Inactive [A] Windows 7 - Pop up ads, redirected websites - Help!
- Thread starter hrdx
- Start date
Broni
Posts: 56,041 +517
Welcome aboard
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Please, observe following rules:
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
Logs
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 911122102
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
12/20/2011 6:54:13 PM
mbam-log-2011-12-20 (18-54-03).txt
Scan type: Quick scan
Objects scanned: 169060
Time elapsed: 1 minute(s), 52 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 8
Memory Processes Infected:
c:\Users\Dan\AppData\Local\sanctionedmedia\Smad\Smad.exe (Trojan.Agent) -> 920 -> No action taken.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smad (Trojan.Agent) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Smad (Trojan.Agent) -> Value: Smad -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Privacy Protection (Rogue.PrvacyProtect) -> Value: Privacy Protection -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\recycle.bin (Trojan.Spyeyes) -> No action taken.
Files Infected:
c:\Users\Dan\AppData\Local\Temp\gggf0.7131218485994142.exe (Trojan.Agent) -> No action taken.
c:\Users\Dan\AppData\Local\Temp\kolf0.7789910577395102.exe (Trojan.Agent) -> No action taken.
c:\Users\Dan\AppData\Local\Temp\rmncasoxwe.exe (Backdoor.Agent) -> No action taken.
c:\Users\Dan\downloads\vlcsetup (1).exe (Adware.Hotbar) -> No action taken.
c:\Users\Dan\downloads\VLCSetup.exe (Adware.Hotbar) -> No action taken.
c:\Users\Dan\local settings\application data\sanctionedmedia\Smad\Smad.exe (Trojan.Agent) -> No action taken.
c:\Users\Dan\AppData\Local\sanctionedmedia\Smad\Smad.exe (Trojan.Agent) -> No action taken.
c:\recycle.bin\307850651452189 (Trojan.Spyeyes) -> No action taken.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 911122102
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
12/20/2011 6:54:13 PM
mbam-log-2011-12-20 (18-54-03).txt
Scan type: Quick scan
Objects scanned: 169060
Time elapsed: 1 minute(s), 52 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 8
Memory Processes Infected:
c:\Users\Dan\AppData\Local\sanctionedmedia\Smad\Smad.exe (Trojan.Agent) -> 920 -> No action taken.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smad (Trojan.Agent) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Smad (Trojan.Agent) -> Value: Smad -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Privacy Protection (Rogue.PrvacyProtect) -> Value: Privacy Protection -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\recycle.bin (Trojan.Spyeyes) -> No action taken.
Files Infected:
c:\Users\Dan\AppData\Local\Temp\gggf0.7131218485994142.exe (Trojan.Agent) -> No action taken.
c:\Users\Dan\AppData\Local\Temp\kolf0.7789910577395102.exe (Trojan.Agent) -> No action taken.
c:\Users\Dan\AppData\Local\Temp\rmncasoxwe.exe (Backdoor.Agent) -> No action taken.
c:\Users\Dan\downloads\vlcsetup (1).exe (Adware.Hotbar) -> No action taken.
c:\Users\Dan\downloads\VLCSetup.exe (Adware.Hotbar) -> No action taken.
c:\Users\Dan\local settings\application data\sanctionedmedia\Smad\Smad.exe (Trojan.Agent) -> No action taken.
c:\Users\Dan\AppData\Local\sanctionedmedia\Smad\Smad.exe (Trojan.Agent) -> No action taken.
c:\recycle.bin\307850651452189 (Trojan.Spyeyes) -> No action taken.
