Hi, my computer keeps popping up with the MoneyPak virus. I can remove it temporarily by accessing the computer through another user and running Malwarebytes, but it recurs within a day or so. Below are my logs, any help appreciated. Andrew
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.10.27.05
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Andrew :: ANDREW-PC [administrator]
27/10/2013 15:48:35
mbam-log-2013-10-27 (15-48-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229231
Time elapsed: 10 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent.RNS) -> Data: explorer.exe,C:\Users\Andrew\AppData\Roaming\skype.dat -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by Andrew at 16:07:21 on 2013-10-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3004.1542 [GMT -4:00]
.
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\COMODO\launcher_service.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\Acer Bio Protection\BASVC.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files\Comodo\GeekBuddy\unit.exe
C:\Program Files\Comodo\COMODO Internet Security\cis.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Andrew\AppData\Local\Temp\nsvD625.tmp\ns8355.tmp
C:\Windows\system32\conhost.exe
C:\Users\Andrew\AppData\Local\Temp\nsvD625.tmp\PEV.DAT
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome frame\application\30.0.1599.101\npchrome_frame.dll
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Google Update] "c:\users\andrew\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized
mRun: [tvncontrol] "c:\program files\common files\comodo\GeekBuddyRSP.exe" -controlservice -slave
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:147
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:147
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer bio protection\PwdBank.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110926150838
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://soem.webex.com/client/T27LC/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E78E00BB-66CB-4C40-B91C-51BEFE20CDE2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E78E00BB-66CB-4C40-B91C-51BEFE20CDE2}\14C6D28416D6262716 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E78E00BB-66CB-4C40-B91C-51BEFE20CDE2}\64F445A5D275946494 : DHCPNameServer = 192.168.100.4
TCP: Interfaces\{E78E00BB-66CB-4C40-B91C-51BEFE20CDE2}\84F6D656 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\30.0.1599.101\npchrome_frame.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Notification Packages = c:\program files\acer bio protection\PwdFilter
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-9-10 97008]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2013-5-7 35064]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2013-6-18 20072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2013-6-18 582936]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2013-6-18 44752]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-1-9 218176]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\drivers\hmd.sys [2013-10-4 15400]
R1 RapportCerberus_56758;RapportCerberus_56758;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_56758.sys [2013-8-26 330960]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-9-10 148688]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-9-10 222416]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2013-10-11 70352]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\drivers\FPSensor.sys [2011-1-3 29744]
R2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\common files\comodo\GeekBuddyRSP.exe [2013-10-11 2327248]
R2 IGBASVC;EgisTec Service;c:\program files\acer bio protection\BASVC.exe [2009-9-5 3450368]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-25 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-10-25 701512]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-9-10 1435928]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2012-12-10 479224]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-5-20 59904]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-1-3 116136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-25 22856]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 acsock;acsock;c:\windows\system32\drivers\acsock.sys [2012-6-7 92112]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\comodo\comodo internet security\cmdvirth.exe [2013-6-18 131288]
S4 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2013-10-26 13:55:40 -------- d--h--w- C:\VTRoot
2013-10-26 13:55:38 2144 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-10-26 03:04:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-26 03:04:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-20 23:12:35 -------- d-----w- c:\users\andrew\appdata\local\calibre-cache
2013-10-13 23:42:33 -------- d-----w- c:\program files\common files\COMODO
2013-10-04 08:15:04 15400 ----a-w- c:\windows\system32\drivers\hmd.sys
2013-09-30 16:01:09 737280 ----a-w- c:\windows\iun6002.exe
2013-09-30 15:57:29 -------- d-----w- c:\program files\AAZV Collected Proceedings 1968-2013
.
==================== Find3M ====================
.
2013-10-04 08:15:04 15400 ----a-w- c:\windows\inf\hmd\hmd.sys
2013-09-24 10:54:08 582936 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-09-24 10:54:08 44752 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-09-24 10:54:07 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-09-24 10:53:51 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2013-09-24 10:53:51 354240 ----a-w- c:\windows\system32\guard32.dll
2013-09-24 10:53:35 280792 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-09-24 10:53:34 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-09-11 03:18:28 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-09-05 09:35:06 55504 ----a-w- c:\windows\system32\offreg.dll
2013-08-03 01:21:57 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-08-03 01:21:57 1060864 ----a-w- c:\windows\system32\mfc71.dll
.
