backustech
Posts: 6 +0
I'm having a google redirect virus; the problem occurs in both firefox and chrome. MBAM says I have rootkit.0access, rootkit.Zaccess, and Trojan.Dropper.BCMiner. Any help would be greatly appreciated.
Here are the following logs: mbam, gmer, dds, and dds attach.
MBAM:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.14.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Brian :: BRIAN-PC [administrator]
8/14/2012 11:11:54 PM
mbam-log-2012-08-14 (23-11-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239816
Time elapsed: 6 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 6
C:\WINDOWS\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.
C:\WINDOWS\Installer\{5856914f-ba9a-5be2-82db-2288723a8506}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{5856914f-ba9a-5be2-82db-2288723a8506}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{5856914f-ba9a-5be2-82db-2288723a8506}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{5856914f-ba9a-5be2-82db-2288723a8506}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{5856914f-ba9a-5be2-82db-2288723a8506}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)
GMER LOG
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-14 23:31:09
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250320AS rev.HP07
Running: eyhlml8s.exe; Driver: C:\Users\Brian\AppData\Local\Temp\agloqpow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
DDS LOG
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_31
Run by Brian at 23:19:07 on 2012-08-14
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3002.1908 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\System32\nwtray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Users\Brian\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Brian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Brian\AppData\Local\Akamai\netsession_win.exe
C:\Users\Brian\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://isearch.avg.com/?cid={F4EFE...6f4fbb585&lang=en&ds=is016&pr=sa&d=2012-08-10 11:43:26&v=12.2.0.5&sap=hp
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] "c:\users\brian\appdata\local\akamai\netsession_win.exe"
uRun: [Epson Stylus NX430(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatihba.exe /fu "c:\users\brian\appdata\local\temp\E_S7501.tmp" /EF "HKCU"
uRun: [Google Update] "c:\users\brian\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "c:\users\brian\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [hpqSRMon]
mRun: [NWTRAY] NWTRAY.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
StartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\brian\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{49189EFE-D14D-4353-9FA8-AD26655E46B2} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{F2AFB4E5-A1E8-415B-A7B3-A433B3227715} : DhcpNameServer = 208.40.1.6 168.92.1.6
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
LSA: Authentication Packages = msv1_0 ncv1_0
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\zwcpiv0u.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://isearch.avg.com?cid=%7Bf691a8fe-e1c9-4889-893a-fb13669d64cc%7D&mid=0e363af0d50047d0b037d15650bbf17f-cce2590b8991eeeefd00801fb50f4496f4fbb585&ds=is016&v=12.2.0.5&lang=en&pr=sa&d=2012-08-10%2011%3A43%3A26&sap=hp
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bf691a8fe-e1c9-4889-893a-fb13669d64cc%7D&mid=0e363af0d50047d0b037d15650bbf17f-cce2590b8991eeeefd00801fb50f4496f4fbb585&ds=is016&v=12.2.0.5&lang=en&pr=sa&d=2012-08-10%2011%3A43%3A26&sap=ku&q=
FF - component: c:\users\brian\appdata\roaming\mozilla\firefox\profiles\zwcpiv0u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\brian\appdata\roaming\mozilla\firefox\profiles\zwcpiv0u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\users\brian\appdata\roaming\mozilla\firefox\profiles\zwcpiv0u.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.0\npsitesafety.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\brian\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\brian\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\brian\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-10 27496]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\novell\client\xtier\drivers\ncioctl.sys [2007-8-16 41488]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.0\ToolbarUpdater.exe [2012-8-10 927840]
R2 XTSvcMgr;Novell XTier Service Manager;c:\program files\novell\client\xtier\services\xtsvcmgr.exe [2007-8-16 16656]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-6-20 1153368]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-3-8 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-11 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]
S3 NCFSD;ncfsd;c:\program files\novell\client\xtier\drivers\ncfsd.sys [2007-8-16 80400]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-11 655944]
.
=============== Created Last 30 ================
.
