TechSpot

System Check malware removal problem

By jack302
Jan 31, 2012
  1. My system had signs it was infected by the 'system check' bug. My computer all of the sudden shut down and when rebooted it was telling me there was a Critical system error with various pop ups telling me that the RAM reliability was low. I was unable to run task manager and I cannot view any of my files. I installed SUPER anti spyware and it has got rid of the popups and task manager is now able to run. However, my desktop has yet to be fully recovered along with my proper task bar and folders. Below is the log from SUPER anti spyware.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/31/2012 at 06:17 AM

    Application Version : 5.0.1142

    Core Rules Database Version : 8183
    Trace Rules Database Version: 5995

    Scan type : Complete Scan
    Total Scan Time : 01:13:37

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 572
    Memory threats detected : 2
    Registry items scanned : 43276
    Registry threats detected : 0
    File items scanned : 102520
    File threats detected : 55

    Adware.Tracking Cookie
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\jack_mccay@account.7digital[2].txt [ /account.7digital ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\jack_mccay@adform[1].txt [ /adform ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\jack_mccay@ads.pointroll[1].txt [ /ads.pointroll ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\jack_mccay@apmebf[1].txt [ /apmebf ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\jack_mccay@invitemedia[1].txt [ /invitemedia ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\jack_mccay@media6degrees[2].txt [ /media6degrees ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\jack_mccay@mediaplex[2].txt [ /mediaplex ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\jack_mccay@microsoftwllivemkt.112.2o7[1].txt [ /microsoftwllivemkt.112.2o7 ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\jack_mccay@pointroll[2].txt [ /pointroll ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\jack_mccay@protectyourbubblecom.solution.weborama[2].txt [ /protectyourbubblecom.solution.weborama ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\jack_mccay@questionmarket[1].txt [ /questionmarket ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\jack_mccay@smartadserver[2].txt [ /smartadserver ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\jack_mccay@track.adform[2].txt [ /track.adform ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\jack_mccay@tribalfusion[2].txt [ /tribalfusion ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\jack_mccay@vdwp.solution.weborama[2].txt [ /vdwp.solution.weborama ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\jack_mccay@weborama[1].txt [ /weborama ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\HDHOJMQ2.txt [ /atdmt.combing.com ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\WFP4VQBD.txt [ /bs.serving-sys.com ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\NTRWI0IX.txt [ /ru4.com ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\A2DLY6UB.txt [ /doubleclick.net ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\G1UXBSGL.txt [ /invitemedia.com ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\BNAK4XWK.txt [ /media6degrees.com ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\IOZNKRG3.txt [ /serving-sys.com ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\F2JMGA3V.txt [ /c.atdmt.com ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\QW043BRG.txt [ /questionmarket.com ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\790ARSRB.txt [ /atdmt.com ]
    C:\Users\Jack McCay\AppData\Roaming\Microsoft\Windows\Cookies\AZDPOI3B.txt [ /atdmt.combing.com ]
    C:\USERS\JACK MCCAY\Cookies\HDHOJMQ2.txt [ Cookie:jack mccay@atdmt.combing.com/ ]
    C:\USERS\JACK MCCAY\Cookies\jack_mccay@mediaplex[2].txt [ Cookie:jack mccay@mediaplex.com/ ]
    C:\USERS\JACK MCCAY\Cookies\jack_mccay@ads.pointroll[1].txt [ Cookie:jack mccay@ads.pointroll.com/ ]
    C:\USERS\JACK MCCAY\Cookies\A2DLY6UB.txt [ Cookie:jack mccay@doubleclick.net/ ]
    C:\USERS\JACK MCCAY\Cookies\jack_mccay@account.7digital[2].txt [ Cookie:jack mccay@account.7digital.com/ ]
    C:\USERS\JACK MCCAY\Cookies\G1UXBSGL.txt [ Cookie:jack mccay@invitemedia.com/ ]
    C:\USERS\JACK MCCAY\Cookies\BNAK4XWK.txt [ Cookie:jack mccay@media6degrees.com/ ]
    C:\USERS\JACK MCCAY\Cookies\jack_mccay@track.adform[2].txt [ Cookie:jack mccay@track.adform.net/ ]
    C:\USERS\JACK MCCAY\Cookies\IOZNKRG3.txt [ Cookie:jack mccay@serving-sys.com/ ]
    C:\USERS\JACK MCCAY\Cookies\F2JMGA3V.txt [ Cookie:jack mccay@c.atdmt.com/ ]
    C:\USERS\JACK MCCAY\Cookies\jack_mccay@weborama[1].txt [ Cookie:jack mccay@weborama.fr/ ]
    C:\USERS\JACK MCCAY\Cookies\jack_mccay@vdwp.solution.weborama[2].txt [ Cookie:jack mccay@vdwp.solution.weborama.fr/ ]
    C:\USERS\JACK MCCAY\Cookies\jack_mccay@protectyourbubblecom.solution.weborama[2].txt [ Cookie:jack mccay@protectyourbubblecom.solution.weborama.fr/ ]
    C:\USERS\JACK MCCAY\Cookies\jack_mccay@tribalfusion[2].txt [ Cookie:jack mccay@tribalfusion.com/ ]
    C:\USERS\JACK MCCAY\Cookies\jack_mccay@adform[1].txt [ Cookie:jack mccay@adform.net/ ]
    C:\USERS\JACK MCCAY\Cookies\QW043BRG.txt [ Cookie:jack mccay@questionmarket.com/ ]
    C:\USERS\JACK MCCAY\Cookies\jack_mccay@smartadserver[2].txt [ Cookie:jack mccay@smartadserver.com/ ]
    C:\USERS\JACK MCCAY\Cookies\jack_mccay@apmebf[1].txt [ Cookie:jack mccay@apmebf.com/ ]
    C:\USERS\JACK MCCAY\Cookies\790ARSRB.txt [ Cookie:jack mccay@atdmt.com/ ]
    C:\USERS\JACK MCCAY\Cookies\jack_mccay@pointroll[2].txt [ Cookie:jack mccay@pointroll.com/ ]