============= FINISH: 16:07:51.40 ===============
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.10.27.05
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Andrew :: ANDREW-PC [administrator]
27/10/2013 15:48:35
mbam-log-2013-10-27 (15-48-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229231
Time elapsed: 10 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent.RNS) -> Data: explorer.exe,C:\Users\Andrew\AppData\Roaming\skype.dat -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by Andrew at 16:07:21 on 2013-10-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3004.1542 [GMT -4:00]
.
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\COMODO\launcher_service.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\Acer Bio Protection\BASVC.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files\Comodo\GeekBuddy\unit.exe
C:\Program Files\Comodo\COMODO Internet Security\cis.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Andrew\AppData\Local\Temp\nsvD625.tmp\ns8355.tmp
C:\Windows\system32\conhost.exe
C:\Users\Andrew\AppData\Local\Temp\nsvD625.tmp\PEV.DAT
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome frame\application\30.0.1599.101\npchrome_frame.dll
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Google Update] "c:\users\andrew\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized
mRun: [tvncontrol] "c:\program files\common files\comodo\GeekBuddyRSP.exe" -controlservice -slave
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:147
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:147
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer bio protection\PwdBank.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110926150838
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://soem.webex.com/client/T27LC/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E78E00BB-66CB-4C40-B91C-51BEFE20CDE2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E78E00BB-66CB-4C40-B91C-51BEFE20CDE2}\14C6D28416D6262716 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E78E00BB-66CB-4C40-B91C-51BEFE20CDE2}\64F445A5D275946494 : DHCPNameServer = 192.168.100.4
TCP: Interfaces\{E78E00BB-66CB-4C40-B91C-51BEFE20CDE2}\84F6D656 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\30.0.1599.101\npchrome_frame.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Notification Packages = c:\program files\acer bio protection\PwdFilter
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-9-10 97008]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2013-5-7 35064]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2013-6-18 20072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2013-6-18 582936]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2013-6-18 44752]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-1-9 218176]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\drivers\hmd.sys [2013-10-4 15400]
R1 RapportCerberus_56758;RapportCerberus_56758;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_56758.sys [2013-8-26 330960]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-9-10 148688]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-9-10 222416]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2013-10-11 70352]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\drivers\FPSensor.sys [2011-1-3 29744]
R2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\common files\comodo\GeekBuddyRSP.exe [2013-10-11 2327248]
R2 IGBASVC;EgisTec Service;c:\program files\acer bio protection\BASVC.exe [2009-9-5 3450368]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-25 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-10-25 701512]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-9-10 1435928]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2012-12-10 479224]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-5-20 59904]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-1-3 116136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-25 22856]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 acsock;acsock;c:\windows\system32\drivers\acsock.sys [2012-6-7 92112]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\comodo\comodo internet security\cmdvirth.exe [2013-6-18 131288]
S4 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2013-10-26 13:55:40 -------- d--h--w- C:\VTRoot
2013-10-26 13:55:38 2144 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-10-26 03:04:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-26 03:04:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-20 23:12:35 -------- d-----w- c:\users\andrew\appdata\local\calibre-cache
2013-10-13 23:42:33 -------- d-----w- c:\program files\common files\COMODO
2013-10-04 08:15:04 15400 ----a-w- c:\windows\system32\drivers\hmd.sys
2013-09-30 16:01:09 737280 ----a-w- c:\windows\iun6002.exe
2013-09-30 15:57:29 -------- d-----w- c:\program files\AAZV Collected Proceedings 1968-2013
.
==================== Find3M ====================
.
2013-10-04 08:15:04 15400 ----a-w- c:\windows\inf\hmd\hmd.sys
2013-09-24 10:54:08 582936 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-09-24 10:54:08 44752 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-09-24 10:54:07 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-09-24 10:53:51 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2013-09-24 10:53:51 354240 ----a-w- c:\windows\system32\guard32.dll
2013-09-24 10:53:35 280792 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-09-24 10:53:34 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-09-11 03:18:28 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-09-05 09:35:06 55504 ----a-w- c:\windows\system32\offreg.dll
2013-08-03 01:21:57 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-08-03 01:21:57 1060864 ----a-w- c:\windows\system32\mfc71.dll
.
============= FINISH: 16:07:51.40 ===============