2012-08-15 03:18:27 54016 ----a-w- c:\windows\system32\drivers\wkydeej.sys
2012-08-14 07:25:04 -------- d-----w- C:\FRST
2012-08-10 15:44:42 -------- d-----w- c:\programdata\Innovative Solutions
2012-08-10 15:44:40 -------- d-----w- c:\users\brian\appdata\local\Innovative Solutions
2012-08-10 15:44:40 -------- d-----w- c:\program files\common files\Innovative Solutions
2012-08-10 15:44:38 42496 ----a-w- c:\windows\system32\AdvUninstCPL.cpl
2012-08-10 15:44:36 -------- d-----w- c:\program files\Innovative Solutions
2012-08-10 15:44:00 -------- d-----w- c:\users\brian\appdata\local\AVG Secure Search
2012-08-10 15:43:50 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-10 15:43:22 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-10 15:43:18 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-08-10 15:43:17 -------- d-----w- c:\program files\AVG Secure Search
2012-08-10 15:41:28 -------- d--h--w- c:\programdata\Common Files
2012-08-02 13:12:20 1393736 ----a-w- c:\users\brian\gotomypc_635.exe
2012-07-31 05:51:43 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6285140e-2bca-4bc3-88bc-5864a2e45edb}\mpengine.dll
2012-07-27 21:04:35 -------- d-----w- c:\users\brian\appdata\local\Evernote
2012-07-27 21:04:08 -------- d-----w- c:\program files\Evernote
2012-07-23 02:52:16 -------- d-----r- c:\users\brian\Dropbox
2012-07-23 02:49:37 -------- d-----w- c:\program files\Dropbox
2012-07-23 02:47:40 -------- d-----w- c:\users\brian\appdata\roaming\Dropbox
2012-07-22 05:40:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
.
==================== Find3M ====================
.
2012-08-15 02:12:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 02:12:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 23:20:30.93 ===============
DDS ATTACH LOG
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 3/18/2009 5:23:09 PM
System Uptime: 8/14/2012 11:00:32 PM (0 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU | 2166/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 69.786 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.727 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP666: 7/30/2012 9:49:10 AM - Scheduled Checkpoint
RP667: 7/31/2012 1:50:46 AM - Windows Update
RP668: 8/6/2012 11:59:19 PM - Scheduled Checkpoint
RP669: 8/7/2012 4:56:11 AM - Removed Adobe Acrobat X Pro - English, Français, Deutsch.
RP671: 8/10/2012 11:45:24 AM - After installing Advanced Uninstaller PRO
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
32 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1.2
Adobe Shockwave Player
Advanced Uninstaller PRO - Version 11
AIO_Scan
Akamai NetSession Interface
Akamai NetSession Interface Service
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
AVG Security Toolbar
Bonjour
BufferChm
C5200
C5200_Help
CA Yahoo! Anti-Spy (remove only)
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Copy
CustomerResearchQFolder
CyberLink DVD Suite
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Dropbox
E-Transcript Bundle Viewer
Epson Connect
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
EPSON NX430 Series Printer Uninstall
EPSON Scan
EpsonNet Print
ESU for Microsoft Vista
eSupportQFolder
Evernote v. 4.5.7
Fax
FreeRIP v3.5
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Desktop
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 10.0
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Imaging Device Functions 10.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 H2
HP Smart Web Printing
HP Solution Center 10.0
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
HPTCSSetup
HTC Ozone™
iLivid
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 7
Juno Preloader
LabelPrint
Last.fm 1.5.4.27091
Little Shop of Treasures
LTCM Client
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
MessageViewer Pro 3.1.10
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Live Search Toolbar
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
MyVideoConverter 2.33
NetWaiting
NetZero Preloader
NICI (Shared) U.S./Worldwide (128 bit) (2.7.3-1)
NMAS Challenge Response Method
NMAS Client
Novell Client for Windows
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
OverDrive Media Console
PanoStandAlone
Picasa 3
PokerStars.net
Power2Go
PowerDirector
PrimoPDF -- brought to you by Nitro PDF Software
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PSSWCORE
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shop for HP Supplies
Skype Click to Call
Skype™ 5.8
SmartWebPrintingOC
SolutionCenter
Spotify
Spybot - Search & Destroy
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentControl2 Toolbar
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
WebReg
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinPcap 4.0.2
WinRAR 4.01 (32-bit)
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
8/9/2012 10:38:05 AM, Error: EventLog [6008] - The previous system shutdown at 2:24:45 AM on 8/9/2012 was unexpected.
8/8/2012 8:45:42 PM, Error: EventLog [6008] - The previous system shutdown at 2:07:42 PM on 8/8/2012 was unexpected.
8/8/2012 1:26:54 PM, Error: EventLog [6008] - The previous system shutdown at 12:31:23 PM on 8/8/2012 was unexpected.
8/7/2012 8:45:07 AM, Error: EventLog [6008] - The previous system shutdown at 7:04:44 AM on 8/7/2012 was unexpected.
8/7/2012 5:03:05 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/7/2012 5:03:05 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/7/2012 5:03:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/14/2012 9:48:53 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.20.30.172 for the Network Card with network address 00242B1611DB has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/14/2012 6:35:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
8/14/2012 11:03:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
8/14/2012 11:03:20 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/14/2012 11:02:34 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/14/2012 11:02:34 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
8/14/2012 11:02:34 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
8/14/2012 11:02:34 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/14/2012 11:02:34 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/14/2012 11:02:34 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/14/2012 10:24:04 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00242B1611DB has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
8/13/2012 9:41:16 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
8/13/2012 9:41:16 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/13/2012 9:40:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/13/2012 9:40:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/13/2012 9:40:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/13/2012 9:40:21 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
.
