Solved Can't access search engines such as Google

Status
Not open for further replies.

lucy fox

Posts: 13   +0
My little boy's computer appears to have a virus preventing him from accessing search engines such as google. I have tried lots of things to remove it such as running malwarebytes, superantispyware and spybot but nothing is able to find what is causing the propblem. Can anybody suggest something that may help?
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
Please review the 4-Step instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
 
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ben :: BEN-LAPTOP [administrator]

Protection: Disabled

01/12/2012 17:14:13
mbam-log-2012-12-01 (17-14-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204635
Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
2012/12/01 00:18:06 GMTBEN-LAPTOPBenMESSAGEStopping IP protection
2012/12/01 00:18:07 GMTBEN-LAPTOPBenMESSAGEIP Protection stopped successfully
2012/12/01 00:18:09 GMTBEN-LAPTOPBenMESSAGEStopping protection
2012/12/01 00:18:09 GMTBEN-LAPTOPBenMESSAGEProtection stopped successfully
2012/12/01 07:30:55 GMTBEN-LAPTOPBenMESSAGEExecuting scheduled update: Daily
2012/12/01 07:31:13 GMTBEN-LAPTOPBenMESSAGEScheduled update executed successfully: database updated from version v2012.11.30.10 to version v2012.12.01.03
2012/12/01 07:31:26 GMTBEN-LAPTOPBenMESSAGEStarting database refresh
2012/12/01 07:31:30 GMTBEN-LAPTOPBenMESSAGEDatabase refreshed successfully
2012/12/01 16:30:02 GMTBEN-LAPTOPBenMESSAGEStarting protection
2012/12/01 16:30:02 GMTBEN-LAPTOPBenMESSAGEProtection started successfully
2012/12/01 16:30:04 GMTBEN-LAPTOPBenMESSAGEStarting IP protection
2012/12/01 16:30:12 GMTBEN-LAPTOPBenMESSAGEIP Protection started successfully
2012/12/01 16:30:12 GMTBEN-LAPTOPBenMESSAGEStopping IP protection
2012/12/01 16:30:13 GMTBEN-LAPTOPBenMESSAGEIP Protection stopped successfully
2012/12/01 16:30:13 GMTBEN-LAPTOPBenMESSAGEStarting IP protection
2012/12/01 16:30:18 GMTBEN-LAPTOPBenMESSAGEIP Protection started successfully
2012/12/01 16:34:00 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49358, Process: iexplore.exe)
2012/12/01 16:34:00 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49359, Process: iexplore.exe)
2012/12/01 16:34:00 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49360, Process: iexplore.exe)
2012/12/01 16:34:09 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49367, Process: iexplore.exe)
2012/12/01 16:34:09 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49368, Process: iexplore.exe)
2012/12/01 16:34:09 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49369, Process: iexplore.exe)
2012/12/01 16:35:38 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49435, Process: iexplore.exe)
2012/12/01 16:35:38 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49436, Process: iexplore.exe)
2012/12/01 16:35:38 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49437, Process: iexplore.exe)
2012/12/01 16:35:46 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49460, Process: iexplore.exe)
2012/12/01 16:35:46 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49459, Process: iexplore.exe)
2012/12/01 16:35:46 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49461, Process: iexplore.exe)
2012/12/01 16:37:16 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49469, Process: iexplore.exe)
2012/12/01 16:37:16 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49470, Process: iexplore.exe)
2012/12/01 16:37:16 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49471, Process: iexplore.exe)
2012/12/01 16:37:41 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49495, Process: iexplore.exe)
2012/12/01 16:37:41 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49496, Process: iexplore.exe)
2012/12/01 16:37:41 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49497, Process: iexplore.exe)
2012/12/01 16:37:41 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49541, Process: iexplore.exe)
2012/12/01 16:37:41 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49542, Process: iexplore.exe)
2012/12/01 16:37:49 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49559, Process: iexplore.exe)
2012/12/01 16:37:49 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49560, Process: iexplore.exe)
2012/12/01 16:37:49 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49561, Process: iexplore.exe)
2012/12/01 16:37:57 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49622, Process: iexplore.exe)
2012/12/01 16:37:57 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49623, Process: iexplore.exe)
2012/12/01 16:37:57 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49624, Process: iexplore.exe)
2012/12/01 16:37:57 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49652, Process: iexplore.exe)
2012/12/01 16:37:57 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49653, Process: iexplore.exe)
2012/12/01 16:37:57 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49654, Process: iexplore.exe)
2012/12/01 16:37:57 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49655, Process: iexplore.exe)
2012/12/01 16:38:07 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49675, Process: iexplore.exe)
2012/12/01 16:38:07 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49674, Process: iexplore.exe)
2012/12/01 16:38:07 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49676, Process: iexplore.exe)
2012/12/01 16:38:07 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49677, Process: iexplore.exe)
2012/12/01 16:39:13 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49742, Process: iexplore.exe)
2012/12/01 16:39:13 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49743, Process: iexplore.exe)
2012/12/01 16:39:13 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49744, Process: iexplore.exe)
2012/12/01 16:39:13 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49769, Process: iexplore.exe)
2012/12/01 16:39:13 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49770, Process: iexplore.exe)
2012/12/01 16:39:13 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49771, Process: iexplore.exe)
2012/12/01 16:39:30 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49832, Process: iexplore.exe)
2012/12/01 16:39:30 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49834, Process: iexplore.exe)
2012/12/01 16:39:30 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49836, Process: iexplore.exe)
2012/12/01 16:39:38 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49853, Process: iexplore.exe)
2012/12/01 16:39:38 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49854, Process: iexplore.exe)
2012/12/01 16:39:38 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49855, Process: iexplore.exe)
2012/12/01 16:40:20 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49902, Process: iexplore.exe)
