TechSpot

Plagued; an up-hill battle with an unknow number of foe's

Inactive
By Eagle Concepts
Nov 17, 2012
Topic Status:
Not open for further replies.
  1. Plagued; an up-hill battle with an unknow number of foe's

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.17.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    main :: C3ENIGMA [administrator]

    11/17/2012 8:35:54 PM
    mbam-log-2012-11-17 (20-35-54).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 495898
    Time elapsed: 23 minute(s), 5 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    DDS (Ver_2012-11-07.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16448 BrowserJavaVersion: 1.6.0_31
    Run by main at 21:14:37 on 2012-11-17
    .
    ============== Running Processes ================
    .
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{2E67F1BB-FCF7-41D4-B26C-4F260D9C8A2F} : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{F378AB2E-D8A9-421B-A315-FC80F1ED3D71} : NameServer = 192.168.2.1
    SSODL: WebCheck - <orphaned>
    x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\main\AppData\Roaming\Mozilla\Firefox\Profiles\t1qy4gsk.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Joystick Plugin\npjoystick.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npjoystick.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R? AtiDCM;AtiDCM
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
    R? dmvsc;dmvsc
    R? MBAMProtector;MBAMProtector
    R? MBAMService;MBAMService
    R? MSICDSetup;MSICDSetup
    R? pbfilter;pbfilter
    R? Roxio UPnP Renderer 11;Roxio UPnP Renderer 11
    R? StorSvc;Storage Service
    R? TsUsbFlt;TsUsbFlt
    R? TsUsbGD;Remote Desktop Generic USB Device
    R? WatAdminSvc;Windows Activation Technologies Service
    S? AMD External Events Utility;AMD External Events Utility
    S? AMD FUEL Service;AMD FUEL Service
    S? amdide64;amdide64
    S? amdiox64;AMD IO Driver
    S? AtiHDAudioService;AMD Function Driver for HD Audio Service
    S? IntuitUpdateServiceV4;Intuit Update Service v4
    S? MBAMScheduler;MBAMScheduler
    S? nusb3hub;Renesas Electronics USB 3.0 Hub Driver
    S? nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver
    S? RichVideo64;Cyberlink RichVideo64 Service(CRVS)
    S? RTL8167;Realtek 8167 NT Driver
    S? SBSDWSCService;SBSD Security Center Service
    S? usbfilter;AMD USB Filter Driver
    S? WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer
    .
    =============== Created Last 30 ================
    .
    2012-11-18 00:41:02 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
    2012-11-18 00:41:00 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
    2012-11-18 00:41:00 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
    2012-11-18 00:37:26 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
    2012-11-18 00:37:25 917984 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    2012-11-17 22:05:30 -------- d-sh--r- C:\bootwiz
    2012-11-17 21:37:06 96224 ----a-w- C:\nssdbm3_2.dll
    2012-11-17 21:22:21 816608 ----a-w- C:\mozsqlite3_4.dll
    2012-11-17 21:20:16 9113 ----a-w- C:\D887Dd01
    2012-11-17 21:20:16 12100 ----a-w- C:\26013d01
