TechSpot

I believe my system is infected! Logs "Pasted" for review

By TheSpunOne
Nov 13, 2011
  1. Greetings!

    I have gone thru the 5 step that are suggested as a start. I firmly believe that my system is infected, or something, but all the scans that i have done and that i can think of doing are saying its clean. My system doesn't run smoothly. I have uninstalled everything i don't use, fixed the registry, run ccleaner and still no change. I would appreciate some advice and knowledge. I am not sure what to look for or should i say what not to look for in running these scans. The more i can learn the better off ill be. I have attached the logs from the scans that i was instructed to do. Thank you in advance for your help and wisdom.

    Benji

    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume3
    Install Date: 9/3/2010 6:30:47 PM
    System Uptime: 11/12/2011 8:03:51 PM (9 hours ago)
    .
    Motherboard: ASRock | | G41M-GS
    Processor: Intel(R) Celeron(R) CPU E3300 @ 2.50GHz | CPUSocket | 2500/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 10 GiB total, 0.761 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 456 GiB total, 293.494 GiB free.
    F: is FIXED (NTFS) - 58 GiB total, 27.828 GiB free.
    G: is FIXED (NTFS) - 54 GiB total, 47.251 GiB free.
    H: is CDROM (CDFS)
    L: is FIXED (NTFS) - 466 GiB total, 287.296 GiB free.
    M: is FIXED (NTFS) - 466 GiB total, 419.965 GiB free.
    N: is FIXED (NTFS) - 466 GiB total, 465.61 GiB free.
    O: is FIXED (NTFS) - 466 GiB total, 465.611 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Linksys Wireless-G PCI Adapter
    Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\4&2C30955E&0&00F0
    Manufacturer: Linksys, A Division of Cisco Systems, Inc.
    Name: Linksys Wireless-G PCI Adapter
    PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\4&2C30955E&0&00F0
    Service: rt61x64
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_81681849&REV_03\4&1BA3C945&0&00E1
    Manufacturer: Realtek
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_81681849&REV_03\4&1BA3C945&0&00E1
    Service: RTL8167
    .
    ==== System Restore Points ===================
    .
    RP150: 10/27/2011 3:00:13 AM - Windows Update
    RP151: 11/6/2011 8:36:50 PM - Scheduled Checkpoint
    RP28: 11/9/2011 2:27:44 AM - Windows Update
    RP152: 11/9/2011 3:00:14 AM - Windows Update
    RP153: 11/9/2011 9:43:17 AM - Installed Java(TM) 6 Update 29
    RP154: 11/11/2011 3:00:12 AM - Windows Update
    RP155: 11/12/2011 5:04:42 PM - Configured PowerDVD
    RP156: 11/12/2011 5:06:06 PM - Configured Power2Go
    RP157: 11/12/2011 5:08:13 PM - Configured LabelPrint
    RP158: 11/12/2011 5:10:19 PM - Configured PowerProducer
    RP159: 11/12/2011 5:11:41 PM - Configured PowerStarter
    RP160: 11/12/2011 5:42:33 PM - Windows Update
    RP161: 11/12/2011 5:57:26 PM - Removed Privatefirewall 7.0
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ĀµTorrent
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Apple Application Support
    Apple Software Update
    ASRock IES
    ASRock InstantBoot
    ASRock OC Tuner
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DVD Flick 1.3.0.7
    FormatFactory 2.70
    Foxit Reader
    Free Video to MP3 Converter version 4.3.815
    Freecorder 4.02B Application
    Freecorder Toolbar
    G-Force
    Game Maker 8.0
    GameHouse Games Collection: Casino Island To Go
    GameHouse Games Collection: Hamsterball
    GameHouse Games Collection: Mad Caps
    GameHouse Games Collection: Trivia Machine
    Google Chrome
    Google Earth
    Google Talk (remove only)
    Google Update Helper
    HijackThis 2.0.2
    Hoyle Slots 2011 (remove only)
    ImgBurn
    iPhone Explorer 2.112
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 6 Update 29
    K-Lite Mega Codec Pack 7.8.0
    LabSim
    LimeWire PRO 4.18.8
    Magic ISO Maker v5.4 (build 0239)
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Masque IGT Slots Little Green Men
    Masque IGT Slots Texas Tea
    Masque IGT Slots Wolf Run
    Microsoft Expression Blend
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Project MUI (English) 2010
    Microsoft Office Project Professional 2010
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2007
    Microsoft Project Professional 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Streets & Trips 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable Package
    Mozilla Firefox 7.0.1 (x86 en-US)
    Mozilla Thunderbird (3.1)
    Mp3tag v2.49
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 7 Ultra Edition
    neroxml
    Notepad++
    Octoshape add-in for Adobe Flash Player
    QuickTime
    Ralink RT6x Wireless LAN Card
    Realtek Ethernet Controller Driver
    Roll
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    SoulSeek 157 NS 13e
    Spybot - Search & Destroy
    TeamViewer 6
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2523113)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.1.11
    Windows 7 USB/DVD Download Tool
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinSCP 4.3.3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/13/2011 5:48:25 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    11/12/2011 8:04:38 PM, Error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The system cannot find the file specified.
    11/12/2011 8:04:03 PM, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
    11/12/2011 8:03:06 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    11/12/2011 7:06:39 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    11/12/2011 7:06:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/12/2011 7:06:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/12/2011 7:06:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/12/2011 7:06:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/12/2011 7:06:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr vmm Wanarpv6
    11/12/2011 7:03:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vmm VWiFiFlt Wanarpv6 WfpLwf
    11/12/2011 7:03:37 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/12/2011 7:03:37 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/12/2011 7:03:37 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/12/2011 7:03:37 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/12/2011 7:03:37 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/12/2011 7:03:37 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    11/12/2011 7:03:37 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/12/2011 7:03:37 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/12/2011 7:03:37 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/12/2011 7:03:37 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/12/2011 7:00:21 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2607576).
    11/12/2011 6:58:10 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    11/12/2011 6:58:10 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    11/11/2011 8:01:20 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR4.
    11/10/2011 9:52:49 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JDOGG-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A3829E5D-31A3-4B9B-AEBB-8952943179EB}. The master browser is stopping or an election is being forced.
    .
    ==== End Of File ===========================

