also @ TechSpot: Jolla unveils first Sailfish OS smartphone, set to ship this year

Win64/Patched.A virus

Discussion in 'Virus and Malware Removal' started by d3tached, Oct 25, 2012.

Post New Reply
Page 1 of 4

  1. d3tached Newcomer, in training Posts: 44

    Hi, need help to get these annoying virus alerts off my computer. AVG doesn't remove them properly because they are whitelisted items and I need help to remove it by tomorrow. I'll follow the instructions as listed when I wake up tomorrow. Please reply and Thank You.
    d3tached, Oct 25, 2012
    #1

  2. Broni Malware Annihilator Posts: 39,313   +175

    Welcome aboard [IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
    Broni, Oct 26, 2012
    #2

  3. d3tached Newcomer, in training Posts: 44

    In my first scan now. Also, my Microsoft Updater appeared null in my control panel.
    d3tached, Oct 26, 2012
    #3

  4. d3tached Newcomer, in training Posts: 44

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.10.26.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Travis :: TRAVIS-PC [administrator]

    10/26/2012 12:40:39 AM
    mbam-log-2012-10-26 (00-40-39).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 205815
    Time elapsed: 6 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 35
    HKCR\CLSID\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044444479} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCR\Interface\{55555555-5555-5555-5555-550055445579} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0004479.BHO.1 (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.Funmoods) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\Software\InstalledBrowserExtensions\215 Apps|4479 (PUP.CrossFire.SA) -> Data: Giant Savings -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.Funmoods) -> Quarantined and deleted successfully.

    Files Detected: 19
    C:\Program Files (x86)\Giant Savings\Giant Savings.dll (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\Travis\AppData\Local\Temp\0.8534229237374891 (Trojan.Happili) -> Quarantined and deleted successfully.
    C:\Users\Travis\AppData\Local\Temp\is754907076\GiantSavings_US.exe (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{47ad6d15-b214-984f-6b2f-1fa76e001fd4}\U\80000000.@ (Rootkit.0Access.64) -> Quarantined and deleted successfully.
    C:\Users\Travis\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Delete on reboot.
    C:\Users\Travis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Delete on reboot.
    C:\Users\Travis\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\Travis\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\Sqlite3.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\uninst.dat (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.Funmoods) -> Quarantined and deleted successfully.