    2012-11-17 21:20:16 11867 ----a-w- C:\502DEd01
    2012-11-17 21:20:16 10657 ----a-w- C:\2467Ad01
    2012-11-17 21:20:15 13102 ----a-w- C:\D8A2Cd01
    2012-11-17 21:19:42 10648 ----a-w- C:\6722Cd01
    2012-11-17 20:46:13 36570 ----a-w- C:\A1355d01
    2012-11-17 19:08:15 43393 ----a-w- C:\378BBd01
    2012-11-17 19:04:21 15685 ----a-w- C:\07567d01
    2012-11-17 03:03:58 10688 ----a-w- C:\0230[1]_1.kmz
    2012-11-16 20:10:42 114688 ----a-w- C:\~DF117757AB3F17CDC3.TMP
    2012-11-16 19:55:40 114688 ----a-w- C:\~DFC22F4BFAEBBFFCAE.TMP
    2012-11-16 06:26:39 114688 ----a-w- C:\~DF0CD2BA876DB59115.TMP
    2012-11-16 06:11:37 114688 ----a-w- C:\~DF97A39E39178DAAD5.TMP
    2012-11-16 05:56:34 114688 ----a-w- C:\~DFEE9B70DC1BB137B5.TMP
    2012-11-16 05:30:30 13400986 ----a-w- C:\fla35BB.tmp
    2012-11-16 04:44:43 19670 ----a-w- C:\969252ce11249fdd.customDestinations-ms~RF29575394.TMP
    2012-11-16 04:25:27 114688 ----a-w- C:\~DFD2670CA30546D7CD.TMP
    2012-11-16 04:00:10 150732 ----a-w- C:\5DBD0d01
    2012-11-16 03:55:18 938 ----a-w- C:\F4C4Em01
    2012-11-16 03:52:58 5637 ----a-w- C:\655AFd01
    2012-11-16 03:52:08 5555 ----a-w- C:\D2EECd01_1
    2012-11-16 03:38:09 114688 ----a-w- C:\~DF9A6227E29C65AFF5.TMP
    2012-11-16 03:23:07 114688 ----a-w- C:\~DFFC1A26072C6F0A15.TMP
    2012-11-16 02:30:56 3642 ----a-w- C:\74d7f43c1561fc1e.customDestinations-ms~RFf9ff6.TMP
    2012-11-16 01:48:48 9659 ----a-w- C:\E437Cd01
    2012-11-16 00:33:48 305478 ----a-w- C:\309D3d01
    2012-11-15 23:54:06 -------- d-----w- C:\Users\main\AppData\Roaming\System
    2012-11-15 23:54:00 87552 ----a-w- C:\0.1103411556380407
    2012-11-15 23:35:26 13723 ----a-w- C:\3D907d01
    2012-11-15 23:05:38 114688 ----a-w- C:\~DF965E1949AC82BFFA.TMP
    2012-11-15 22:20:00 114688 ----a-w- C:\~DF89E989F98975ACD8.TMP
    2012-11-15 21:32:59 312178 ----a-w- C:\00E61d01
    2012-11-15 21:15:42 114688 ----a-w- C:\~DF2EA57873294291B2.TMP
    2012-11-15 21:00:41 114688 ----a-w- C:\~DFBCBE61F3602A0B03.TMP
    2012-11-15 20:15:24 114688 ----a-w- C:\~DFA8F817D91D29DCC9.TMP
    2012-11-15 19:47:24 39220 ----a-w- C:\FA5DBd01
    2012-11-15 19:26:08 317412 ----a-w- C:\1DF43d01
    2012-11-15 19:17:16 114688 ----a-w- C:\~DF97A3BB1DC58922C1.TMP
    2012-11-15 17:58:27 114688 ----a-w- C:\~DF768ED986A7536566.TMP
    2012-11-15 01:11:02 114688 ----a-w- C:\~DF8D48529BBD65EA93.TMP
    2012-11-14 23:13:08 114688 ----a-w- C:\~DF78E1066D1EDAF118.TMP
    2012-11-14 21:05:53 114688 ----a-w- C:\~DF8292E79C4678666C.TMP
    2012-11-14 20:36:16 114688 ----a-w- C:\~DFD90BF559106D2D18.TMP
    2012-11-14 16:49:11 114688 ----a-w- C:\~DF9478C783943EF0BB.TMP
    2012-11-14 15:42:25 12787 ----a-w- C:\110ECd01
    2012-11-14 05:49:16 114688 ----a-w- C:\~DF26F0AE7569F33938.TMP
    2012-11-14 05:10:15 306935 ----a-w- C:\76113d01
    2012-11-14 00:54:17 114688 ----a-w- C:\~DFCD2899453403089D.TMP
    2012-11-14 00:39:15 114688 ----a-w- C:\~DF7A9FF13DAD398BC6.TMP
    2012-11-14 00:01:42 100000 ----a-w- C:\052A4d01
    2012-11-13 22:20:16 114688 ----a-w- C:\~DF0BC056FD3E940765.TMP
    2012-11-13 22:05:13 114688 ----a-w- C:\~DF28AD56753C5F433D.TMP
    2012-11-13 17:25:55 2279 ----a-w- C:\9D6BEm01