    DDS.txt

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by The SPun One at 5:48:34 on 2011-11-13
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2813.1649 [GMT -6:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    E:\Windows\system32\wininit.exe
    E:\Windows\system32\lsm.exe
    E:\Windows\system32\svchost.exe -k DcomLaunch
    E:\Windows\system32\svchost.exe -k RPCSS
    E:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    E:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    E:\Windows\system32\svchost.exe -k netsvcs
    E:\Windows\system32\svchost.exe -k LocalService
    E:\Program Files\Sandboxie\SbieSvc.exe
    E:\Windows\system32\svchost.exe -k NetworkService
    E:\Windows\System32\spoolsv.exe
    E:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    E:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    E:\Program Files\Bonjour\mDNSResponder.exe
    E:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    E:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe
    E:\Windows\system32\taskhost.exe
    E:\Windows\system32\Dwm.exe
    E:\Windows\Explorer.EXE
    E:\Windows\system32\svchost.exe -k imgsvc
    E:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    E:\Windows\System32\hkcmd.exe
    E:\Windows\System32\igfxpers.exe
    E:\Program Files\Windows Sidebar\sidebar.exe
    E:\Program Files (x86)\Freecorder\FLVSrvc.exe
    E:\Program Files (x86)\AVG\AVG10\avgtray.exe
    E:\Program Files (x86)\iTunes\iTunesHelper.exe
    E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    E:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    E:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    E:\Program Files\iPod\bin\iPodService.exe
    E:\Windows\system32\SearchIndexer.exe
    E:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    E:\Program Files\Windows Media Player\wmpnetwk.exe
    E:\Windows\System32\svchost.exe -k LocalServicePeerNet
    E:\Windows\system32\DllHost.exe
    E:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    E:\Windows\system32\conhost.exe
    E:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    E:\Windows\system32\conhost.exe
    E:\Program Files (x86)\Mozilla Firefox\firefox.exe
    E:\Windows\System32\svchost.exe -k swprv
    E:\Windows\system32\DllHost.exe
    E:\Windows\system32\DllHost.exe
    E:\Windows\SysWOW64\cmd.exe
    E:\Windows\system32\conhost.exe
    E:\Windows\SysWOW64\cscript.exe
    E:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - E:\Program Files (x86)\Freecorder\tbFre1.dll
    mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - E:\Program Files (x86)\Freecorder\tbFre1.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - E:\Program Files (x86)\Freecorder\tbFre1.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - E:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - E:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - E:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - E:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - E:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - E:\Program Files (x86)\Freecorder\tbFre1.dll
    uRun: [googletalk] E:\Users\The SPun One\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    uRun: [SpybotSD TeaTimer] E:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Sidebar] E:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SandboxieControl] "E:\Program Files\Sandboxie\SbieCtrl.exe"
    mRun: [Freecorder FLV Service] "E:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
    mRun: [AVG_TRAY] E:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [APSDaemon] "E:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: E:\Users\THESPU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - E:\Program Files (x86)\MagicDisc\MagicDisc.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - E:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Se&nd to OneNote - E:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - E:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: Interfaces\{0717F876-376C-46F5-A7D3-385527E387BF} : DhcpNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{A3829E5D-31A3-4B9B-AEBB-8952943179EB} : NameServer = 192.168.0.1,205.171.3.25