    Trojan.Agent/Gen-FakeAV
    C:\PROGRAMDATA\RUMRAHICILVEX.EXE
    C:\PROGRAMDATA\RUMRAHICILVEX.EXE
    C:\Windows\Prefetch\RUMRAHICILVEX.EXE-FFE300E4.pf

    Trojan.Agent/Gen-RogueAS
    C:\PROGRAMDATA\QLYYTTKSB5YU0X.EXE
    C:\PROGRAMDATA\QLYYTTKSB5YU0X.EXE
    C:\USERS\JACK MCCAY\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\SYSTEM CHECK.LNK
    C:\USERS\JACK MCCAY\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SYSTEM CHECK\SYSTEM CHECK.LNK
    C:\USERS\JACK MCCAY\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SYSTEM CHECK\UNINSTALL SYSTEM CHECK.LNK
    C:\USERS\JACK MCCAY\DESKTOP\SYSTEM CHECK.LNK
    C:\Windows\Prefetch\QLYYTTKSB5YU0X.EXE-12CFF83F.pf



    I would really appreciate if someone could give me a hand, thanks a lot.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll help you with this rogue.

    We can fix the cosmetic problems later, but to help you see the 'missing' icons, programs, etc. Please run the following:
    Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.

    Note 1: This does not remove the malware- only the attribute causing the 'missing' problem.So it is important for you to continue.
    Note 2: If you are infected with System Check it is important that you do not delete any files from your Temp folder or use any temp file cleaners
    ===================================
    Please follow these steps: Preliminary Virus and Malware Removal.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ==========================================
    When you have finished the preliminary scans above, go on to the following:

    I'd like you to run Combofix- but it won't run with AVG. If that is your AV, you will need to temporarily uninstall AVG as follows: (skip App Remover if not needed for AVG)

    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one: If needed
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Expect these- they are normal:
    1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
    2. Before you run the Combofix scan, please disable any security software you have running.
    3. Combofix may need to reboot your computer more than once to do its job this is normal.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ===================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PMwith your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.
    ====================================
    Please leave all logs in your next reply. Okay to use more that 1 post if needed.
     
  3. jack302

    jack302 TS Rookie Topic Starter

    Log from Malwarebytes, other logs to follow.