2012/12/01 16:40:20 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49903, Process: iexplore.exe)
2012/12/01 16:40:20 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49904, Process: iexplore.exe)
2012/12/01 16:40:28 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49933, Process: iexplore.exe)
2012/12/01 16:40:28 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49934, Process: iexplore.exe)
2012/12/01 16:40:28 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49935, Process: iexplore.exe)
2012/12/01 16:41:34 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49974, Process: iexplore.exe)
2012/12/01 16:41:34 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49975, Process: iexplore.exe)
2012/12/01 16:41:34 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49976, Process: iexplore.exe)
2012/12/01 16:41:34 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 49999, Process: iexplore.exe)
2012/12/01 16:41:34 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50000, Process: iexplore.exe)
2012/12/01 16:41:34 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50001, Process: iexplore.exe)
2012/12/01 16:42:15 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50043, Process: iexplore.exe)
2012/12/01 16:42:15 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50044, Process: iexplore.exe)
2012/12/01 16:42:15 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50045, Process: iexplore.exe)
2012/12/01 16:42:15 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50064, Process: iexplore.exe)
2012/12/01 16:42:15 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50065, Process: iexplore.exe)
2012/12/01 16:42:15 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50066, Process: iexplore.exe)
2012/12/01 16:42:23 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50087, Process: iexplore.exe)
2012/12/01 16:42:23 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50088, Process: iexplore.exe)
2012/12/01 16:42:23 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50089, Process: iexplore.exe)
2012/12/01 16:42:23 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50110, Process: iexplore.exe)
2012/12/01 16:42:23 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50111, Process: iexplore.exe)
2012/12/01 16:42:23 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50112, Process: iexplore.exe)
2012/12/01 16:42:32 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50157, Process: iexplore.exe)
2012/12/01 16:42:32 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50158, Process: iexplore.exe)
2012/12/01 16:42:32 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50159, Process: iexplore.exe)
2012/12/01 16:42:32 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50173, Process: iexplore.exe)
2012/12/01 16:42:32 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50174, Process: iexplore.exe)
2012/12/01 16:42:32 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50175, Process: iexplore.exe)
2012/12/01 16:44:35 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50205, Process: iexplore.exe)
2012/12/01 16:44:35 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50206, Process: iexplore.exe)
2012/12/01 16:44:35 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50207, Process: iexplore.exe)
2012/12/01 16:44:43 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50239, Process: iexplore.exe)
2012/12/01 16:44:43 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50240, Process: iexplore.exe)
2012/12/01 16:44:43 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50241, Process: iexplore.exe)
2012/12/01 16:45:08 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50279, Process: iexplore.exe)
2012/12/01 16:45:08 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50280, Process: iexplore.exe)
2012/12/01 16:45:08 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50281, Process: iexplore.exe)
2012/12/01 16:45:08 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50297, Process: iexplore.exe)
2012/12/01 16:45:08 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50300, Process: iexplore.exe)
2012/12/01 16:45:08 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50303, Process: iexplore.exe)
2012/12/01 16:47:18 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50330, Process: iexplore.exe)
2012/12/01 16:47:18 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50331, Process: iexplore.exe)
2012/12/01 16:47:18 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50332, Process: iexplore.exe)
2012/12/01 16:47:18 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50374, Process: iexplore.exe)
2012/12/01 16:47:18 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50375, Process: iexplore.exe)
2012/12/01 16:47:18 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50376, Process: iexplore.exe)
2012/12/01 16:50:07 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50413, Process: iexplore.exe)
2012/12/01 16:50:07 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50414, Process: iexplore.exe)
2012/12/01 16:50:07 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50415, Process: iexplore.exe)
2012/12/01 16:50:07 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50450, Process: iexplore.exe)
2012/12/01 16:50:07 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50451, Process: iexplore.exe)
2012/12/01 16:50:07 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50452, Process: iexplore.exe)
2012/12/01 16:50:07 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50453, Process: iexplore.exe)
2012/12/01 16:50:15 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50482, Process: iexplore.exe)
2012/12/01 16:50:15 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50481, Process: iexplore.exe)
2012/12/01 16:50:15 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50483, Process: iexplore.exe)
2012/12/01 16:50:15 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50484, Process: iexplore.exe)
2012/12/01 16:50:15 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50495, Process: iexplore.exe)
2012/12/01 16:50:15 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50496, Process: iexplore.exe)
2012/12/01 16:50:15 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50497, Process: iexplore.exe)
2012/12/01 16:50:56 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50521, Process: iexplore.exe)
2012/12/01 16:50:56 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50520, Process: iexplore.exe)
2012/12/01 16:50:56 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50522, Process: iexplore.exe)
2012/12/01 16:50:56 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50523, Process: iexplore.exe)
2012/12/01 16:50:56 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50538, Process: iexplore.exe)
2012/12/01 16:50:56 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50539, Process: iexplore.exe)
2012/12/01 16:50:56 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50540, Process: iexplore.exe)