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files (x86)\AVG\AVG10\avgpp.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - E:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - E:\Program Files (x86)\Freecorder\tbFre1.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - E:\Program Files (x86)\Freecorder\tbFre1.dll
    mRun-x64: [Freecorder FLV Service] "E:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
    mRun-x64: [AVG_TRAY] E:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun-x64: [APSDaemon] "E:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - E:\Users\The SPun One\AppData\Roaming\Mozilla\Firefox\Profiles\t20ktzcj.default\
    FF - prefs.js: browser.search.selectedEngine - Search the Web
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: E:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
    FF - component: E:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
    FF - component: E:\Users\The SPun One\AppData\Roaming\Mozilla\Firefox\Profiles\t20ktzcj.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
    FF - component: E:\Users\The SPun One\AppData\Roaming\Mozilla\Firefox\Profiles\t20ktzcj.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
    FF - plugin: E:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: E:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: E:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: E:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: E:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: E:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: E:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: E:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: E:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: E:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: E:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: e:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: E:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: E:\Users\The SPun One\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;E:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> E:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;E:\Windows\system32\DRIVERS\avgrkx64.sys --> E:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;E:\Windows\system32\DRIVERS\avgldx64.sys --> E:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;E:\Windows\system32\DRIVERS\avgmfx64.sys --> E:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;E:\Windows\system32\DRIVERS\avgtdia.sys --> E:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 VWiFiFlt;Virtual WiFi Filter Driver;E:\Windows\system32\DRIVERS\vwififlt.sys --> E:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 avgwd;AVG WatchDog;E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
    R2 OrbisClient.Services;LabSim Configuration and Security;E:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe [2011-3-11 52736]
    R2 SBSDWSCService;SBSD Security Center Service;E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-11 1153368]
    R2 TeamViewer6;TeamViewer 6;E:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-8-30 2358656]
    R3 AVGIDSDriver;AVGIDSDriver;E:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> E:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;E:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> E:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 SbieDrv;SbieDrv;E:\Program Files\Sandboxie\SbieDrv.sys [2011-10-12 157824]
    S2 AVGIDSAgent;AVGIDSAgent;E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-8-18 7390560]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;E:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);E:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-30 136176]
    S3 gupdatem;Google Update Service (gupdatem);E:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-30 136176]
    S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;E:\Windows\system32\DRIVERS\netr7364.sys --> E:\Windows\system32\DRIVERS\netr7364.sys [?]
    S3 osppsvc;Office Software Protection Platform;E:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 rt61x64;Linksys Wireless-G PCI Adapter Driver;E:\Windows\system32\DRIVERS\WMP54Gv41x64.sys --> E:\Windows\system32\DRIVERS\WMP54Gv41x64.sys [?]