    (end)
    d3tached, Oct 26, 2012
    #4

  5. d3tached Newcomer, in training Posts: 44

    Edit, Sorry no modifications.
    d3tached, Oct 26, 2012
    #5

  6. d3tached Newcomer, in training Posts: 44

    DDS (Ver_2012-10-19.01) - NTFS_AMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_37
    Run by Travis at 1:27:33 on 2012-10-26
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2814.1077 [GMT -4:00]
    .
    AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG10\avgfws.exe
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\AVG\AVG10\avgui.exe
    C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Travis\AppData\Local\Google\Chrome\Application\chrome.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\AVG\AVG10\avgcfgex.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/?affID=109935&tt=010712_5&babsrc=HP_ss&mntrId=8c9d8b2c0000000000007071bc78f2bb
    uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
    BHO: Complitly: {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Travis\AppData\Roaming\Complitly\Complitly.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
    TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
    uRun: [Google Update] "C:\Users\Travis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
    mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{F86ECD98-6FB5-485E-86F8-6EC1BA6A9818} : DHCPNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
    x64-BHO: Complitly: {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Travis\AppData\Roaming\Complitly\64\Complitly64.dll
    x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
    x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\lznyrcgo.default\
    FF - prefs.js: browser.search.selectedEngine - Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109935&tt=010712_5&babsrc=HP_ss&mntrId=8c9d8b2c0000000000007071bc78f2bb
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dd80360&v=7.008.031.001&I=26&tp=ab&iy=&ychte=us&lng=en-US&q=
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\nphdplg.dll
    FF - plugin: C:\Users\Travis\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - ExtSQL: 2012-10-18 22:08; plugin@yontoo.com; C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\lznyrcgo.default\extensions\plugin@yontoo.com
    FF - ExtSQL: 2012-10-20 01:01; ffxtlbr@funmoods.com; C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\lznyrcgo.default\extensions\ffxtlbr@funmoods.com
    FF - ExtSQL: !HIDDEN! 2010-01-17 08:54; hgghmjltgn@hgghmjltgn.org; C:\Users\Travis\Application Data\Mozilla\Firefox\Profiles\lznyrcgo.default\extensions\hgghmjltgn@hgghmjltgn.org.xpi
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=109935&tt=010712_5
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 8c9d8b2c0000000000007071bc78f2bb
    FF - user.js: extensions.BabylonToolbar_i.hardId - 8c9d8b2c0000000000007071bc78f2bb
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15527
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:19:01
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    FF - user.js: extensions.funmoods.hmpg - false
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CyBzz0FtB0B0Bzz0BtB0CtN0D0Tzu0CtBzytBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=865177572
    FF - user.js: extensions.funmoods.dfltSrch - true
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - false
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CyBzz0FtB0B0Bzz0BtB0CtN0D0Tzu0CtBzytBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=865177572
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CyBzz0FtB0B0Bzz0BtB0CtN0D0Tzu0CtBzytBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=865177572&q=
    FF - user.js: extensions.funmoods.id - 7071BC78F2BB8B2C
    FF - user.js: extensions.funmoods.instlDay - 15631
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2222:7:59
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - download
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - download
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - true
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    FF - user.js: extentions.y2layers.installId - f57cf61d-9e03-4298-969a-9885123e11d2
    FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: security.csp.enable - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-3-16 37456]
    R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-4-5 377936]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 31080]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-3-9 2708024]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-9-24 1328736]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
    R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-2 2337144]
    R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-4 722528]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-5-27 118864]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]
    R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-3 136176]