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.02.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Jack McCay :: JACKMCCAY-PC [administrator]

    02/02/2012 15:32:17
    mbam-log-2012-02-02 (15-32-17).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 180162
    Time elapsed: 7 minute(s), 4 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\Jack McCay\AppData\Local\Temp\0.7175875272351193.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
    C:\Users\Jack McCay\AppData\Local\Temp\0.8156020884381793.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

    (end)
     
  4. jack302

    jack302 TS Rookie Topic Starter

    The dds log.


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
    Run by Jack McCay at 16:39:53 on 2012-02-02
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.714 [GMT 0:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://guardian.co.uk/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [RUMrAHicILvex.exe] C:\ProgramData\RUMrAHicILvex.exe
    uRun: [Facebook Update] "C:\Users\Jack McCay\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [O2DA] "C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe" /P O2DA
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\JACKMC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: HideFastUserSwitching = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{6393D9AA-E335-46B3-B406-67662E619B7F} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{B0E39E5F-2207-43CA-B37C-ECF6A7068C30} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{B0E39E5F-2207-43CA-B37C-ECF6A7068C30}\140707C65675962756C6563737 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{B0E39E5F-2207-43CA-B37C-ECF6A7068C30}\741696C602D436341697 : DhcpNameServer = 192.168.1.1
    SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [O2DA] "C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe" /P O2DA
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Jack McCay\AppData\Roaming\Mozilla\Firefox\Profiles\wqckxwaa.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.guardian.co.uk/
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
    FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Jack McCay\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100901.003\BHDrvx64.sys [2010-9-1 954928]
    R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100916.001\IDSviA64.sys [2010-9-17 463408]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [?]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-6-27 89600]
    R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe [2011-10-11 126400]
    R2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe [2010-4-23 206120]
    R2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe [2010-4-23 185640]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-7 227896]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-9-16 132656]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-02-02 16:36:06 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{19BD28BC-5CD2-485F-8690-2B4EEE6B467F}\mpengine.dll
    2012-02-02 15:31:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-02-01 15:58:52 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-01 12:15:20 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\26e43af41cce0db42\bingbarsetup.exe
    2012-02-01 12:12:54 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d279cd661cce0da34\MeshBetaRemover.exe
    2012-02-01 12:10:18 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\752a7af21cce0da27\DSETUP.dll
    2012-02-01 12:10:18 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\752a7af21cce0da27\DXSETUP.exe
    2012-02-01 12:10:18 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\752a7af21cce0da27\dsetup32.dll
    2012-02-01 12:10:13 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6fff29921cce0da26\DXSETUP.exe
    2012-02-01 12:10:12 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6fff29921cce0da26\DSETUP.dll
    2012-02-01 12:10:12 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\6fff29921cce0da26\dsetup32.dll
    2012-02-01 12:04:56 -------- d-----w- C:\Users\Jack McCay\AppData\Local\Windows Live
    2012-01-31 14:57:16 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77FCA330-517F-457B-863C-E599960DC58A}\gapaengine.dll
    2012-01-31 14:56:50 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-01-31 14:54:43 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-01-31 14:54:32 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-01-31 13:40:15 -------- d-----w- C:\Users\Jack McCay\AppData\Roaming\Malwarebytes
    2012-01-31 13:39:45 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-01-31 12:44:34 -------- d-----w- C:\ProgramData\AVAST Software
    2012-01-31 12:44:34 -------- d-----w- C:\Program Files\AVAST Software
    2012-01-31 06:59:21 -------- d-s---w- C:\ComboFix
    2012-01-31 05:01:30 -------- d-----w- C:\Users\Jack McCay\AppData\Roaming\SUPERAntiSpyware.com
    2012-01-24 09:45:34 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    2012-01-19 09:25:51 -------- d-----w- C:\Users\Jack McCay\AppData\Local\Chromium
    2012-01-19 09:12:59 506728 ----a-w- C:\Windows\System32\d3dx10_33.dll
    2012-01-17 22:14:37 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-01-14 11:05:15 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
    2012-01-14 11:05:15 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
    2012-01-14 11:05:15 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
    2012-01-14 11:05:15 45016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
    2012-01-11 19:25:12 1572864 ----a-w- C:\Windows\System32\quartz.dll
    2012-01-11 19:25:12 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
    2012-01-11 19:25:11 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-01-11 19:25:11 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-01-11 19:25:06 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-01-11 19:25:05 1731920 ----a-w- C:\Windows\System32\ntdll.dll
    2012-01-11 19:25:03 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-01-11 19:25:03 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    .
    ==================== Find3M ====================
    .
    2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
    2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
    2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
    2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
    2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
    2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
    2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
    2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 16:48:09.36 ===============
     
  5. jack302

    jack302 TS Rookie Topic Starter

    Plus the attach of the ddm files. The GMER had no findings and therefore there was no log.