==== End Of File ===========================
Here are the following logs: mbam, gmer, dds, and dds attach.
MBAM:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.14.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Brian :: BRIAN-PC [administrator]
8/14/2012 11:11:54 PM
mbam-log-2012-08-14 (23-11-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239816
Time elapsed: 6 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 6
C:\WINDOWS\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.
C:\WINDOWS\Installer\{5856914f-ba9a-5be2-82db-2288723a8506}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{5856914f-ba9a-5be2-82db-2288723a8506}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{5856914f-ba9a-5be2-82db-2288723a8506}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{5856914f-ba9a-5be2-82db-2288723a8506}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{5856914f-ba9a-5be2-82db-2288723a8506}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)
GMER LOG
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-14 23:31:09
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250320AS rev.HP07
Running: eyhlml8s.exe; Driver: C:\Users\Brian\AppData\Local\Temp\agloqpow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
DDS LOG
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_31
Run by Brian at 23:19:07 on 2012-08-14
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3002.1908 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\System32\nwtray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Users\Brian\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Brian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Brian\AppData\Local\Akamai\netsession_win.exe
C:\Users\Brian\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://isearch.avg.com/?cid={F4EFE...6f4fbb585&lang=en&ds=is016&pr=sa&d=2012-08-10 11:43:26&v=12.2.0.5&sap=hp
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] "c:\users\brian\appdata\local\akamai\netsession_win.exe"
uRun: [Epson Stylus NX430(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatihba.exe /fu "c:\users\brian\appdata\local\temp\E_S7501.tmp" /EF "HKCU"
uRun: [Google Update] "c:\users\brian\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "c:\users\brian\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [hpqSRMon]
mRun: [NWTRAY] NWTRAY.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
StartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\brian\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{49189EFE-D14D-4353-9FA8-AD26655E46B2} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{F2AFB4E5-A1E8-415B-A7B3-A433B3227715} : DhcpNameServer = 208.40.1.6 168.92.1.6
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
LSA: Authentication Packages = msv1_0 ncv1_0
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\zwcpiv0u.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://isearch.avg.com?cid=%7Bf691a8fe-e1c9-4889-893a-fb13669d64cc%7D&mid=0e363af0d50047d0b037d15650bbf17f-cce2590b8991eeeefd00801fb50f4496f4fbb585&ds=is016&v=12.2.0.5&lang=en&pr=sa&d=2012-08-10%2011%3A43%3A26&sap=hp
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bf691a8fe-e1c9-4889-893a-fb13669d64cc%7D&mid=0e363af0d50047d0b037d15650bbf17f-cce2590b8991eeeefd00801fb50f4496f4fbb585&ds=is016&v=12.2.0.5&lang=en&pr=sa&d=2012-08-10%2011%3A43%3A26&sap=ku&q=
FF - component: c:\users\brian\appdata\roaming\mozilla\firefox\profiles\zwcpiv0u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\brian\appdata\roaming\mozilla\firefox\profiles\zwcpiv0u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\users\brian\appdata\roaming\mozilla\firefox\profiles\zwcpiv0u.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.0\npsitesafety.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\brian\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\brian\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\brian\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-10 27496]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\novell\client\xtier\drivers\ncioctl.sys [2007-8-16 41488]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.0\ToolbarUpdater.exe [2012-8-10 927840]
R2 XTSvcMgr;Novell XTier Service Manager;c:\program files\novell\client\xtier\services\xtsvcmgr.exe [2007-8-16 16656]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-6-20 1153368]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-3-8 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-11 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]
S3 NCFSD;ncfsd;c:\program files\novell\client\xtier\drivers\ncfsd.sys [2007-8-16 80400]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-11 655944]
.
=============== Created Last 30 ================
.
2012-08-15 03:18:27 54016 ----a-w- c:\windows\system32\drivers\wkydeej.sys
2012-08-14 07:25:04 -------- d-----w- C:\FRST
2012-08-10 15:44:42 -------- d-----w- c:\programdata\Innovative Solutions
2012-08-10 15:44:40 -------- d-----w- c:\users\brian\appdata\local\Innovative Solutions
2012-08-10 15:44:40 -------- d-----w- c:\program files\common files\Innovative Solutions
2012-08-10 15:44:38 42496 ----a-w- c:\windows\system32\AdvUninstCPL.cpl
2012-08-10 15:44:36 -------- d-----w- c:\program files\Innovative Solutions
2012-08-10 15:44:00 -------- d-----w- c:\users\brian\appdata\local\AVG Secure Search
2012-08-10 15:43:50 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-10 15:43:22 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-10 15:43:18 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-08-10 15:43:17 -------- d-----w- c:\program files\AVG Secure Search
2012-08-10 15:41:28 -------- d--h--w- c:\programdata\Common Files
2012-08-02 13:12:20 1393736 ----a-w- c:\users\brian\gotomypc_635.exe
2012-07-31 05:51:43 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6285140e-2bca-4bc3-88bc-5864a2e45edb}\mpengine.dll
2012-07-27 21:04:35 -------- d-----w- c:\users\brian\appdata\local\Evernote
2012-07-27 21:04:08 -------- d-----w- c:\program files\Evernote
2012-07-23 02:52:16 -------- d-----r- c:\users\brian\Dropbox
2012-07-23 02:49:37 -------- d-----w- c:\program files\Dropbox
2012-07-23 02:47:40 -------- d-----w- c:\users\brian\appdata\roaming\Dropbox
2012-07-22 05:40:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
.
