TechSpot

I think I might have a virus...

Inactive
By Craig Tyler
Oct 21, 2012
  1. Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.10.21.06

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    supernatural :: SUPERNATURAL-PC [administrator]

    10/21/2012 2:39:44 PM
    mbam-log-2012-10-21 (14-39-44).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 234351
    Time elapsed: 11 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)
     
  2. Craig Tyler

    Craig Tyler TS Rookie Topic Starter

    DDS (Ver_2012-10-19.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
    Run by supernatural at 16:06:17 on 2012-10-21
    Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.55 [GMT -7:00]
    .
    AV: Charter Security Suite 9.01 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    SP: Charter Security Suite 9.01 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Charter Security Suite 9.01 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
    C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
    C:\Program Files\Charter Security Suite\Anti-Virus\FSGK32.EXE
    C:\Program Files\Acer\Registration\GregHSRW.exe
    C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe
    C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
    C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
    C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\PLFSetI.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Charter Security Suite\Common\FSM32.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Users\supernatural\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\supernatural\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\supernatural\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\supernatural\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k secsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b50810r705l0444ww85w6582r986
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b50810r705l0444ww85w6582r986
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b50810r705l0444ww85w6582r986
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
    BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
    EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "c:\users\supernatural\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [lime pro] "c:\program files\lime pro\LimePro.exe" -h
    mRun: [LManager] c:\program files\launch manager\LManager.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
    mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
    mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [PLFSetI] c:\windows\PLFSetI.exe
    mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [F-Secure Manager] "c:\program files\charter security suite\common\FSM32.EXE" /splash
    mRun: [F-Secure TNB] "c:\program files\charter security suite\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\supern~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: c:\program files\charter security suite\fsps\program\FSLSP.DLL
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{CA4A6D69-CA4A-4C42-A398-656976B2D87D} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{CA4A6D69-CA4A-4C42-A398-656976B2D87D}\0484F6D65683136434 : DHCPNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
    TCP: Interfaces\{CA4A6D69-CA4A-4C42-A398-656976B2D87D}\3435553524D2143434543535 : DHCPNameServer = 139.182.2.1 139.182.2.6
    TCP: Interfaces\{CA4A6D69-CA4A-4C42-A398-656976B2D87D}\3435553524D27457563747 : DHCPNameServer = 139.182.2.1 139.182.2.6
    TCP: Interfaces\{CA4A6D69-CA4A-4C42-A398-656976B2D87D}\75164737F6E6 : DHCPNameServer = 68.190.192.35 71.9.127.107 68.116.46.115
    TCP: Interfaces\{CA4A6D69-CA4A-4C42-A398-656976B2D87D}\E4544574541425 : DHCPNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\supernatural\appdata\roaming\mozilla\firefox\profiles\wjkb1sf8.default\
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\supernatural\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\users\supernatural\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
    FF - ExtSQL: 2012-10-07 21:42; litmus-ff@f-secure.com; c:\program files\charter security suite\nrs\litmus-ff@f-secure.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2012-9-26 44240]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\charter security suite\hips\drivers\fshs.sys [2012-9-26 68064]
    R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2012-9-26 36792]
    R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-9-26 73160]
    R1 fsvista;F-Secure Vista Support Driver;c:\program files\charter security suite\anti-virus\minifilter\fsvista.sys [2012-9-26 12384]
    R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
    R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