    S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-9-24 656480]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-18 250808]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-21 167264]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-3 136176]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-29 1255736]
    .
    =============== Created Last 30 ================
    .
    2012-10-26 04:39:00--------d-----w-C:\Users\Travis\AppData\Roaming\Malwarebytes
    2012-10-26 04:38:22--------d-----w-C:\ProgramData\Malwarebytes
    2012-10-26 04:38:2125928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-10-26 04:38:21--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-26 04:33:56477168----a-w-C:\Windows\SysWow64\npdeployJava1.dll
    2012-10-26 04:30:30--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
    2012-10-26 03:34:532871808----a-w-C:\Windows\explorer.exe
    2012-10-26 03:33:4527520----a-w-C:\Windows\System32\drivers\Diskdump.sys
    2012-10-26 03:29:0952736----a-w-C:\Windows\System32\drivers\usbehci.sys
    2012-10-26 03:29:0898816----a-w-C:\Windows\System32\drivers\usbccgp.sys
    2012-10-26 03:29:087936----a-w-C:\Windows\System32\drivers\usbd.sys
    2012-10-26 03:29:08343040----a-w-C:\Windows\System32\drivers\usbhub.sys
    2012-10-26 03:29:08325120----a-w-C:\Windows\System32\drivers\usbport.sys
    2012-10-26 03:29:0830720----a-w-C:\Windows\System32\drivers\usbuhci.sys
    2012-10-26 03:29:0825600----a-w-C:\Windows\System32\drivers\usbohci.sys
    2012-10-26 03:28:44503808----a-w-C:\Windows\System32\srcore.dll
    2012-10-26 03:28:4443008----a-w-C:\Windows\SysWow64\srclient.dll
    2012-10-26 03:20:11--------d-----w-C:\Program Files\Wireshark
    2012-10-26 03:17:23--------d-----w-C:\Users\Travis\AppData\Local\WindowsUpdate
    2012-10-26 03:06:49--------d-----w-C:\Users\Travis\AppData\Local\Secunia PSI
    2012-10-26 03:06:12--------d-----w-C:\Program Files (x86)\Secunia
    2012-10-19 02:09:15--------d-----w-C:\Program Files (x86)\SoundSpectrum
    2012-10-19 02:08:15--------d-----w-C:\Program Files (x86)\Yontoo
    2012-10-19 02:08:11--------d-----w-C:\ProgramData\Tarma Installer
    2012-10-19 02:07:59--------d-----w-C:\Program Files (x86)\Funmoods
    .
    ==================== Find3M ====================
    .
    2012-10-26 04:33:44473072----a-w-C:\Windows\SysWow64\deployJava1.dll
    2012-10-26 03:18:5573656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-26 03:18:55696760----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
    2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
    2012-09-05 03:07:4531080----a-w-C:\Windows\System32\drivers\avgtpx64.sys
    2012-08-31 18:19:351659760----a-w-C:\Windows\System32\drivers\ntfs.sys
    2012-08-30 18:03:455559664----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:023968880----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:023914096----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05:07220160----a-w-C:\Windows\System32\wintrust.dll
    2012-08-24 18:05:061188864----a-w-C:\Windows\System32\wininet.dll
    2012-08-24 16:57:48981504----a-w-C:\Windows\SysWow64\wininet.dll
    2012-08-24 16:57:48172544----a-w-C:\Windows\SysWow64\wintrust.dll
    2012-08-24 15:59:301638912----a-w-C:\Windows\System32\mshtml.tlb
    2012-08-24 15:20:391638912----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:501913200----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40950128----a-w-C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40376688----a-w-C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01:00245760----a-w-C:\Windows\System32\OxpsConverter.exe
    2012-08-20 18:48:44362496----a-w-C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44243200----a-w-C:\Windows\System32\wow64.dll
    2012-08-20 18:48:4413312----a-w-C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43215040----a-w-C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:3716384----a-w-C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35424448----a-w-C:\Windows\System32\KernelBase.dll
    2012-08-20 18:46:22338432----a-w-C:\Windows\System32\conhost.exe
    2012-08-20 17:40:2114336----a-w-C:\Windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:4444032----a-w-C:\Windows\apppatch\acwow64.dll
    2012-08-20 17:38:2625600----a-w-C:\Windows\SysWow64\setup16.exe
    2012-08-20 17:37:195120----a-w-C:\Windows\SysWow64\wow32.dll
    2012-08-20 17:37:18274944----a-w-C:\Windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:217680----a-w-C:\Windows\SysWow64\instnm.exe
    2012-08-20 15:38:202048----a-w-C:\Windows\SysWow64\user.exe
    2012-08-20 15:33:286144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:284608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:283584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:283072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-08-11 00:56:03715776----a-w-C:\Windows\System32\kerberos.dll
    2012-08-10 23:56:14542208----a-w-C:\Windows\SysWow64\kerberos.dll
    2012-08-02 17:58:52574464----a-w-C:\Windows\System32\d3d10level9.dll
    2012-08-02 16:57:20490496----a-w-C:\Windows\SysWow64\d3d10level9.dll
    .
    ============= FINISH: 1:28:01.92 ===============
    d3tached, Oct 26, 2012
    #6
     