2012/12/01 16:51:20 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50565, Process: iexplore.exe)
2012/12/01 16:51:20 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50566, Process: iexplore.exe)
2012/12/01 16:51:20 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50567, Process: iexplore.exe)
2012/12/01 16:51:20 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50568, Process: iexplore.exe)
2012/12/01 16:51:20 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50592, Process: iexplore.exe)
2012/12/01 16:51:20 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50593, Process: iexplore.exe)
2012/12/01 16:51:20 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50594, Process: iexplore.exe)
2012/12/01 16:51:28 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50649, Process: iexplore.exe)
2012/12/01 16:51:28 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50650, Process: iexplore.exe)
2012/12/01 16:51:28 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50648, Process: iexplore.exe)
2012/12/01 16:52:01 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50673, Process: iexplore.exe)
2012/12/01 16:52:01 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50674, Process: iexplore.exe)
2012/12/01 16:52:01 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50675, Process: iexplore.exe)
2012/12/01 16:52:09 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50694, Process: iexplore.exe)
2012/12/01 16:52:09 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50696, Process: iexplore.exe)
2012/12/01 16:52:09 GMTBEN-LAPTOPBenIP-BLOCK217.23.15.126 (Type: outgoing, Port: 50698, Process: iexplore.exe)
2012/12/01 16:52:13 GMTBEN-LAPTOPBenMESSAGEStopping IP protection
2012/12/01 16:52:13 GMTBEN-LAPTOPBenMESSAGEIP Protection stopped successfully
2012/12/01 16:52:28 GMTBEN-LAPTOPBenMESSAGEProtection stopped
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Ben at 17:28:05 on 2012-12-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2811.1380 [GMT 0:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Users\Ben\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Users\Ben\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5551&r=27361210w115l0434z1k5t4632k54q
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5551&r=27361210w115l0434z1k5t4632k54q
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2237919F-D6ED-498A-82C9-49B63A8DE1BD} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AA5AF962-8B4F-4618-A3CA-48EBEE1F4739} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{AA5AF962-8B4F-4618-A3CA-48EBEE1F4739}\2445F40756E6A7F6E656 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{AA5AF962-8B4F-4618-A3CA-48EBEE1F4739}\47865686966756 : DHCPNameServer = 192.168.0.1
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5551&r=27361210w115l0434z1k5t4632k54q
x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5551&r=27361210w115l0434z1k5t4632k54q
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
Hosts: 217.23.15.126 www.google.com.
Hosts: 217.23.15.126 google.com.
Hosts: 217.23.15.126 google.com.au.
Hosts: 217.23.15.126 www.google.com.au.
Hosts: 217.23.15.126 google.be.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-8-8 27760]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-5 202752]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-8-8 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-8-8 110032]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-8-8 98848]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-5 321064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-30 25928]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-6-1 38456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-5 239136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-10 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
.
=============== Created Last 30 ================
.
2012-12-01 16:28:15--------d-----w-C:\Users\Ben\AppData\Roaming\SUPERAntiSpyware.com
2012-12-01 16:28:06--------d-----w-C:\ProgramData\SUPERAntiSpyware.com
2012-12-01 16:28:06--------d-----w-C:\Program Files\SUPERAntiSpyware
2012-12-01 08:22:20163056----a-w-C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-12-01 08:16:122560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-12-01 08:16:10785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
2012-12-01 08:16:1054376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
2012-12-01 08:16:099728----a-w-C:\Windows\System32\Wdfres.dll
2012-12-01 07:41:0887040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
2012-12-01 07:41:08198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
2012-12-01 07:41:0484992----a-w-C:\Windows\System32\WUDFSvc.dll
2012-12-01 07:41:04194048----a-w-C:\Windows\System32\WUDFPlatform.dll
2012-12-01 07:40:57744448----a-w-C:\Windows\System32\WUDFx.dll
2012-12-01 07:40:5745056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
2012-12-01 07:40:57229888----a-w-C:\Windows\System32\WUDFHost.exe
2012-12-01 00:46:5576232----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F17B13FB-DEFC-4F77-9B9A-FA2CD3278C0A}\offreg.dll
2012-12-01 00:33:21--------d-----w-C:\Program Files (x86)\DownloadManager
2012-12-01 00:12:2695208----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-30 21:25:3033240----a-w-C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-11-30 21:23:42--------d-----w-C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-30 21:23:42--------d-----w-C:\Program Files\iTunes
2012-11-30 21:23:42--------d-----w-C:\Program Files\iPod
2012-11-30 21:23:42--------d-----w-C:\Program Files (x86)\iTunes
2012-11-30 21:22:11--------d-----w-C:\Users\Ben\AppData\Roaming\Malwarebytes
2012-11-30 21:21:56--------d-----w-C:\ProgramData\Malwarebytes
2012-11-30 21:21:5125928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-11-30 21:21:51--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-30 21:14:31159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-30 21:14:31159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-30 21:14:31159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-30 21:14:30159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-30 21:14:30159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-30 21:14:30159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-30 21:14:30159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-11-30 20:26:061659760----a-w-C:\Windows\System32\drivers\ntfs.sys
2012-11-30 20:26:0255296----a-w-C:\Windows\System32\dhcpcsvc6.dll
2012-11-30 20:26:0244032----a-w-C:\Windows\SysWow64\dhcpcsvc6.dll
2012-11-30 20:26:02226816----a-w-C:\Windows\System32\dhcpcore6.dll
2012-11-30 20:26:02193536----a-w-C:\Windows\SysWow64\dhcpcore6.dll
2012-11-30 20:24:59574464----a-w-C:\Windows\System32\d3d10level9.dll
2012-11-30 20:23:57245760----a-w-C:\Windows\System32\OxpsConverter.exe
2012-11-30 20:23:42715776----a-w-C:\Windows\System32\kerberos.dll