    R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\charter security suite\anti-virus\minifilter\fsgk.sys [2012-9-26 144592]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2010-2-10 54784]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-2-10 82384]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2011-5-20 34376]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\charter security suite\anti-virus\win2k\fsfilter.sys [2012-9-26 39776]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\charter security suite\anti-virus\win2k\fsrec.sys [2012-9-26 25184]
    .
    =============== Created Last 30 ================
    .
    2012-10-21 21:37:1722856----a-w-c:\windows\system32\drivers\mbam.sys
    2012-10-21 21:37:16--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-10-19 23:32:486918632------w-c:\programdata\microsoft\windows defender\definition updates\{8edaf1e9-ab9b-4d55-a0aa-ae6999224099}\mpengine.dll
    2012-10-14 17:58:26--------d-----w-c:\users\supernatural\appdata\roaming\F-Secure
    2012-10-13 10:16:30--------d-----w-C:\Bone Thugs
    2012-10-13 09:56:06--------d-----w-c:\program files\Media Player Utilities 4.36
    2012-10-10 06:05:55172544----a-w-c:\windows\system32\wintrust.dll
    2012-10-10 06:05:352048----a-w-c:\windows\system32\tzres.dll
    2012-10-10 06:03:341159680----a-w-c:\windows\system32\crypt32.dll
    2012-10-10 06:03:32140288----a-w-c:\windows\system32\cryptsvc.dll
    2012-10-10 06:03:31103936----a-w-c:\windows\system32\cryptnet.dll
    2012-10-10 06:02:321211760----a-w-c:\windows\system32\drivers\ntfs.sys
    2012-10-10 06:02:25542208----a-w-c:\windows\system32\kerberos.dll
    2012-10-10 06:02:043914096----a-w-c:\windows\system32\ntoskrnl.exe
    2012-10-10 06:02:013968880----a-w-c:\windows\system32\ntkrnlpa.exe
    2012-09-26 23:35:49--------d-----w-c:\users\supernatural\appdata\local\Macromedia
    2012-09-26 22:23:33712048----a-w-c:\windows\system32\drivers\ndis.sys
    2012-09-26 22:23:3333280----a-w-c:\windows\system32\drivers\RNDISMP.sys
    2012-09-26 22:22:17492032----a-w-c:\windows\system32\win32spl.dll
    2012-09-26 22:22:15317440----a-w-c:\windows\system32\spoolsv.exe
    2012-09-26 22:21:55245760----a-w-c:\windows\system32\OxpsConverter.exe
    2012-09-26 22:21:32400896----a-w-c:\windows\system32\srcore.dll
    2012-09-26 22:21:261292144----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-09-26 22:21:25240496----a-w-c:\windows\system32\drivers\netio.sys
    2012-09-26 22:21:25187760----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-26 22:21:032345984----a-w-c:\windows\system32\win32k.sys
    2012-09-26 22:14:34164352----a-w-c:\windows\system32\profsvc.dll
    2012-09-26 22:07:53769024----a-w-c:\windows\system32\localspl.dll
    2012-09-26 22:07:272342400----a-w-c:\windows\system32\msi.dll
    2012-09-26 22:07:09490496----a-w-c:\windows\system32\d3d10level9.dll
    2012-09-26 22:06:58102912----a-w-c:\windows\system32\browser.dll
    2012-09-26 22:06:5741984----a-w-c:\windows\system32\browcli.dll
    2012-09-26 22:06:45129536----a-w-c:\windows\system32\rdpcorekmts.dll
    2012-09-26 22:06:4458880----a-w-c:\windows\system32\rdpwsx.dll
    2012-09-26 22:06:438192----a-w-c:\windows\system32\rdrmemptylst.exe
    2012-09-26 21:51:5344240----a-w-c:\windows\system32\drivers\fsbts.sys
    2012-09-26 21:48:0036792----a-w-c:\windows\system32\drivers\fses.sys
    2012-09-26 21:47:5473160----a-w-c:\windows\system32\drivers\fsdfw.sys
    2012-09-26 21:43:49--------d-----w-c:\program files\Charter Security Suite
    2012-09-26 21:38:11--------d-----w-c:\programdata\fssg
    2012-09-26 21:35:22--------d-----w-c:\programdata\f-secure
    2012-09-26 21:19:152422272----a-w-c:\windows\system32\wucltux.dll
    2012-09-26 21:16:1388576----a-w-c:\windows\system32\wudriver.dll
    2012-09-26 21:13:2133792----a-w-c:\windows\system32\wuapp.exe
    2012-09-26 21:13:21171904----a-w-c:\windows\system32\wuwebv.dll
    .
    ==================== Find3M ====================
    .
    2012-10-09 10:12:0073656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-09 10:12:00696760----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-08-24 06:59:171800704----a-w-c:\windows\system32\jscript9.dll
    2012-08-24 06:51:271129472----a-w-c:\windows\system32\wininet.dll
    2012-08-24 06:51:021427968----a-w-c:\windows\system32\inetcpl.cpl
    2012-08-24 06:47:26142848----a-w-c:\windows\system32\ieUnatt.exe
    2012-08-24 06:47:12420864----a-w-c:\windows\system32\vbscript.dll
    2012-08-24 06:43:582382848----a-w-c:\windows\system32\mshtml.tlb
    2012-08-20 17:40:31169984----a-w-c:\windows\system32\winsrv.dll
    2012-08-20 17:40:01293376----a-w-c:\windows\system32\KernelBase.dll
    2012-08-20 17:37:58271360----a-w-c:\windows\system32\conhost.exe
    2012-08-20 15:33:286144---ha-w-c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:284608---ha-w-c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:283584---ha-w-c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:283072---ha-w-c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    .
    ============= FINISH: 16:10:22.54 ===============
     
