Hi,
I'm running Windows 7, and I seem to have been infected by the MoneyPak virus. Upon startup, I get a fullscreen message that I can't resize, telling me to send money somewhere through MoneyPak. My original administrator account is basically unusable, but I managed to get to the safe mode command prompt and create a new administrator, from which I deleted the startup entry created by the virus, but I don't know where to go from there. I've run MalwareBytes Anti-Malware and DDS as the new administrator, and am posting the results. For reference, the new admin I created is named "iiii".
Any help would be appreciated, thanks.
Here is the log from the MalwareBytes quick scan:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.08.13.05
Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
iiii :: LEIKA [administrator]
8/14/2013 1:35:46 AM
mbam-log-2013-08-14 (01-35-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240438
Time elapsed: 6 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Here is DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Run by iiii at 17:22:09 on 2013-08-14
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\BisonCam\BsMnt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BsMnt] c:\windows\bisoncam\BsMnt.exe
mRun: [Google Japanese Input Prelauncher] "c:\program files\google\google japanese input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\windows\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{16AC8225-EC00-4C45-8E82-B872A9C8018C} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{361D00B7-897A-4844-B381-BE16946FC944} : NameServer = 8.8.8.8
TCP: Interfaces\{361D00B7-897A-4844-B381-BE16946FC944} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{361D00B7-897A-4844-B381-BE16946FC944}\36D61627765756C6 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{361D00B7-897A-4844-B381-BE16946FC944}\3786966716 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{361D00B7-897A-4844-B381-BE16946FC944}\3796D6F6E6 : NameServer = 8.8.8.8
TCP: Interfaces\{361D00B7-897A-4844-B381-BE16946FC944}\3796D6F6E6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{361D00B7-897A-4844-B381-BE16946FC944}\477616277683338383 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F504D8B7-E03A-423B-9565-1AF9130184D4} : NameServer = 10.198.220.124 202.126.40.5
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\iiii\appdata\roaming\mozilla\firefox\profiles\wtvfatd3.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
.
============= SERVICES / DRIVERS ===============
.
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? chromoting;Chrome Remote Desktop Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? ew_hwusbdev;Huawei MobileBroadband USB PNP Device
R? ewusbnet;HUAWEI USB-NDIS miniport
R? Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC
R? IAStorDataMgrSvc;Intel(R) Rapid Storage Technology
R? MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver
R? SwitchBoard;SwitchBoard
R? TabletServiceWacom;TabletServiceWacom
S? AirDisplay;Air Display Support
S? AirDisplayMirror;Air Display Mirror Support
S? ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver
S? GoogleIMEJaCacheService;Google Japanese Input Cache Service
S? huawei_enumerator;huawei_enumerator
S? HWDeviceService.exe;HWDeviceService.exe
S? MBAMSwissArmy;MBAMSwissArmy
S? netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit
S? nod32drv;nod32drv
S? NOD32krn;NOD32 Kernel Service
.
=============== Created Last 30 ================
.
2013-08-14 09:16:04 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-14 09:11:19 -------- d-----w- c:\users\iiii\appdata\local\Mozilla
2013-08-13 19:34:27 7143960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{15111f9d-3f88-4acb-844a-15a3ac935287}\mpengine.dll
2013-08-13 17:32:06 -------- d-----w- c:\users\iiii\appdata\roaming\Malwarebytes
2013-08-13 17:31:54 -------- d-----w- c:\programdata\Malwarebytes
2013-08-13 17:31:52 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-13 17:31:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-13 17:31:42 -------- d-----w- c:\users\iiii\appdata\local\Programs
2013-08-13 17:30:06 -------- d-----w- c:\users\iiii\appdata\roaming\Intel Corporation
2013-08-06 11:30:09 92056 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-08-06 11:29:59 640296 ----a-w- c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
2013-08-06 11:29:58 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-08-06 11:29:58 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2013-08-06 11:29:55 263576 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-08-06 11:29:54 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-08-06 11:29:54 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-08-06 10:49:19 13824 ----a-w- c:\windows\system32\slwga.dll
.
==================== Find3M ====================
.
2013-08-06 10:49:19 409088 ----a-w- c:\windows\system32\systemcplx86.dll
.
============= FINISH: 17:23:27.79 ===============
Lastly, here is attach.txt
.
==== Installed Programs ======================
.
µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 9.15 beta
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.4.5
Air Display Support
Anki
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec TrueSuite
Bonjour
CCleaner
CD-R KING OptiSlim 2400+
CDisplay 1.8
Chrome Remote Desktop Host
Combined Community Codec Pack 2009-09-09
Digsby
Emacs 23.1.50.1 and EmacsW32 1.58 (distribution ID: CvsP091103)
Facebook Video Calling 1.2.0.287
foobar2000 v1.1
Foxit Reader
GHC 6.12.3
Git version 1.7.6-preview20110708
Globe Tattoo Broadband
Go Programming Language 386 go1.0.1
Google ?????
Google Chrome
Google Drive
Google Earth
Google Talk Plugin
Google Update Helper
Google Updater
GTK2-Runtime
GUIOctave 1.6.0
HD Tune 2.55
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Integrated Camera
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
IntelliJ IDEA 12.0.1
iPhoneBrowser
iTunes
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 23
Java(TM) SE Development Kit 6 Update 21
Java(TM) SE Development Kit 6 Update 23
Launchy 2.5
Malwarebytes Anti-Malware version 1.75.0.1300
Mercurial 1.9
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Game Studio 3.1
Microsoft XNA Game Studio 3.1 (ARP entry)
Microsoft XNA Game Studio 3.1 (Platformer)
Microsoft XNA Game Studio 3.1 (Redists)
Microsoft XNA Game Studio 3.1 (Shared Components)
Microsoft XNA Game Studio 3.1 (VCSExpress)
Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
Microsoft XNA Game Studio 3.1 Documentation
Microsoft XNA Game Studio Platform Tools
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MiKTeX 2.8
MinGW-Get version 0.3-alpha-1
MotioninJoy ds3 driver version 0.5.0000
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
NOD32 antivirus system
NOD32 FiX v2.1
NUnit 2.5.8
Opera 12.16
PDF Settings CS5
QuickTime
Skype Toolbars
Skype™ 4.2
Speccy
Sublime Text 2.0.1
Sublime Text Build 3047
UltraStar 0.8.3
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Wacom Tablet
WebEx
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Media Player Firefox Plugin
XChat 2 (remove only)
YNAB 4 version 4.3.196
.
==== End Of File ===========================
I'm running Windows 7, and I seem to have been infected by the MoneyPak virus. Upon startup, I get a fullscreen message that I can't resize, telling me to send money somewhere through MoneyPak. My original administrator account is basically unusable, but I managed to get to the safe mode command prompt and create a new administrator, from which I deleted the startup entry created by the virus, but I don't know where to go from there. I've run MalwareBytes Anti-Malware and DDS as the new administrator, and am posting the results. For reference, the new admin I created is named "iiii".
Any help would be appreciated, thanks.
Here is the log from the MalwareBytes quick scan:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.08.13.05
Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
iiii :: LEIKA [administrator]
8/14/2013 1:35:46 AM
mbam-log-2013-08-14 (01-35-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240438
Time elapsed: 6 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Here is DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Run by iiii at 17:22:09 on 2013-08-14
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\BisonCam\BsMnt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BsMnt] c:\windows\bisoncam\BsMnt.exe
mRun: [Google Japanese Input Prelauncher] "c:\program files\google\google japanese input\GoogleIMEJaBroker32.exe" --mode=prelaunch_processes
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\windows\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{16AC8225-EC00-4C45-8E82-B872A9C8018C} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{361D00B7-897A-4844-B381-BE16946FC944} : NameServer = 8.8.8.8
TCP: Interfaces\{361D00B7-897A-4844-B381-BE16946FC944} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{361D00B7-897A-4844-B381-BE16946FC944}\36D61627765756C6 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{361D00B7-897A-4844-B381-BE16946FC944}\3786966716 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{361D00B7-897A-4844-B381-BE16946FC944}\3796D6F6E6 : NameServer = 8.8.8.8
TCP: Interfaces\{361D00B7-897A-4844-B381-BE16946FC944}\3796D6F6E6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{361D00B7-897A-4844-B381-BE16946FC944}\477616277683338383 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F504D8B7-E03A-423B-9565-1AF9130184D4} : NameServer = 10.198.220.124 202.126.40.5
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\iiii\appdata\roaming\mozilla\firefox\profiles\wtvfatd3.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
.
============= SERVICES / DRIVERS ===============
.