2012-11-30 20:23:41542208----a-w-C:\Windows\SysWow64\kerberos.dll
2012-11-30 20:23:0395744----a-w-C:\Windows\System32\synceng.dll
2012-11-30 20:23:0278336----a-w-C:\Windows\SysWow64\synceng.dll
2012-11-30 20:22:3659392----a-w-C:\Windows\System32\browcli.dll
2012-11-30 20:22:3641984----a-w-C:\Windows\SysWow64\browcli.dll
2012-11-30 20:22:36136704----a-w-C:\Windows\System32\browser.dll
2012-11-30 20:22:26503808----a-w-C:\Windows\System32\srcore.dll
2012-11-30 20:22:2543008----a-w-C:\Windows\SysWow64\srclient.dll
2012-11-30 20:22:09956928----a-w-C:\Windows\System32\localspl.dll
2012-11-30 20:22:01751104----a-w-C:\Windows\System32\win32spl.dll
2012-11-30 20:22:0067072----a-w-C:\Windows\splwow64.exe
2012-11-30 20:22:00559104----a-w-C:\Windows\System32\spoolsv.exe
2012-11-30 20:22:00492032----a-w-C:\Windows\SysWow64\win32spl.dll
2012-11-30 20:18:151464320----a-w-C:\Windows\System32\crypt32.dll
2012-11-30 20:18:141159680----a-w-C:\Windows\SysWow64\crypt32.dll
2012-11-30 20:18:13184320----a-w-C:\Windows\System32\cryptsvc.dll
2012-11-30 20:18:13140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
2012-11-30 20:18:13140288----a-w-C:\Windows\System32\cryptnet.dll
2012-11-30 20:18:13103936----a-w-C:\Windows\SysWow64\cryptnet.dll
2012-11-30 20:10:049125352----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F17B13FB-DEFC-4F77-9B9A-FA2CD3278C0A}\mpengine.dll
.
==================== Find3M ====================
.
2012-12-01 00:12:12821736----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2012-12-01 00:12:12746984----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-10-25 03:12:2694208----a-w-C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 03:12:2669632----a-w-C:\Windows\SysWow64\QuickTime.qts
2012-10-18 18:25:583149824----a-w-C:\Windows\System32\win32k.sys
2012-10-16 08:38:37135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52561664----a-w-C:\Windows\apppatch\AcLayers.dll
2012-10-08 11:31:032312704----a-w-C:\Windows\System32\jscript9.dll
2012-10-08 11:23:521392128----a-w-C:\Windows\System32\wininet.dll
2012-10-08 11:22:551494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35599040----a-w-C:\Windows\System32\vbscript.dll
2012-10-08 11:13:332382848----a-w-C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:241800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:031129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:441427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21420864----a-w-C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:562382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:541914248----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:2170656----a-w-C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21303104----a-w-C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17246272----a-w-C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:1718944----a-w-C:\Windows\System32\netevent.dll
2012-10-03 17:44:16216576----a-w-C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16569344----a-w-C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:2418944----a-w-C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24175104----a-w-C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23156672----a-w-C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:2645568----a-w-C:\Windows\System32\drivers\tcpipreg.sys
2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 17:30:20.03 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 25/12/2010 09:19:21
System Uptime: 01/12/2012 17:03:27 (0 hours ago)
.
Motherboard: Acer | | Aspire 5551
Processor: AMD Athlon(tm) II P320 Dual-Core Processor | Socket S1G4 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 155.612 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP63: 14/07/2012 15:50:31 - Windows Update
RP64: 08/08/2012 14:35:34 - Windows Update
RP65: 08/08/2012 14:42:23 - Removed Norton Online Backup
RP66: 08/08/2012 15:08:16 - Removed Safari
RP67: 08/08/2012 15:20:03 - Removed Ad-Aware
RP68: 08/08/2012 15:43:46 - Removed MyWinLocker Suite
RP69: 08/08/2012 15:49:01 - Installed Java(TM) 7 Update 5
RP70: 08/08/2012 15:50:33 - Installed JavaFX 2.1.1
RP71: 09/08/2012 12:08:33 - Windows Update
RP72: 30/11/2012 20:08:14 - Windows Update
RP73: 01/12/2012 00:10:36 - Installed Java 7 Update 9
RP74: 01/12/2012 07:32:12 - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 217.23.15.126 www.google.com.
Hosts: 217.23.15.126 google.com.
Hosts: 217.23.15.126 google.com.au.
Hosts: 217.23.15.126 www.google.com.au.
Hosts: 217.23.15.126 google.be.
Hosts: 217.23.15.126 www.google.be.
Hosts: 217.23.15.126 google.com.br.
Hosts: 217.23.15.126 www.google.com.br.
Hosts: 217.23.15.126 google.ca.
Hosts: 217.23.15.126 www.google.ca.
Hosts: 217.23.15.126 google.ch.
Hosts: 217.23.15.126 www.google.ch.
Hosts: 217.23.15.126 google.de.
Hosts: 217.23.15.126 www.google.de.
Hosts: 217.23.15.126 google.dk.
Hosts: 217.23.15.126 www.google.dk.
Hosts: 217.23.15.126 google.fr.
Hosts: 217.23.15.126 www.google.fr.
Hosts: 217.23.15.126 google.ie.
Hosts: 217.23.15.126 www.google.ie.
Hosts: 217.23.15.126 google.it.
Hosts: 217.23.15.126 www.google.it.
Hosts: 217.23.15.126 google.co.jp.
Hosts: 217.23.15.126 www.google.co.jp.
Hosts: 217.23.15.126 google.nl.
Hosts: 217.23.15.126 www.google.nl.
Hosts: 217.23.15.126 google.no.
Hosts: 217.23.15.126 www.google.no.
Hosts: 217.23.15.126 google.co.nz.
Hosts: 217.23.15.126 www.google.co.nz.
Hosts: 217.23.15.126 google.pl.
Hosts: 217.23.15.126 www.google.pl.
Hosts: 217.23.15.126 google.se.
Hosts: 217.23.15.126 www.google.se.
Hosts: 217.23.15.126 google.co.uk.
Hosts: 217.23.15.126 www.google.co.uk.
Hosts: 217.23.15.126 google.co.za.
Hosts: 217.23.15.126 www.google.co.za.
Hosts: 217.23.15.126 www.google-analytics.com.
Hosts: 217.23.15.126 www.bing.com.
Hosts: 217.23.15.126 search.yahoo.com.
Hosts: 217.23.15.126 www.search.yahoo.com.
Hosts: 217.23.15.126 uk.search.yahoo.com.
Hosts: 217.23.15.126 ca.search.yahoo.com.
Hosts: 217.23.15.126 de.search.yahoo.com.
Hosts: 217.23.15.126 fr.search.yahoo.com.
Hosts: 217.23.15.126 au.search.yahoo.com.
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader 9.1 MUI
Adobe Shockwave Player 11.6
Amazonia
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Avira Free Antivirus
Backup Manager Basic
Bonjour
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chicken Invaders 2
CyberLink PowerDVD 9
Dream Day First Home
eBay Worldwide
eSobi v2
Farm Frenzy 2
Galapago
Google Chrome
Granny In Paradise
Heroes of Hellas
iCloud
Identity Card
iTunes
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.1
JDownloader 0.9
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MobileMe Control Panel
MSVCRT
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
QuickTime
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Registry Mechanic 10.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Spin & Win
Spybot - Search & Destroy
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== End Of File ===========================
 