gmer log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-20 19:15:50
Windows 6.1.7601 Service Pack 1
Running: pvih6qg8[1].exe
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@4Y3Y0C3AWF7XXVYVTLZNZXY C:\Recycle.Bin\B6232F3A2DD.exe /q
---- Files - GMER 1.0.15 ----
File C:\Recycle.Bin 0 bytes
File C:\Recycle.Bin\B6232F3A2DD.exe 281600 bytes executable
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-20 19:15:50
Windows 6.1.7601 Service Pack 1
Running: pvih6qg8[1].exe
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@4Y3Y0C3AWF7XXVYVTLZNZXY C:\Recycle.Bin\B6232F3A2DD.exe /q
---- Files - GMER 1.0.15 ----
File C:\Recycle.Bin 0 bytes
File C:\Recycle.Bin\B6232F3A2DD.exe 281600 bytes executable
---- EOF - GMER 1.0.15 ----
DDS log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Dan at 19:16:27 on 2011-12-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3997.2831 [GMT -8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Dan\AppData\Local\Temp\nEM6EC8.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [4Y3Y0C3AWF7XXVYVTLZNZXY] C:\Recycle.Bin\B6232F3A2DD.exe /q
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
StartupFolder: C:\Users\Dan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\Dan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 64.59.160.13 64.59.160.15 64.59.161.68
TCP: Interfaces\{047AF3DA-E778-487E-AA98-1C2D567E41FA} : DhcpNameServer = 64.59.160.13 64.59.160.15 64.59.161.68
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2011-12-21 02:51:14 -------- d-----w- C:\Users\Dan\AppData\Roaming\Malwarebytes
2011-12-21 02:51:10 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-21 02:51:07 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-21 02:51:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-17 06:09:30 -------- d-----w- C:\Program Files\iPod
2011-12-17 06:09:29 -------- d-----w- C:\Program Files\iTunes
2011-12-17 06:09:29 -------- d-----w- C:\Program Files (x86)\iTunes
2011-12-17 06:07:40 -------- d-----w- C:\Program Files\Bonjour
2011-12-17 06:07:40 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-12-12 15:10:34 -------- d--h--w- C:\$AVG
2011-12-11 01:47:49 -------- d-----w- C:\Users\Dan\AppData\Roaming\AVG
2011-12-11 01:37:27 -------- d-----w- C:\Users\Dan\AppData\Roaming\AVG2012
2011-12-11 01:36:05 -------- d--h--w- C:\ProgramData\Common Files
2011-12-11 01:35:34 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-12-11 01:35:34 -------- d-----w- C:\ProgramData\AVG2012
2011-12-11 01:34:36 -------- d-----w- C:\Program Files (x86)\AVG
2011-12-11 01:29:29 -------- d-----w- C:\ProgramData\MFAData
2011-12-11 00:24:13 -------- d-----w- C:\Users\Dan\AppData\Roaming\SUPERAntiSpyware.com
2011-12-11 00:23:46 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-11 00:23:46 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-07 04:36:08 -------- d-----w- C:\Users\Dan\AppData\Local\SanctionedMedia
2011-12-07 04:36:03 -------- d-----we C:\Windows\system64
2011-12-03 06:15:21 -------- d-----w- C:\Users\Dan\AppData\Local\Solid State Networks
.
==================== Find3M ====================
.
2011-12-15 02:15:52 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 19:16:48.47 ===============
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Dan at 19:16:27 on 2011-12-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3997.2831 [GMT -8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Dan\AppData\Local\Temp\nEM6EC8.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [4Y3Y0C3AWF7XXVYVTLZNZXY] C:\Recycle.Bin\B6232F3A2DD.exe /q
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
StartupFolder: C:\Users\Dan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\Dan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 64.59.160.13 64.59.160.15 64.59.161.68
TCP: Interfaces\{047AF3DA-E778-487E-AA98-1C2D567E41FA} : DhcpNameServer = 64.59.160.13 64.59.160.15 64.59.161.68
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2011-12-21 02:51:14 -------- d-----w- C:\Users\Dan\AppData\Roaming\Malwarebytes
2011-12-21 02:51:10 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-21 02:51:07 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-21 02:51:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-17 06:09:30 -------- d-----w- C:\Program Files\iPod
2011-12-17 06:09:29 -------- d-----w- C:\Program Files\iTunes
2011-12-17 06:09:29 -------- d-----w- C:\Program Files (x86)\iTunes
2011-12-17 06:07:40 -------- d-----w- C:\Program Files\Bonjour
2011-12-17 06:07:40 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-12-12 15:10:34 -------- d--h--w- C:\$AVG
2011-12-11 01:47:49 -------- d-----w- C:\Users\Dan\AppData\Roaming\AVG
2011-12-11 01:37:27 -------- d-----w- C:\Users\Dan\AppData\Roaming\AVG2012
2011-12-11 01:36:05 -------- d--h--w- C:\ProgramData\Common Files
2011-12-11 01:35:34 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-12-11 01:35:34 -------- d-----w- C:\ProgramData\AVG2012
2011-12-11 01:34:36 -------- d-----w- C:\Program Files (x86)\AVG
2011-12-11 01:29:29 -------- d-----w- C:\ProgramData\MFAData
2011-12-11 00:24:13 -------- d-----w- C:\Users\Dan\AppData\Roaming\SUPERAntiSpyware.com
2011-12-11 00:23:46 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-11 00:23:46 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-07 04:36:08 -------- d-----w- C:\Users\Dan\AppData\Local\SanctionedMedia
2011-12-07 04:36:03 -------- d-----we C:\Windows\system64
2011-12-03 06:15:21 -------- d-----w- C:\Users\Dan\AppData\Local\Solid State Networks
.