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? chromoting;Chrome Remote Desktop Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? ew_hwusbdev;Huawei MobileBroadband USB PNP Device
R? ewusbnet;HUAWEI USB-NDIS miniport
R? Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC
R? IAStorDataMgrSvc;Intel(R) Rapid Storage Technology
R? MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver
R? SwitchBoard;SwitchBoard
R? TabletServiceWacom;TabletServiceWacom
S? AirDisplay;Air Display Support
S? AirDisplayMirror;Air Display Mirror Support
S? ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver
S? GoogleIMEJaCacheService;Google Japanese Input Cache Service
S? huawei_enumerator;huawei_enumerator
S? HWDeviceService.exe;HWDeviceService.exe
S? MBAMSwissArmy;MBAMSwissArmy
S? netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit
S? nod32drv;nod32drv
S? NOD32krn;NOD32 Kernel Service
.
=============== Created Last 30 ================
.
2013-08-14 09:16:04 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-14 09:11:19 -------- d-----w- c:\users\iiii\appdata\local\Mozilla
2013-08-13 19:34:27 7143960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{15111f9d-3f88-4acb-844a-15a3ac935287}\mpengine.dll
2013-08-13 17:32:06 -------- d-----w- c:\users\iiii\appdata\roaming\Malwarebytes
2013-08-13 17:31:54 -------- d-----w- c:\programdata\Malwarebytes
2013-08-13 17:31:52 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-13 17:31:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-13 17:31:42 -------- d-----w- c:\users\iiii\appdata\local\Programs
2013-08-13 17:30:06 -------- d-----w- c:\users\iiii\appdata\roaming\Intel Corporation
2013-08-06 11:30:09 92056 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-08-06 11:29:59 640296 ----a-w- c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
2013-08-06 11:29:58 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-08-06 11:29:58 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2013-08-06 11:29:55 263576 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-08-06 11:29:54 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-08-06 11:29:54 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-08-06 10:49:19 13824 ----a-w- c:\windows\system32\slwga.dll
.
==================== Find3M ====================
.
2013-08-06 10:49:19 409088 ----a-w- c:\windows\system32\systemcplx86.dll
.
============= FINISH: 17:23:27.79 ===============
Lastly, here is attach.txt
.
==== Installed Programs ======================
.
µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 9.15 beta
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.4.5
Air Display Support
Anki
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec TrueSuite
Bonjour
CCleaner
CD-R KING OptiSlim 2400+
CDisplay 1.8
Chrome Remote Desktop Host
Combined Community Codec Pack 2009-09-09
Digsby
Emacs 23.1.50.1 and EmacsW32 1.58 (distribution ID: CvsP091103)
Facebook Video Calling 1.2.0.287
foobar2000 v1.1
Foxit Reader
GHC 6.12.3
Git version 1.7.6-preview20110708
Globe Tattoo Broadband
Go Programming Language 386 go1.0.1
Google ?????
Google Chrome
Google Drive
Google Earth
Google Talk Plugin
Google Update Helper
Google Updater
GTK2-Runtime
GUIOctave 1.6.0
HD Tune 2.55
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Integrated Camera
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
IntelliJ IDEA 12.0.1
iPhoneBrowser
iTunes
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 23
Java(TM) SE Development Kit 6 Update 21
Java(TM) SE Development Kit 6 Update 23
Launchy 2.5
Malwarebytes Anti-Malware version 1.75.0.1300
Mercurial 1.9
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Game Studio 3.1
Microsoft XNA Game Studio 3.1 (ARP entry)
Microsoft XNA Game Studio 3.1 (Platformer)
Microsoft XNA Game Studio 3.1 (Redists)
Microsoft XNA Game Studio 3.1 (Shared Components)
Microsoft XNA Game Studio 3.1 (VCSExpress)
Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
Microsoft XNA Game Studio 3.1 Documentation
Microsoft XNA Game Studio Platform Tools
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MiKTeX 2.8
MinGW-Get version 0.3-alpha-1
MotioninJoy ds3 driver version 0.5.0000
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
NOD32 antivirus system
NOD32 FiX v2.1
NUnit 2.5.8
Opera 12.16
PDF Settings CS5
QuickTime
Skype Toolbars
Skype™ 4.2
Speccy
Sublime Text 2.0.1
Sublime Text Build 3047
UltraStar 0.8.3
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Wacom Tablet
WebEx
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Media Player Firefox Plugin
XChat 2 (remove only)
YNAB 4 version 4.3.196
.
==== End Of File ===========================