    2012-11-13 16:45:14 114688 ----a-w- C:\~DF498EC8C7E67A7BCB.TMP
    2012-11-13 16:35:40 122350 ----a-w- C:\48725d01
    2012-11-13 16:30:12 114688 ----a-w- C:\~DF0BC58E82520CBF8C.TMP
    2012-11-13 07:22:39 6188 ----a-w- C:\7B280d01_1
    2012-11-13 01:36:01 114688 ----a-w- C:\~DF31A6BBC6103EB26B.TMP
    2012-11-13 01:08:11 114688 ----a-w- C:\~DF6610662BA6C5864A.TMP
    2012-11-12 21:27:23 114688 ----a-w- C:\~DF740EDB83F307E862.TMP
    2012-11-12 21:12:20 114688 ----a-w- C:\~DF356C3F006619831B.TMP
    2012-11-12 21:10:45 2469 ----a-w- C:\E190Cd01
    2012-11-12 19:51:22 114688 ----a-w- C:\~DFB7E4F7B71746B9D2.TMP
    2012-11-12 19:49:56 2109 ----a-w- C:\FA24Bd01_2
    2012-11-12 19:29:57 17745 ----a-w- C:\CB2D4d01
    2012-11-12 19:29:05 812 ----a-w- C:\614C2d01
    2012-11-12 19:28:41 9805 ----a-w- C:\B1900d01
    2012-11-12 19:28:11 4997 ----a-w- C:\80E4Dm01
    2012-11-12 19:25:22 8649 ----a-w- C:\40163d01
    2012-11-12 19:25:00 9233 ----a-w- C:\4194Ed01
    2012-11-12 19:24:51 4998 ----a-w- C:\3B335m01
    2012-11-12 19:24:50 5116 ----a-w- C:\355C8m01
    2012-11-12 19:18:36 1182 ----a-w- C:\A9B34d01
    2012-11-12 18:12:48 13266 ----a-w- C:\0F222d01
    2012-11-11 19:56:45 114688 ----a-w- C:\~DF3A5B7E10CF66A085.TMP
    2012-11-11 19:41:43 114688 ----a-w- C:\~DF9C9ACBC493BC28B1.TMP
    2012-11-11 17:47:57 114688 ----a-w- C:\~DFD3CEC2E447D65829.TMP
    2012-11-11 15:03:23 2277 ----a-w- C:\B87F8m01
    2012-11-11 12:31:48 1182 ----a-w- C:\A39D1d01
    2012-11-11 02:49:11 114688 ----a-w- C:\~DF95421B1F220FC477.TMP
    2012-11-11 00:28:14 56496 ----a-w- C:\BEAFCd01
    2012-11-10 22:48:36 114688 ----a-w- C:\~DF0EFCA2E9FF7237EE.TMP
    2012-11-10 22:33:34 114688 ----a-w- C:\~DFB3DA4A2DF2F4F36C.TMP
    2012-11-10 21:13:42 114688 ----a-w- C:\~DF0D2299436CB3C121.TMP
    2012-11-10 18:11:39 114688 ----a-w- C:\~DFF674CC3EC66EC934.TMP
    2012-11-10 17:56:37 114688 ----a-w- C:\~DFACE7BD745A086131.TMP
    2012-11-10 10:12:10 114688 ----a-w- C:\~DFC63D7D41F4988809.TMP
    2012-11-10 01:43:14 114688 ----a-w- C:\~DF99F31610752FDE0E.TMP
    2012-11-10 01:28:12 114688 ----a-w- C:\~DF7D5C36DD195FF2D2.TMP
    2012-11-10 00:37:23 114688 ----a-w- C:\~DF3AC360094F54C448.TMP
    2012-11-10 00:20:11 114688 ----a-w- C:\~DF97ED7BFCF5D9E977.TMP
    2012-11-09 23:36:48 114688 ----a-w- C:\~DF6EA02C3E9FF78AAD.TMP
    2012-11-09 23:15:01 114688 ----a-w- C:\~DF270703793FCF8F53.TMP
    2012-11-09 18:28:47 114688 ----a-w- C:\~DF8DE609C0709E5191.TMP
    2012-11-09 15:17:55 114688 ----a-w- C:\~DF16736B912B4C9907.TMP
    2012-11-09 14:57:03 6223 ----a-w- C:\D71C1d01
    2012-11-09 08:58:55 114688 ----a-w- C:\~DF3A850C425AD12E5B.TMP
    2012-11-09 06:01:14 275418 ----a-w- C:\TRUSTEDINSTALLER.EXE-3CC531E5.pf
    2012-11-09 04:07:06 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
    2012-11-09 01:00:08 114688 ----a-w- C:\~DFF5010467751EA981.TMP
    2012-11-08 23:59:52 5584811 ----a-w- C:\WERF071.tmp.hdmp
    2012-11-08 22:44:03 114688 ----a-w- C:\~DFA4AD0AFB9F81141A.TMP
    2012-11-08 21:51:03 114688 ----a-w- C:\~DF74FA0F23A9F974D6.TMP
    2012-11-08 20:40:33 114688 ----a-w- C:\~DF0390D85E260D071B.TMP
    2012-11-08 19:07:39 97442 ----a-w- C:\MCINFO.EXE-73BBFA2D.pf