==================== Find3M ====================
.
2012-08-15 02:12:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 02:12:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 23:20:30.93 ===============
DDS ATTACH LOG
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 3/18/2009 5:23:09 PM
System Uptime: 8/14/2012 11:00:32 PM (0 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU | 2166/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 69.786 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.727 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP666: 7/30/2012 9:49:10 AM - Scheduled Checkpoint
RP667: 7/31/2012 1:50:46 AM - Windows Update
RP668: 8/6/2012 11:59:19 PM - Scheduled Checkpoint
RP669: 8/7/2012 4:56:11 AM - Removed Adobe Acrobat X Pro - English, Français, Deutsch.
RP671: 8/10/2012 11:45:24 AM - After installing Advanced Uninstaller PRO
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
32 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1.2
Adobe Shockwave Player
Advanced Uninstaller PRO - Version 11
AIO_Scan
Akamai NetSession Interface
Akamai NetSession Interface Service
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
AVG Security Toolbar
Bonjour
BufferChm
C5200
C5200_Help
CA Yahoo! Anti-Spy (remove only)
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Copy
CustomerResearchQFolder
CyberLink DVD Suite
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Dropbox
E-Transcript Bundle Viewer
Epson Connect
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
EPSON NX430 Series Printer Uninstall
EPSON Scan
EpsonNet Print
ESU for Microsoft Vista
eSupportQFolder
Evernote v. 4.5.7
Fax
FreeRIP v3.5
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Desktop
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 10.0
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Imaging Device Functions 10.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 H2
HP Smart Web Printing
HP Solution Center 10.0
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
HPTCSSetup
HTC Ozone™
iLivid
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 7
Juno Preloader
LabelPrint
Last.fm 1.5.4.27091
Little Shop of Treasures
LTCM Client
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
MessageViewer Pro 3.1.10
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Live Search Toolbar
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
MyVideoConverter 2.33
NetWaiting
NetZero Preloader
NICI (Shared) U.S./Worldwide (128 bit) (2.7.3-1)
NMAS Challenge Response Method
NMAS Client
Novell Client for Windows
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
OverDrive Media Console
PanoStandAlone
Picasa 3
PokerStars.net
Power2Go
PowerDirector
PrimoPDF -- brought to you by Nitro PDF Software
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PSSWCORE
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shop for HP Supplies
Skype Click to Call
Skype™ 5.8
SmartWebPrintingOC
SolutionCenter
Spotify
Spybot - Search & Destroy
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentControl2 Toolbar
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
WebReg
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinPcap 4.0.2
WinRAR 4.01 (32-bit)
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
8/9/2012 10:38:05 AM, Error: EventLog [6008] - The previous system shutdown at 2:24:45 AM on 8/9/2012 was unexpected.
8/8/2012 8:45:42 PM, Error: EventLog [6008] - The previous system shutdown at 2:07:42 PM on 8/8/2012 was unexpected.
8/8/2012 1:26:54 PM, Error: EventLog [6008] - The previous system shutdown at 12:31:23 PM on 8/8/2012 was unexpected.
8/7/2012 8:45:07 AM, Error: EventLog [6008] - The previous system shutdown at 7:04:44 AM on 8/7/2012 was unexpected.
8/7/2012 5:03:05 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/7/2012 5:03:05 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/7/2012 5:03:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/14/2012 9:48:53 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.20.30.172 for the Network Card with network address 00242B1611DB has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/14/2012 6:35:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
8/14/2012 11:03:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
8/14/2012 11:03:20 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/14/2012 11:02:34 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/14/2012 11:02:34 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
8/14/2012 11:02:34 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
8/14/2012 11:02:34 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/14/2012 11:02:34 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/14/2012 11:02:34 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/14/2012 10:24:04 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00242B1611DB has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
8/13/2012 9:41:16 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
8/13/2012 9:41:16 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/13/2012 9:40:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/13/2012 9:40:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/13/2012 9:40:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/13/2012 9:40:21 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
.
==== End Of File ===========================