  7. d3tached Newcomer, in training Posts: 44

    DDS (Ver_2012-10-19.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/26/2010 6:08:44 AM
    System Uptime: 10/26/2012 12:50:08 AM (1 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | NARRA5
    Processor: AMD Sempron(tm) 140 Processor | Socket AM2 | 783/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 286 GiB total, 184.009 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 1.676 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP142: 10/4/2012 9:17:48 PM - Scheduled Checkpoint
    RP143: 10/10/2012 3:00:16 AM - Windows Update
    RP144: 10/18/2012 12:22:11 PM - Scheduled Checkpoint
    RP145: 10/25/2012 9:57:24 PM - Scheduled Checkpoint
    RP146: 10/25/2012 11:21:05 PM - Installed MSXML 4.0 SP3 Parser
    RP147: 10/25/2012 11:37:30 PM - Windows Update
    RP148: 10/26/2012 12:30:44 AM - Installed Java(TM) 6 Update 37
    .
    ==== Installed Programs ======================
    .
    µTorrent
    ActiveCheck component for HP Active Support Library
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2011
    Babylon toolbar on IE
    BabylonObjectInstaller
    BlackBerry Desktop Software 6.1
    Bonjour
    Complitly
    Counter-Strike: Source
    CyberLink DVD Suite Deluxe
    DirectX for Managed Code Update (Summer 2004)
    Download Updater (AOL LLC)
    DVD Menu Pack for HP MediaSmart Video
    DVDFab 8.1.3.8 (09/12/2011) Qt
    FrostWire 5.1.5
    G-Force
    Giant Savings
    Google Chrome
    Google Earth
    Google Update Helper
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart Demo
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP MediaSmart SmartMenu
    HP MediaSmart/TouchSmart Netflix
    HP Odometer
    HP Remote Solution
    HP Setup
    HP Support Assistant
    HP Support Information
    HP Update
    HP Vision Hardware Diagnostics
    HPAsset component for HP Active Support Library
    Hulu Desktop
    Java Auto Updater
    Java(TM) 6 Update 37
    Junk Mail filter update
    LabelPrint
    League of Legends
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Live Search Toolbar
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Minecraft Cracked
    Movie Theme Pack for HP MediaSmart Video
    Mozilla Firefox 10.0.2 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    NVIDIA Drivers
    Pando Media Booster
    PlayReady PC Runtime amd64
    Power2Go
    PowerDirector
    QuickTime
    Realtek High Definition Audio Driver
    Recovery Manager
    SAMSUNG USB Driver for Mobile Phones
    Secunia PSI (3.0.0.4001)
    Steam
    SwiftKit
    TeamViewer 6
    Update Installer for WildTangent Games App
    uTorrentBar Toolbar
    Visual Studio 2008 x64 Redistributables
    WildTangent Games App (HP Games)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinPcap 4.1.2
    WinRAR 4.00 beta 1 (32-bit)
    Wireshark 1.6.11 (64-bit)
    Yahoo! Detect
    Yontoo 1.10.02
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/26/2012 1:19:31 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    10/26/2012 1:19:31 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    10/25/2012 7:22:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    10/25/2012 11:47:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
    10/25/2012 11:44:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office 2010 (KB2553141) 32-Bit Edition.
    10/22/2012 6:46:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    10/20/2012 3:32:42 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.7 did not allow the name to be claimed by this computer.
    .
    ==== End Of File ===========================
    d3tached, Oct 26, 2012
    #7

  8. d3tached Newcomer, in training Posts: 44

    Dupe...
    d3tached, Oct 26, 2012
    #8

  9. d3tached Newcomer, in training Posts: 44

    Sorry for PM'ing without reading the rules. Thanks for not ignoring me afterwards aswell. New member thats all.
    d3tached, Oct 26, 2012
    #9

  10. d3tached Newcomer, in training Posts: 44

    Virus info-

    Object name C:\Windows\System32\services.exe
    Detection name Virus identified Win64/Patched.A
    Object type file
    SDK Type Core
    Result Object is white-listed (critical/system file that should not be removed)
    d3tached, Oct 26, 2012
    #10

  11. d3tached Newcomer, in training Posts: 44

    Alright, ready when you are chief.
    d3tached, Oct 26, 2012
    #11

  12. Broni Malware Annihilator Posts: 39,313   +175

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
    Broni, Oct 26, 2012
    #12

  13. d3tached Newcomer, in training Posts: 44

    Need to find my flash
    d3tached, Oct 26, 2012
    #13

  14. d3tached Newcomer, in training Posts: 44

    Hello, sorry for the inconvenience but I need to buy a flashdrive tomorrow when I get paid. If possible could I postpone your assistance til then?
    d3tached, Oct 26, 2012
    #14

  15. Broni Malware Annihilator Posts: 39,313   +175

    No problem :)
    Broni, Oct 27, 2012
    #15

  16. d3tached Newcomer, in training Posts: 44

    Sorry again but I need to know whether I'll be able to use the flash later without infecting anything. If so I can continue tonight but if not I'll have to buy one tomorrow. Please get back to me.
    d3tached, Oct 27, 2012
    #16

  17. Broni Malware Annihilator Posts: 39,313   +175

    Broni, Oct 27, 2012
    #17

  18. d3tached Newcomer, in training Posts: 44

    Will it disinfect the flash drive after using one of the programs? making it usable on other computers as well that don't have those programs? The flash is used on multiple devices.
    d3tached, Oct 27, 2012
    #18

  19. Broni Malware Annihilator Posts: 39,313   +175

    Use it until we're done and then format it to be safe.
    Broni, Oct 28, 2012
    #19

  20. d3tached Newcomer, in training Posts: 44

    So install the program on my computer to disinfect it before it goes to another computer?
    d3tached, Oct 28, 2012
    #20
Page 1 of 4

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.