    2012-11-08 17:03:18 114688 ----a-w- C:\~DF071E31D49F761A15.TMP
    2012-11-08 16:13:02 114688 ----a-w- C:\~DF828E8DA25833B959.TMP
    2012-11-08 03:09:52 196440 ----a-w- C:\Windows\System32\drivers\SET7DAE.tmp
    2012-11-08 02:08:46 114688 ----a-w- C:\~DF16597E058F1FA8CB.TMP
    2012-11-08 01:01:49 114688 ----a-w- C:\~DF12DEBDBAD1175697.TMP
    2012-11-07 22:31:20 114688 ----a-w- C:\~DF9CB6144E47386241.TMP
    2012-11-07 21:50:17 114688 ----a-w- C:\~DFE60EA20ED48791F3.TMP
    2012-11-07 20:55:06 114688 ----a-w- C:\~DF0E896531D93394C9.TMP
    2012-11-07 18:37:46 114688 ----a-w- C:\~DF081D0167290E305E.TMP
    2012-11-06 22:36:59 -------- d-----w- C:\Users\main\AppData\Local\fontconfig
    2012-11-06 22:36:58 -------- d-----w- C:\Users\main\AppData\Local\gegl-0.2
    2012-11-06 22:36:58 -------- d-----w- C:\Users\main\.gimp-2.8
    2012-11-06 22:30:28 -------- d-----w- C:\Program Files\GIMP 2
    2012-11-03 23:12:53 -------- d-----w- C:\Program Files (x86)\W3i, LLC
    2012-10-31 18:35:23 4 ----a-w- C:\FAPAD57.tmp
    2012-10-31 18:26:39 4 ----a-w- C:\FAPAE5E.tmp
    2012-10-27 19:10:52 33944 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
    2012-10-27 19:10:52 184248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2012-10-27 19:10:52 17248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
    2012-10-27 19:10:52 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    2012-10-27 19:10:52 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    2012-10-27 19:10:52 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    2012-10-27 19:10:52 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    2012-10-27 19:10:52 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    2012-10-27 19:10:52 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    2012-10-27 19:10:52 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    2012-10-27 19:10:52 15872 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npjoystick.dll
    2012-10-27 02:43:19 -------- d-----w- C:\Program Files\CCleaner
    2012-10-25 20:28:15 -------- d-----w- C:\Program Files (x86)\Western Digital Corporation
    .
    ==================== Find3M ====================
    .
    2012-11-17 21:37:11 1065 ----a-w- C:\Mozilla Firefox.lnk~RF3aed4.TMP
    2012-11-17 21:37:11 1053 ----a-w- C:\Mozilla Firefox.lnk~RF3aee4.TMP
    2012-11-17 20:56:41 105692 ----a-w- C:\Uninstall.exe.moz-delete
    2012-11-17 20:56:22 18237976 ----a-w- C:\Firefox Setup 16.0.2.exe
    2012-10-27 19:10:53 115168 ----a-w- C:\maintenanceservice.exe_1.moz-delete
    2012-10-24 17:50:41 155104 ----a-w- C:\softokn3_1.dll
    2012-10-24 17:50:38 115168 ----a-w- C:\maintenanceservice.exe.moz-delete
    2012-10-11 21:32:10 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-11 21:32:10 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-11 03:15:03 1656 ----a-w- C:\Windows\System32\ASOROSet.bin
    2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-14 06:08:17 84952 ----a-w- C:\Windows\System32\drivers\9d5a3c1.sys
    2012-09-05 14:25:38 19384 ----a-w- C:\Windows\System32\roboot64.exe
    2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    .
    ============= FINISH: 21:15:07.09 ===============