# AdwCleaner v2.010 - Logfile created 12/01/2012 at 17:34:43
# Updated 29/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ben - BEN-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Ben\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2941 octets] - [01/12/2012 16:59:28]
AdwCleaner[R2].txt - [3001 octets] - [01/12/2012 16:59:57]
AdwCleaner[R3].txt - [774 octets] - [01/12/2012 17:34:43]
AdwCleaner[S1].txt - [2836 octets] - [01/12/2012 17:01:18]

########## EOF - C:\AdwCleaner[R3].txt - [893 octets] ##########
 
This is the one that opened after the computer restarted:

# AdwCleaner v2.010 - Logfile created 12/01/2012 at 17:36:26
# Updated 29/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ben - BEN-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Ben\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2941 octets] - [01/12/2012 16:59:28]
AdwCleaner[R2].txt - [3001 octets] - [01/12/2012 16:59:57]
AdwCleaner[R3].txt - [961 octets] - [01/12/2012 17:34:43]
AdwCleaner[S1].txt - [2836 octets] - [01/12/2012 17:01:18]
AdwCleaner[S2].txt - [893 octets] - [01/12/2012 17:36:26]

########## EOF - C:\AdwCleaner[S2].txt - [952 octets] ##########
 
Cool.

ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
ComboFix 12-12-02.01 - Ben 02/12/2012 21:06:34.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2811.1760 [GMT 0:00]
Running from: c:\users\Ben\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\delfile.tmp
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\gid.exe
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\snl2w.drv
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\std.dll
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\std.tmp
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))
.
.
2012-12-02 21:17 . 2012-12-02 21:17--------d-----w-c:\users\Default\AppData\Local\temp
2012-12-01 16:28 . 2012-12-01 16:28--------d-----w-c:\users\Ben\AppData\Roaming\SUPERAntiSpyware.com
2012-12-01 16:28 . 2012-12-01 16:28--------d-----w-c:\program files\SUPERAntiSpyware
2012-12-01 16:28 . 2012-12-01 16:28--------d-----w-c:\programdata\SUPERAntiSpyware.com
2012-12-01 08:22 . 2012-12-01 08:22163056----a-w-c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-12-01 08:16 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-12-01 08:16 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
2012-12-01 08:16 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
2012-12-01 08:16 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
2012-12-01 07:41 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
2012-12-01 07:41 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
2012-12-01 07:41 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
2012-12-01 07:41 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
2012-12-01 07:40 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
2012-12-01 07:40 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
2012-12-01 07:40 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
2012-12-01 00:46 . 2012-12-01 00:4676232----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{F17B13FB-DEFC-4F77-9B9A-FA2CD3278C0A}\offreg.dll
2012-12-01 00:33 . 2012-12-01 08:34--------d-----w-c:\program files (x86)\DownloadManager
2012-12-01 00:13 . 2012-12-01 00:13--------d-----w-c:\program files (x86)\Common Files\Java
2012-12-01 00:12 . 2012-12-01 00:1295208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-30 21:25 . 2012-08-21 13:0133240----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-30 21:23 . 2012-11-30 21:25--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-30 21:23 . 2012-11-30 21:25--------d-----w-c:\program files\iTunes
2012-11-30 21:23 . 2012-11-30 21:25--------d-----w-c:\program files (x86)\iTunes
2012-11-30 21:23 . 2012-11-30 21:23--------d-----w-c:\program files\iPod
2012-11-30 21:22 . 2012-11-30 21:22--------d-----w-c:\users\Ben\AppData\Roaming\Malwarebytes
2012-11-30 21:21 . 2012-11-30 21:21--------d-----w-c:\programdata\Malwarebytes
2012-11-30 21:21 . 2012-12-01 16:52--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-30 21:21 . 2012-09-29 19:5425928----a-w-c:\windows\system32\drivers\mbam.sys
2012-11-30 21:14 . 2012-11-30 21:14159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-30 21:14 . 2012-11-30 21:14159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-30 21:14 . 2012-11-30 21:14159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-30 21:14 . 2012-11-30 21:14159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-30 21:14 . 2012-11-30 21:14159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-30 21:14 . 2012-11-30 21:14159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-30 21:14 . 2012-11-30 21:14159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-11-30 21:13 . 2012-11-30 21:14--------d-----w-c:\program files (x86)\QuickTime
2012-11-30 20:26 . 2012-08-31 18:191659760----a-w-c:\windows\system32\drivers\ntfs.sys
2012-11-30 20:26 . 2012-10-09 18:1755296----a-w-c:\windows\system32\dhcpcsvc6.dll
2012-11-30 20:26 . 2012-10-09 18:17226816----a-w-c:\windows\system32\dhcpcore6.dll
2012-11-30 20:26 . 2012-10-09 17:4044032----a-w-c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-30 20:26 . 2012-10-09 17:40193536----a-w-c:\windows\SysWow64\dhcpcore6.dll
2012-11-30 20:24 . 2012-08-02 17:58574464----a-w-c:\windows\system32\d3d10level9.dll
2012-11-30 20:23 . 2012-08-21 21:01245760----a-w-c:\windows\system32\OxpsConverter.exe
2012-11-30 20:23 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
2012-11-30 20:23 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
2012-11-30 20:23 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