  3. Craig Tyler

    Craig Tyler TS Rookie Topic Starter

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-19.01)
    .
    Microsoft Windows 7 Starter
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/19/2010 2:27:09 PM
    System Uptime: 10/21/2012 9:22:22 AM (7 hours ago)
    .
    Motherboard: Acer | | AO532h
    Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz | CPU | 1666/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 137 GiB total, 100.982 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP432: 10/7/2012 10:17:21 AM - Windows Update
    RP433: 10/9/2012 3:00:24 AM - Windows Update
    RP434: 10/12/2012 8:45:18 AM - Windows Update
    RP435: 10/13/2012 2:54:54 AM - Installed Media Player Utilities 4.36
    RP436: 10/13/2012 2:58:46 AM - Installed Microsoft Visual C++ 2005 Redistributable
    RP437: 10/13/2012 2:59:04 AM - Device Driver Package Install: Actions Semiconductor Co., LTD Universal Serial Bus controllers
    RP438: 10/13/2012 3:01:11 AM - Windows Update
    RP439: 10/14/2012 9:47:07 AM - Windows Update
    RP440: 10/15/2012 4:05:20 AM - Windows Update
    RP441: 10/16/2012 9:36:15 AM - Windows Update
    RP442: 10/18/2012 3:00:18 AM - Windows Update
    RP443: 10/20/2012 3:01:56 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acer Assist
    Acer Crystal Eye webcam Ver:1.1.159.203
    Acer ePower Management
    Acer eRecovery Management
    Acer Games
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acer VCM
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.2 MUI
    Apple Mobile Device Support
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Bonjour
    Canon Easy-PhotoPrint EX
    Canon Easy-WebPrint EX
    Canon MP Navigator EX 3.0
    Canon MP250 series MP Drivers
    Canon My Printer
    Charter Security Suite
    Compatibility Pack for the 2007 Office system
    eBay Worldwide
    ENE USB Card Reader Driver
    eSobi v2
    F-Secure PSC Prerequisites
    Free M4a to MP3 Converter 6.2
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Identity Card
    IHA_MessageCenter
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    Java Auto Updater
    Java(TM) 6 Update 20
    Junk Mail filter update
    Launch Manager
    Malwarebytes Anti-Malware version 1.65.1.1000
    Media Player Utilities 4.36
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access Runtime (English) 2007
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Mozilla Firefox 16.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    MyWinLocker
    Norton Online Backup
    OGA Notifier 2.0.0048.0
    Opera 10.62
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Skype Toolbars
    Skype™ 5.10
    STEELE Mutual Fund Expert
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Welcome Center
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/21/2012 1:50:26 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.13. The computer with the IP address 192.168.0.10 did not allow the name to be claimed by this computer.
    10/21/2012 1:50:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    10/20/2012 3:08:57 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2754670).
    10/20/2012 12:05:57 AM, Error: Service Control Manager [7022] - The Client Virtualization Handler service hung on starting.
    10/20/2012 12:03:51 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82252e66, 0xa9733b90, 0xa9733770). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102012-20217-01.
    10/19/2012 9:02:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the F-Secure Gatekeeper Handler Starter service.
    10/19/2012 4:37:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.139.124.0).
    10/18/2012 3:08:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.
    10/18/2012 11:08:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
    10/16/2012 9:45:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
    10/16/2012 9:35:27 AM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.
    10/16/2012 1:18:59 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.12. The computer with the IP address 192.168.0.11 did not allow the name to be claimed by this computer.
    10/14/2012 9:46:21 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.12 with the system having network hardware address FC-0F-E6-14-6F-7C. Network operations on this system may be disrupted as a result.
    10/14/2012 7:38:22 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.11 with the system having network hardware address 70-F1-A1-78-7C-E9. Network operations on this system may be disrupted as a result.
    10/14/2012 6:02:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    10/14/2012 3:06:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DsiWMIService service.
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    I still need GMER log.

    You're not saying what your computer issues are.
     
  5. Craig Tyler

    Craig Tyler TS Rookie Topic Starter

    The major problem I'm having is my computer loading slowly becoming unresponsive for a minute or two before completely loading.
     
  6. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Ok
     
  7. Craig Tyler

    Craig Tyler TS Rookie Topic Starter

    It's too long to post, do you mind if I attach it or should I copy and paste parts of it and post it separately?
     
  8. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    In parts please.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.