SupportAppXL
2011-12-24 03:06:17 -------- d-----we C:\Windows\system64
2011-12-22 06:10:57 25920 ----a-w- C:\Windows\System32\authuitu.dll
2011-12-22 06:10:57 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
2011-12-22 06:10:53 35648 ----a-w- C:\Windows\System32\uxtuneup.dll
2011-12-22 06:10:53 28992 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2011-12-18 02:21:03 0 ---ha-w- C:\Users\SOLAR\AppData\Local\BIT7FAF.tmp
2011-12-14 12:56:36 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2011-12-14 12:56:36 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2011-12-14 12:56:36 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2011-12-14 12:56:36 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2011-12-14 12:56:34 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2011-12-14 12:56:34 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2011-12-14 12:51:19 -------- d-----w- C:\Users\SOLAR\AppData\Local\Skyrim
2011-12-14 12:33:04 -------- d-----w- C:\Users\SOLAR\AppData\Roaming\Ubisoft
2011-12-10 22:42:01 29696 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys
2011-12-10 22:42:01 246224 ----a-w- C:\Windows\System32\drivers\ewusbnet.sys
2011-12-10 22:42:01 117504 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
2011-12-10 22:42:01 114304 ----a-w- C:\Windows\System32\drivers\ewusbdev.sys
2011-12-09 12:11:13 -------- d-----w- C:\Users\SOLAR\AppData\Roaming\.minecraft
2011-12-07 07:37:00 -------- d-----w- C:\ch2_oop
2011-11-28 01:30:36 0 ---ha-w- C:\Users\SOLAR\AppData\Local\BIT48E2.tmp
2011-11-27 11:23:25 -------- d-----w- C:\Program Files (x86)\Globe Broadband
2011-11-27 11:12:38 -------- d-----w- C:\ProgramData\Mobile Partner
2011-11-27 11:08:52 1721576 ----a-r- C:\Windows\System32\drivers\WdfCoInstaller01009.dll
.
==================== Find3M ====================
.
2011-12-14 11:47:06 34624 ----a-w- C:\Windows\System32\TURegOpt.exe
2011-11-26 19:31:08 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-12 13:55:44 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-11-12 13:55:43 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-11-12 13:55:43 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-11-12 13:55:43 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-10-23 18:46:04 53800 ----a-w- C:\Windows\System32\drivers\btusbflt.sys
2011-10-20 23:26:22 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
2011-10-06 23:24:55 325305 ----a-w- C:\ProgramData\bdinstall.bin
2011-10-05 21:14:46 502 ----a-w- C:\ProgramData\1317849286.bdinstall.bin
2011-10-05 21:14:26 502 ----a-w- C:\ProgramData\1317849266.bdinstall.bin
2011-10-05 21:14:10 502 ----a-w- C:\ProgramData\1317849241.bdinstall.bin
2011-10-03 13:21:39 31344 ----a-w- C:\Windows\System32\drivers\cnnctfy2.sys
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:09:30 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-09-02 05:03:28 730192 ----a-w- C:\Program Files (x86)\Common Files\ZugoInstaller.exe
.
============= FINISH: 16:47:28.42 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/8/2010 8:09:37 AM
System Uptime: 12/27/2011 4:15:47 PM (0 hours ago)
.
Motherboard: Acer | | ZQ8
Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz | CPU | 1999/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 97.307 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 319 GiB total, 61.74 GiB free.
F: is CDROM (CDFS)
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Sunbelt Software Firewall NDIS IM Filter Miniport
Device ID: ROOT\SB_SBFWIMCLMP\0006
Manufacturer: Sunbelt Software, Inc.
Name: Sunbelt Software Firewall NDIS IM Filter Miniport #71
PNP Device ID: ROOT\SB_SBFWIMCLMP\0006
Service: SBFWIMCL
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP134: 12/10/2011 6:26:20 AM - Scheduled Checkpoint
RP135: 12/14/2011 8:54:47 PM - Installed DirectX
RP136: 12/26/2011 11:22:15 PM - Installed PLDT Weroam PLUS
RP137: 12/27/2011 12:21:33 AM - Removed PLDT Weroam PLUS
RP138: 12/27/2011 4:34:26 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Acer Crystal Eye Webcam Video Class Camera
Adobe Acrobat Distiller 6.0
Adobe Flash Player 10 ActiveX
Adobe PageMaker 7.0
Adobe Reader 8.3.1
Akamai NetSession Interface
Akamai NetSession Interface Service
Alcor Micro USB Card Reader
Angry Birds
Angry Birds Rio
Angry Birds Seasons
Apple Software Update
Atheros Client Installation Program
Bid For Power
Cheat Engine 6.0
Common
Contents
DeviceIO
DivX Setup
Driver Reviver
EASEUS Partition Master 6.5.2 Home Edition
F.lux
Facebook Video Calling 1.0.0.8953
Fiddler2
Free YouTube Downloader 3.3.115
Game Booster 3
Garena Plus
Globe Broadband
Google Chrome
Google Talk Plugin
Google Update Helper
ICA
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
IPM_VS_Pro
ISCOM
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7
Java(TM) SE Development Kit 7
Machinarium
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
magicJack
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SOAP Toolkit 3.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 6.0 (x86 en-US)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed™ Carbon
Need For Speed™ World
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Notepad++
NVIDIA PhysX
OpenAL
OpenVPN 2.2-RC2
Opera 11.00 beta build 1111
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
Portal
PureHD
Python 2.5.4
QuickTime
Realtek High Definition Audio Driver
RockMelt
San Andreas Mod Installer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Setup
Share
Skype Click to Call
Skype™ 5.5
SmartSound Common Data
SmartSound Quicktracks 5
SopCast 3.4.0
Spiral Knights
Steam
System Requirements Lab
Team Fortress 2
TINcan Race version v1.0.0.1
TouchRemote Server
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Uniblue DriverScanner
Uniblue PowerSuite
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
VC80CRTRedist - 8.0.50727.6195
VIO
VIPRE Antivirus Premium
VLC media player 1.1.11
VSClassic
VSPro
Winamp
Winamp Detector Plug-in