2012-11-30 20:23 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
2012-11-30 20:22 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
2012-11-30 20:22 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
2012-11-30 20:22 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
2012-11-30 20:22 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
2012-11-30 20:22 . 2012-05-05 08:36503808----a-w-c:\windows\system32\srcore.dll
2012-11-30 20:22 . 2012-05-05 07:4643008----a-w-c:\windows\SysWow64\srclient.dll
2012-11-30 20:22 . 2012-05-14 05:26956928----a-w-c:\windows\system32\localspl.dll
2012-11-30 20:22 . 2012-02-11 06:43751104----a-w-c:\windows\system32\win32spl.dll
2012-11-30 20:22 . 2012-02-11 06:36559104----a-w-c:\windows\system32\spoolsv.exe
2012-11-30 20:22 . 2012-02-11 06:3667072----a-w-c:\windows\splwow64.exe
2012-11-30 20:22 . 2012-02-11 05:43492032----a-w-c:\windows\SysWow64\win32spl.dll
2012-11-30 20:18 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
2012-11-30 20:18 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
2012-11-30 20:18 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
2012-11-30 20:18 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
2012-11-30 20:18 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
2012-11-30 20:18 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
2012-11-30 20:10 . 2012-11-19 01:019125352----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{F17B13FB-DEFC-4F77-9B9A-FA2CD3278C0A}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-01 00:12 . 2012-08-08 14:50746984----a-w-c:\windows\SysWow64\deployJava1.dll
2012-12-01 00:12 . 2012-08-08 14:50821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
2012-10-29 21:04 . 2011-12-26 21:1066395536----a-w-c:\windows\system32\MRT.exe
2012-10-25 03:12 . 2012-10-25 03:1294208----a-w-c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 03:12 . 2012-10-25 03:1269632----a-w-c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-30 20:22135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-30 20:22350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-30 20:22561664----a-w-c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-29 98304]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-11 348664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-02-08 239136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-29 202752]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-08-11 86224]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-04-23 867360]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-03-20 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1854881093-1891650897-3381262075-1000Core.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-08 14:02]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1854881093-1891650897-3381262075-1000UA.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-08 14:02]
.
2012-12-02 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2011-08-20 09:02]
.
2012-12-02 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 1611a78d-bbca-4470-aecd-cac6d2be45e3.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-12-01 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 36f5f7c3-bd92-47fb-96ab-5d146151f58c.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-04-23 861216]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5551&r=27361210w115l0434z1k5t4632k54q
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5551&r=27361210w115l0434z1k5t4632k54q
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-02 21:20:59
ComboFix-quarantined-files.txt 2012-12-02 21:20
.
Pre-Run: 165,752,238,080 bytes free
Post-Run: 165,486,837,760 bytes free
.
- - End Of File - - DFDAE7229F1859011A4B8DBEB17B787D
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Ben at 20:23:36 on 2012-12-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2811.1553 [GMT 0:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5551&r=27361210w115l0434z1k5t4632k54q
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5551&r=27361210w115l0434z1k5t4632k54q
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2237919F-D6ED-498A-82C9-49B63A8DE1BD} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AA5AF962-8B4F-4618-A3CA-48EBEE1F4739} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{AA5AF962-8B4F-4618-A3CA-48EBEE1F4739}\2445F40756E6A7F6E656 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{AA5AF962-8B4F-4618-A3CA-48EBEE1F4739}\47865686966756 : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5551&r=27361210w115l0434z1k5t4632k54q
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-8-8 27760]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-5 202752]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-8-8 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-8-8 110032]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-8-8 98848]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-5-5 312400]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-6-1 867360]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-30 399432]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-6 144640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-8-20 632792]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-19 1153368]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-5-5 243232]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-5 321064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-30 25928]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-6-1 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-30 676936]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-6 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-5 239136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-10 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-27 1255736]