    ATTACH
    .
    ==== Installed Programs ======================
    .
    ĀµTorrent
    64 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    AMD APP SDK Runtime
    AMD Drag and Drop Transcoding
    AMD Fuel
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Software Update
    Art Effects for PDR10
    ATI AVIVO64 Codecs
    ATI Catalyst Install Manager
    BleachBit
    Blender
    Cardiris Pro 5
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    Catalyst Control Center Profiles Desktop
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    CyberLink PowerDirector 10
    CyberLink WaveEditor
    Data Lifeguard Diagnostic for Windows 1.24
    Electronics Assistant V4.2
    FileZilla Client 3.5.3
    GIMP 2.8.2
    Google Earth
    Google Update Helper
    GQ USB Programmer
    Hewlett-Packard ACLM.NET v1.1.0.0
    HP Officejet Pro 8600 Basic Device Software
    HP Officejet Pro 8600 Help
    HP Officejet Pro 8600 Product Improvement Study
    HP Product Detection
    HP Update
    HPDiagnosticAlert
    HydraVision
    I.R.I.S. OCR
    ImgBurn
    Japanese Fonts Support For Adobe Reader X
    Java Auto Updater
    Java(TM) 6 Update 31
    JMicron JMB36X Driver
    Joystick Plug-in
    Living Marine Aquarium 2
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Combat Flight Simulator 3.1
    Microsoft Office Outlook 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Web Publishing Wizard 1.52
    Mozilla Firefox 16.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Multisim 8
    OpenOffice.org 3.4.1
    PeerBlock 1.0.0 (r181)
    PL-2303 USB-to-Serial
    PowerDirector
    QuickTime
    Readiris Pro 12
    Realtek Ethernet Controller Driver
    Recuva
    Renesas Electronics USB 3.0 Host Controller Driver
    Roxio Video Capture USB Driver
    SeaMonkey (2.7.2)
    Secure Download Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Shared C Run-time for x64
    SmartSound Quicktracks 5
    SmartSound Quicktracks Plugin
    Spybot - Search & Destroy
    The Print Shop 23
    The Print Shop 3.0 Fonts
    The Print Shop 3.0 Professional
    TurboTax 2010
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax 2010 wwiiper
    TurboTax 2011
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wrapper
    TurboTax 2011 wwiiper
    TurboTax 2011 wwviper
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Vizimag 3.193
    WinPcap 4.1.2
    WinRAR 4.11 (32-bit)
    WinZip 16.0
    WinZip System Utilities Suite
    Wireshark 1.8.2 (64-bit)
    WMV9/VC-1 Video Playback
    .
    ==== End Of File ===========================

    Thank you in advance for your help.
  2. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    You need to give me some info about your computer issues.

    You're not running any AV program.
    Why?
    That's a step 1 from our preliminaries.
  3. Eagle Concepts

    Eagle Concepts TS Rookie Topic Starter

    undefinedMy problem seems to be with Internet browsers. They don't load pages correctly. In Firefox google results start a page length down and in ie this site for example has trouble loading the human detector where it ask's you a question. I uninstalled mcafee but I do own a full copy for another year or two.
  4. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Why did you uninstall McAfee?
    Reinstall it before we go any further.

    Next...

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ********************************************

    Download Malwarebytes Anti-Rootkit from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.