==================== Find3M ====================
.
2011-12-15 02:15:52 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 19:16:48.47 ===============
attach log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/4/2011 4:38:13 PM
System Uptime: 12/20/2011 6:55:12 PM (1 hours ago)
.
Motherboard: Gateway | | SJV40-MV
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | U2E1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 401.362 GiB free.
D: is CDROM ()
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP27: 12/9/2011 5:04:00 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP28: 12/10/2011 4:45:37 PM - Removed Skype™ 5.5
RP29: 12/10/2011 4:46:33 PM - Removed Skype Click to Call
RP30: 12/10/2011 4:55:01 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP31: 12/10/2011 4:58:20 PM - Removed Skype Click to Call
RP32: 12/10/2011 5:34:17 PM - Installed AVG 2012
RP33: 12/10/2011 5:34:59 PM - Installed AVG 2012
RP34: 12/13/2011 7:18:28 PM - Installed AVG 2012
RP35: 12/13/2011 7:18:56 PM - Installed AVG 2012
RP36: 12/13/2011 7:19:24 PM - Removed AVG 2012
RP37: 12/16/2011 10:08:21 PM - Installed iTunes
.
==== Installed Programs ======================
.
µTorrent
Adobe Reader X (10.1.1)
Apple Application Support
Apple Software Update
CopyTrans Suite Remove Only
DivX Setup
Google Chrome
ISODisk 1.1
Java Auto Updater
Java(TM) 6 Update 26
LEGO® Pirates of the Caribbean The Video Game
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
NCH Tone Generator
QuickTime
Skype Click to Call
TUGZip 3.5
VC80CRTRedist - 8.0.50727.4053
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.10
WavePad Sound Editor
Webcam Video Capture 4.8.0
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
12/20/2011 8:36:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.
12/20/2011 8:36:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SSDPSRV service.
12/20/2011 8:35:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache service.
12/20/2011 8:35:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
12/20/2011 7:16:36 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
12/20/2011 6:56:02 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
12/20/2011 6:55:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ISODisk
12/20/2011 6:55:31 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/20/2011 6:55:30 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/20/2011 6:55:30 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/20/2011 6:55:18 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\ISODisk.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/16/2011 10:08:14 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/4/2011 4:38:13 PM
System Uptime: 12/20/2011 6:55:12 PM (1 hours ago)
.
Motherboard: Gateway | | SJV40-MV
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | U2E1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 401.362 GiB free.
D: is CDROM ()
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP27: 12/9/2011 5:04:00 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP28: 12/10/2011 4:45:37 PM - Removed Skype™ 5.5
RP29: 12/10/2011 4:46:33 PM - Removed Skype Click to Call
RP30: 12/10/2011 4:55:01 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP31: 12/10/2011 4:58:20 PM - Removed Skype Click to Call
RP32: 12/10/2011 5:34:17 PM - Installed AVG 2012
RP33: 12/10/2011 5:34:59 PM - Installed AVG 2012
RP34: 12/13/2011 7:18:28 PM - Installed AVG 2012
RP35: 12/13/2011 7:18:56 PM - Installed AVG 2012
RP36: 12/13/2011 7:19:24 PM - Removed AVG 2012
RP37: 12/16/2011 10:08:21 PM - Installed iTunes
.
==== Installed Programs ======================
.
µTorrent
Adobe Reader X (10.1.1)
Apple Application Support
Apple Software Update
CopyTrans Suite Remove Only
DivX Setup
Google Chrome
ISODisk 1.1
Java Auto Updater
Java(TM) 6 Update 26
LEGO® Pirates of the Caribbean The Video Game
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
NCH Tone Generator
QuickTime
Skype Click to Call
TUGZip 3.5
VC80CRTRedist - 8.0.50727.4053
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.10
WavePad Sound Editor
Webcam Video Capture 4.8.0
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
12/20/2011 8:36:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.
12/20/2011 8:36:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SSDPSRV service.
12/20/2011 8:35:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache service.
12/20/2011 8:35:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
12/20/2011 7:16:36 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
12/20/2011 6:56:02 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
12/20/2011 6:55:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ISODisk
12/20/2011 6:55:31 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/20/2011 6:55:30 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/20/2011 6:55:30 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/20/2011 6:55:18 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\ISODisk.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/16/2011 10:08:14 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================
Broni
Posts: 56,041 +517
Your MBAM log says "No action taken".
Re-run it, FIX all issues, post new log.
You're not running any AV program.
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan, report on any findings.
Re-run it, FIX all issues, post new log.
You're not running any AV program.
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan, report on any findings.
Similar threads