.
=============== Created Last 30 ================
.
2012-12-03 07:12:02--------d-sh--w-C:\$RECYCLE.BIN
2012-12-02 21:04:1098816----a-w-C:\Windows\sed.exe
2012-12-02 21:04:10256000----a-w-C:\Windows\PEV.exe
2012-12-02 21:04:10208896----a-w-C:\Windows\MBR.exe
2012-12-01 16:28:15--------d-----w-C:\Users\Ben\AppData\Roaming\SUPERAntiSpyware.com
2012-12-01 16:28:06--------d-----w-C:\ProgramData\SUPERAntiSpyware.com
2012-12-01 16:28:06--------d-----w-C:\Program Files\SUPERAntiSpyware
2012-12-01 08:22:20163056----a-w-C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-12-01 08:16:122560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-12-01 08:16:10785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
2012-12-01 08:16:1054376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
2012-12-01 08:16:099728----a-w-C:\Windows\System32\Wdfres.dll
2012-12-01 07:41:0887040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
2012-12-01 07:41:08198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
2012-12-01 07:41:0484992----a-w-C:\Windows\System32\WUDFSvc.dll
2012-12-01 07:41:04194048----a-w-C:\Windows\System32\WUDFPlatform.dll
2012-12-01 07:40:57744448----a-w-C:\Windows\System32\WUDFx.dll
2012-12-01 07:40:5745056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
2012-12-01 07:40:57229888----a-w-C:\Windows\System32\WUDFHost.exe
2012-12-01 00:46:5576232----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F17B13FB-DEFC-4F77-9B9A-FA2CD3278C0A}\offreg.dll
2012-12-01 00:33:21--------d-----w-C:\Program Files (x86)\DownloadManager
2012-12-01 00:12:2695208----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-30 21:25:3033240----a-w-C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-11-30 21:23:42--------d-----w-C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-30 21:23:42--------d-----w-C:\Program Files\iTunes
2012-11-30 21:23:42--------d-----w-C:\Program Files\iPod
2012-11-30 21:23:42--------d-----w-C:\Program Files (x86)\iTunes
2012-11-30 21:22:11--------d-----w-C:\Users\Ben\AppData\Roaming\Malwarebytes
2012-11-30 21:21:56--------d-----w-C:\ProgramData\Malwarebytes
2012-11-30 21:21:5125928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-11-30 21:21:51--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-30 21:14:31159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-30 21:14:31159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-30 21:14:31159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-30 21:14:30159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-30 21:14:30159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-30 21:14:30159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-30 21:14:30159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-11-30 20:26:061659760----a-w-C:\Windows\System32\drivers\ntfs.sys
2012-11-30 20:26:0255296----a-w-C:\Windows\System32\dhcpcsvc6.dll
2012-11-30 20:26:0244032----a-w-C:\Windows\SysWow64\dhcpcsvc6.dll
2012-11-30 20:26:02226816----a-w-C:\Windows\System32\dhcpcore6.dll
2012-11-30 20:26:02193536----a-w-C:\Windows\SysWow64\dhcpcore6.dll
2012-11-30 20:24:59574464----a-w-C:\Windows\System32\d3d10level9.dll
2012-11-30 20:23:57245760----a-w-C:\Windows\System32\OxpsConverter.exe
2012-11-30 20:23:42715776----a-w-C:\Windows\System32\kerberos.dll
2012-11-30 20:23:41542208----a-w-C:\Windows\SysWow64\kerberos.dll
2012-11-30 20:23:0395744----a-w-C:\Windows\System32\synceng.dll
2012-11-30 20:23:0278336----a-w-C:\Windows\SysWow64\synceng.dll
2012-11-30 20:22:3659392----a-w-C:\Windows\System32\browcli.dll
2012-11-30 20:22:3641984----a-w-C:\Windows\SysWow64\browcli.dll
2012-11-30 20:22:36136704----a-w-C:\Windows\System32\browser.dll
2012-11-30 20:22:26503808----a-w-C:\Windows\System32\srcore.dll
2012-11-30 20:22:2543008----a-w-C:\Windows\SysWow64\srclient.dll
2012-11-30 20:22:09956928----a-w-C:\Windows\System32\localspl.dll
2012-11-30 20:22:01751104----a-w-C:\Windows\System32\win32spl.dll
2012-11-30 20:22:0067072----a-w-C:\Windows\splwow64.exe
2012-11-30 20:22:00559104----a-w-C:\Windows\System32\spoolsv.exe
2012-11-30 20:22:00492032----a-w-C:\Windows\SysWow64\win32spl.dll
2012-11-30 20:18:151464320----a-w-C:\Windows\System32\crypt32.dll
2012-11-30 20:18:141159680----a-w-C:\Windows\SysWow64\crypt32.dll
2012-11-30 20:18:13184320----a-w-C:\Windows\System32\cryptsvc.dll
2012-11-30 20:18:13140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
2012-11-30 20:18:13140288----a-w-C:\Windows\System32\cryptnet.dll
2012-11-30 20:18:13103936----a-w-C:\Windows\SysWow64\cryptnet.dll
2012-11-30 20:10:049125352----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F17B13FB-DEFC-4F77-9B9A-FA2CD3278C0A}\mpengine.dll
.
==================== Find3M ====================
.
2012-12-01 00:12:12821736----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2012-12-01 00:12:12746984----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-10-25 03:12:2694208----a-w-C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 03:12:2669632----a-w-C:\Windows\SysWow64\QuickTime.qts
2012-10-18 18:25:583149824----a-w-C:\Windows\System32\win32k.sys
2012-10-16 08:38:37135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52561664----a-w-C:\Windows\apppatch\AcLayers.dll
2012-10-08 11:31:032312704----a-w-C:\Windows\System32\jscript9.dll
2012-10-08 11:23:521392128----a-w-C:\Windows\System32\wininet.dll