    S3 RTL8167;Realtek 8167 NT Driver;E:\Windows\system32\DRIVERS\Rt64win7.sys --> E:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 StorSvc;Storage Service;E:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;E:\Windows\system32\drivers\tsusbflt.sys --> E:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;E:\Windows\system32\Drivers\usbaapl64.sys --> E:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;E:\Windows\system32\Wat\WatAdminSvc.exe --> E:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;E:\Windows\system32\DRIVERS\wdcsam64.sys --> E:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-11-13 01:43:00 -------- d-----w- E:\Program Files (x86)\Trend Micro
    2011-11-12 23:09:09 -------- d-----w- E:\Users\The SPun One\Cyberlink
    2011-11-09 06:58:06 886784 ----a-w- E:\Program Files\Common Files\System\wab32.dll
    2011-11-09 06:58:06 708608 ----a-w- E:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-09 06:58:05 1923952 ----a-w- E:\Windows\System32\drivers\tcpip.sys
    2011-11-09 06:58:04 3144704 ----a-w- E:\Windows\System32\win32k.sys
    2011-10-25 23:31:44 255552 ----a-w- E:\Windows\SysWow64\drivers\mcdbus.sys
    2011-10-25 23:31:44 255552 ----a-w- E:\Windows\System32\drivers\mcdbus.sys
    2011-10-25 23:31:42 -------- d-----w- E:\Program Files (x86)\MagicDisc
    2011-10-25 06:08:05 -------- d-----r- E:\Sandbox
    2011-10-25 06:06:20 -------- d-----w- E:\Program Files\Sandboxie
    2011-10-22 20:41:06 -------- d-----w- E:\Program Files\iPod
    2011-10-22 20:41:05 -------- d-----w- E:\Program Files\iTunes
    2011-10-22 20:41:05 -------- d-----w- E:\Program Files (x86)\iTunes
    2011-10-22 20:33:49 -------- d-----w- E:\Program Files\Bonjour
    2011-10-22 20:33:49 -------- d-----w- E:\Program Files (x86)\Bonjour
    2011-10-21 04:33:33 -------- d-----w- E:\Program Files (x86)\Common Files\Wise Installation Wizard
    2011-10-19 05:16:04 -------- d-----w- E:\Program Files\WDCSAM
    2011-10-17 00:55:32 18139008 ----a-w- E:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
    .
    ==================== Find3M ====================
    .
    2011-10-03 11:06:03 472808 ----a-w- E:\Windows\SysWow64\deployJava1.dll
    2011-09-01 05:24:07 2309120 ----a-w- E:\Windows\System32\jscript9.dll
    2011-09-01 05:17:57 1389056 ----a-w- E:\Windows\System32\wininet.dll
    2011-09-01 05:12:04 2382848 ----a-w- E:\Windows\System32\mshtml.tlb
    2011-09-01 02:35:59 1798144 ----a-w- E:\Windows\SysWow64\jscript9.dll
    2011-09-01 02:28:15 1126912 ----a-w- E:\Windows\SysWow64\wininet.dll
    2011-09-01 02:22:54 2382848 ----a-w- E:\Windows\SysWow64\mshtml.tlb
    2011-08-31 23:00:50 25416 ----a-w- E:\Windows\System32\drivers\mbam.sys
    2011-08-31 04:05:32 96104 ----a-w- E:\Windows\System32\dns-sd.exe
    2011-08-31 04:05:32 85864 ----a-w- E:\Windows\System32\dnssd.dll
    2011-08-31 04:05:32 61288 ----a-w- E:\Windows\System32\jdns_sd.dll
    2011-08-31 04:05:32 212840 ----a-w- E:\Windows\System32\dnssdX.dll
    2011-08-31 04:05:04 83816 ----a-w- E:\Windows\SysWow64\dns-sd.exe
    2011-08-31 04:05:04 73064 ----a-w- E:\Windows\SysWow64\dnssd.dll
    2011-08-31 04:05:04 50536 ----a-w- E:\Windows\SysWow64\jdns_sd.dll
    2011-08-31 04:05:04 178536 ----a-w- E:\Windows\SysWow64\dnssdX.dll
    2011-08-27 23:36:10 404640 ----a-w- E:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-08-27 05:37:49 861696 ----a-w- E:\Windows\System32\oleaut32.dll
    2011-08-27 05:37:48 331776 ----a-w- E:\Windows\System32\oleacc.dll
    2011-08-27 04:26:27 571904 ----a-w- E:\Windows\SysWow64\oleaut32.dll
    2011-08-27 04:26:27 233472 ----a-w- E:\Windows\SysWow64\oleacc.dll
    2011-08-17 05:26:46 613888 ----a-w- E:\Windows\System32\psisdecd.dll
    2011-08-17 05:25:08 108032 ----a-w- E:\Windows\System32\psisrndr.ax
    2011-08-17 04:24:12 465408 ----a-w- E:\Windows\SysWow64\psisdecd.dll
    2011-08-17 04:19:27 75776 ----a-w- E:\Windows\SysWow64\psisrndr.ax
    .
    ============= FINISH: 5:49:04.65 ===============

    mbam-log.txt

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8149

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    11/13/2011 5:30:31 AM
    mbam-log-2011-11-13 (05-30-31).txt

    Scan type: Quick scan
    Objects scanned: 174813
    Time elapsed: 3 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    gmer.log

    **That log appear to be blank**
     
  2. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================================

    Never mess with registry.

    What are the issues?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...