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/27/2011 4:44:08 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
12/27/2011 4:17:39 PM, Error: Service Control Manager [7022] - The VIPRE Antivirus Premium service hung on starting.
12/27/2011 4:16:08 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/27/2011 4:16:08 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/27/2011 4:16:08 PM, Error: Service Control Manager [7000] - The PMBDeviceInfoProvider service failed to start due to the following error: The system cannot find the path specified.
12/27/2011 4:16:08 PM, Error: Service Control Manager [7000] - The Hotspot Shield Service service failed to start due to the following error: The system cannot find the path specified.
12/27/2011 4:16:08 PM, Error: Service Control Manager [7000] - The Hotspot Shield Monitoring Service service failed to start due to the following error: The system cannot find the path specified.
12/27/2011 4:16:07 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/27/2011 3:24:33 PM, Error: Service Control Manager [7000] - The svflooje service failed to start due to the following error: The system cannot find the file specified.
12/27/2011 1:20:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
12/27/2011 1:20:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
12/27/2011 1:18:16 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/27/2011 1:18:16 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/27/2011 1:18:16 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/27/2011 1:18:16 PM, Error: Service Control Manager [7031] - The TuneUp Theme Extension service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/27/2011 1:18:16 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/27/2011 1:18:16 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/27/2011 1:18:16 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/27/2011 1:18:16 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/27/2011 1:18:16 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/27/2011 1:18:16 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/27/2011 1:18:16 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/27/2011 1:18:16 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/27/2011 1:18:16 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/27/2011 1:18:16 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/27/2011 1:18:16 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/24/2011 7:15:30 AM, Error: Service Control Manager [7034] - The VIPRE Antivirus Premium service terminated unexpectedly. It has done this 2 time(s).
12/24/2011 7:15:22 AM, Error: Service Control Manager [7034] - The SB Recovery Service service terminated unexpectedly. It has done this 1 time(s).
12/24/2011 7:14:49 AM, Error: Service Control Manager [7034] - The VIPRE Antivirus Premium service terminated unexpectedly. It has done this 1 time(s).
12/24/2011 7:14:31 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
12/24/2011 7:10:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management & Security Application User Notification Service service to connect.
12/24/2011 7:10:17 AM, Error: Service Control Manager [7000] - The Intel(R) Management & Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/24/2011 7:09:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
12/24/2011 7:09:15 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/24/2011 7:08:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.
12/24/2011 7:08:29 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/24/2011 7:07:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
12/24/2011 7:07:43 AM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/24/2011 7:06:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
12/24/2011 7:04:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
12/24/2011 7:03:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SSDP Discovery service to connect.
12/24/2011 7:03:50 AM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/24/2011 1:45:42 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
12/24/2011 1:44:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the svflooje service to connect.
12/24/2011 1:44:18 PM, Error: Service Control Manager [7000] - The svflooje service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/24/2011 1:43:53 PM, Error: Service Control Manager [7030] - The svflooje service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/24/2011 1:43:50 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/23/2011 8:51:36 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Connectify service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/23/2011 8:51:26 PM, Error: Service Control Manager [7031] - The Connectify service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
.
==== End Of File ===========================
 
Welcome to TechSpot! There is still malware on the system.

It would be helpful if you gave me description of the problems. Is the kwrd.dll file the only problem you notice?

Let's run the following first:
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    ***Please note: if you have downloaded Combofix to a flash drive, then run it on the infected machine> the Recovery Console will not install- just bypass and go on.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.

I will follow with other specific scans after I reveiw that log. Please leave log in next reply.
=========================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
uhm.

uhm. i've already used system restore.. and the virus stop showing..
should i scan the whole drive?

i've used system restore 'cause the system already failed to boot up.
 
The instructions tell you not to do a System Restore.
You were asked to tell us of any new problems.

If the problem returns, start a new thread and follow the directions.

This thread is closed.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
795
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back