2012-10-08 11:22:551494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35599040----a-w-C:\Windows\System32\vbscript.dll
2012-10-08 11:13:332382848----a-w-C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:241800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:031129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:441427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21420864----a-w-C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:562382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:541914248----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:2170656----a-w-C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21303104----a-w-C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17246272----a-w-C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:1718944----a-w-C:\Windows\System32\netevent.dll
2012-10-03 17:44:16216576----a-w-C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16569344----a-w-C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:2418944----a-w-C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24175104----a-w-C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23156672----a-w-C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:2645568----a-w-C:\Windows\System32\drivers\tcpipreg.sys
2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 20:26:37.94 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 25/12/2010 09:19:21
System Uptime: 03/12/2012 20:19:26 (0 hours ago)
.
Motherboard: Acer | | Aspire 5551
Processor: AMD Athlon(tm) II P320 Dual-Core Processor | Socket S1G4 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 154.184 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP63: 14/07/2012 15:50:31 - Windows Update
RP64: 08/08/2012 14:35:34 - Windows Update
RP65: 08/08/2012 14:42:23 - Removed Norton Online Backup
RP66: 08/08/2012 15:08:16 - Removed Safari
RP67: 08/08/2012 15:20:03 - Removed Ad-Aware
RP68: 08/08/2012 15:43:46 - Removed MyWinLocker Suite
RP69: 08/08/2012 15:49:01 - Installed Java(TM) 7 Update 5
RP70: 08/08/2012 15:50:33 - Installed JavaFX 2.1.1
RP71: 09/08/2012 12:08:33 - Windows Update
RP72: 30/11/2012 20:08:14 - Windows Update
RP73: 01/12/2012 00:10:36 - Installed Java 7 Update 9
RP74: 01/12/2012 07:32:12 - Windows Update
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader 9.1 MUI
Adobe Shockwave Player 11.6
Amazonia
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Avira Free Antivirus
Backup Manager Basic
Bonjour
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chicken Invaders 2
CyberLink PowerDVD 9
Dream Day First Home
eBay Worldwide
eSobi v2
Farm Frenzy 2
Galapago
Google Chrome
Granny In Paradise
Heroes of Hellas
iCloud
Identity Card
iTunes
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.1
JDownloader 0.9
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MobileMe Control Panel
MSVCRT
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
QuickTime
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Registry Mechanic 10.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Spin & Win
Spybot - Search & Destroy
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
30/11/2012 23:54:52, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.
30/11/2012 21:18:48, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
30/11/2012 21:17:20, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
30/11/2012 16:47:31, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
30/11/2012 16:47:31, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The pipe has been ended.
30/11/2012 16:47:31, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
30/11/2012 16:47:18, Error: Service Control Manager [7023] - The Server service terminated with the following error: A specified authentication package is unknown.
30/11/2012 16:47:10, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
30/11/2012 16:31:26, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
30/11/2012 16:31:11, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
30/11/2012 16:31:11, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03/12/2012 20:19:49, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126
03/12/2012 17:32:40, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
02/12/2012 21:17:07, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
02/12/2012 21:16:05, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
02/12/2012 17:58:22, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
01/12/2012 17:41:22, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================
 
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.
 
Hi, this is the only thing that came up. I clicked on the uninstall thing:

C:\Users\Ben\Downloads\DownloadManagerSetup.exea variant of Win32/InstallCore.AZ application

There are no other problems with computer just can't search for anything on search engines.
 
Sorry the search engines appear to be working now! I can now access google. Thank you so much for your help.
 
Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive I.e. C
  • For a few moments the system will make some calculations:
    diskcleanup1.png
  • Select the More Options tab
    moreoptions.png
  • In the System Restore and Shadow Backups select Clean up
    moreoptions2.png
  • Select Delete on the pop up
  • Select OK
  • Select Delete
Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

  • Double-click the CCleaner shortcut on the desktop to start the program.
  • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
  • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
  • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
Status
Not open for further replies.
Back