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 16/09/2010 10:27:17
    System Uptime: 02/02/2012 15:46:41 (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 3069
    Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | CPU | 1197/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 285 GiB total, 210.071 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 2.086 GiB free.
    E: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP125: 24/01/2012 09:45:54 - Installed HP Support Assistant
    RP126: 24/01/2012 09:51:00 - Windows Modules Installer
    RP127: 24/01/2012 09:52:06 - Windows Modules Installer
    RP128: 31/01/2012 12:44:03 - avast! Free Antivirus Setup
    RP129: 31/01/2012 14:23:34 - Removed Facebook Video Calling 1.1.1.1
    RP130: 31/01/2012 14:25:51 - avast! Free Antivirus Setup
    RP131: 31/01/2012 14:56:20 - Windows Update
    RP132: 01/02/2012 12:03:52 - CheckIfInstallerIsBusy
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.2 MUI
    Adobe Shockwave Player
    Apple Application Support
    Apple Software Update
    Atheros Driver Installation Program
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite
    CyberLink MediaShow
    CyberLink PowerDVD 8
    CyberLink YouCam
    Facebook Video Calling 1.1.1.1
    Football Manager 2010
    Football Manager 2012
    Hewlett-Packard ACLM.NET v1.1.2.0
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP Quick Launch Buttons
    HP Setup
    HP Support Assistant
    HP Update
    HP User Guides 0148
    HP Wireless Assistant
    IDT Audio
    Java Auto Updater
    Java(TM) 6 Update 22
    Junk Mail filter update
    LabelPrint
    Last.fm 1.5.4.27091
    LightScribe System Software
    Magic Desktop
    Malwarebytes Anti-Malware version 1.60.1.1000
    McAfee Security Scan Plus
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Mozilla Firefox 10.0 (x86 en-US)
    MSVCRT
    My O2
    Norton Internet Security
    Norton Online Backup
    OpenOffice.org 3.3
    Power2Go
    PowerDirector
    QLBCASL
    QuickTime
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek USB 2.0 Card Reader
    Recovery Manager
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype™ 4.0
    Spotify
    Steam
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Veetle TV
    VLC media player 1.1.10
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR 4.00 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    31/01/2012 06:26:37, Error: Service Control Manager [7034] - The Easybits Shared Services for Windows service terminated unexpectedly. It has done this 1 time(s).
    30/01/2012 21:21:07, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    30/01/2012 21:18:31, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    30/01/2012 21:14:10, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccHP DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SYMTDIv tdx vwififlt Wanarpv6 WfpLwf
    30/01/2012 21:14:10, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    30/01/2012 21:14:10, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    30/01/2012 21:14:10, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    30/01/2012 21:14:10, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    30/01/2012 21:14:10, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    30/01/2012 21:14:10, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    30/01/2012 21:14:10, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    30/01/2012 21:14:10, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    30/01/2012 21:14:10, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    30/01/2012 21:14:10, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    27/01/2012 03:36:53, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    02/02/2012 15:47:37, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    01/02/2012 23:35:13, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    .
    ==== End Of File ===========================
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You have 3 antivirus programs running:

    Microsoft Security Essentials
    Norton: Norton Removal Tool
    Avast: Avast Removal

    I had no information so I included the App Remover if you had AVG. If has a temporary AV to be used and I stressed if needed. It wasn't so now you need to get down to 1 AV. Norton may have come with the system. You may not use it or update it, but it still runs and will cause both vulnerabilities and slowness. Please remove it and Avast.

    Reboot the system when through.

    Please go on with Combofix.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...