Hi guys,
As per your instructions:
MBAM log
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.04.08
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Michael :: MICHAEL-PC [administrator]
5/12/2012 12:57:25 AM
mbam-log-2012-12-05 (00-57-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 277634
Time elapsed: 4 minute(s), 55 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Delete on reboot.
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 4
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,,C:\Users\Michael\AppData\Local\qjxavwgy\yppmgwpp.exe) Good: (userinit.exe) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Attach.txt log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 3/07/2009 3:40:54 AM
System Uptime: 5/12/2012 1:04:12 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0W497D
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | U2E1 | 2533/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 18.136 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 9.219 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0004
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #4
PNP Device ID: ROOT\*ISATAP\0004
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0007
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #7
PNP Device ID: ROOT\*ISATAP\0007
Service: tunnel
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description:
Device ID: ROOT\IMAGE\0001
Manufacturer: Creative Technology Ltd.
Name: Creative Live! Camera
PNP Device ID: ROOT\IMAGE\0001
Service:
.
==== System Restore Points ===================
.
RP423: 4/12/2012 1:11:22 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 4.65
A-PDF Restrictions Remover 1.6
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Advanced Audio FX Engine
Akamai NetSession Interface
Akamai NetSession Interface Service
Any Video Converter 3.1.8
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASDIP 4.1.0
ATI Catalyst Control Center
AVI ReComp 1.5.0
AviSynth 2.5
AVS Document Converter 2.0.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
AZImage 2.5.1.0
B-LINE for Windows
BadCopy Pro
Bigasoft iPod Transfer 1.5.15.4023
Bonjour
calibre
Canon MG6100 series MP Drivers
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 4.0
Canon Solution Menu EX
Canon Utilities Digital Photo Professional 3.11
Canon Utilities EOS Utility
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CanoScan LiDE 210 Scanner Driver
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCleaner
Choice Guard
Compatibility Pack for the 2007 Office system
COWON Media Center - jetAudio Basic
Crane Demo
dBpoweramp [Calculate Audio CRC] Codec
dBpoweramp Dalet Codec
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Mp2 and BwfMp2 codec
dBpoweramp mp3 (Fraunhofer IIS) Codec
dBpoweramp Ogg Vorbis Codec
dBpoweramp Real Audio (Helix) Encoder
dBPoweramp tooLame MP2 codec
dBpoweramp Wave64 Codec
dBpoweramp WavPack Codec
Dell DataSafe Online
Dell Dock
Dell Driver Download Manager
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Video Chat
Dell Webcam Central
Digital Photo Navigator 1.5
Document Express DjVu Plug-in
Driver Robot
Easy CD-DA Extractor 15
Easy CD-DA Extractor 2011
Everio MediaBrowser HD Edition
Exact Audio Copy 1.0beta3
FastAccess
FaxAmatic
FileZilla Client 3.5.3
FLOW-3D 10.0.1
foobar2000 v1.1.18
FormatFactory 2.60
Google Chrome
Google Update Helper
GoToAssist 8.0.0.514
HL-2270DW
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP-MPI 1.1
ImgBurn
ImTOO iPhone Transfer Platinum
Integrated Webcam Driver (1.06.03.0309)
Internet Download Manager
ISO Recorder
ITECIR Driver
iTunes
Java(TM) 6 Update 13
Junk Mail filter update
Learn Chinese 2008 6.1
Limcon V3
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.65.1.1000
Medieval CUE Splitter
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft HPC Pack 2008 R2 MS-MPI Redistributable Pack
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
Monkey's Audio
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Navman NavDesk 2008
NewsBin Pro
Nitro Pro 7
Nitro Pro 8
PowerDVD
PowerISO
QuickSet
QuickStores-Toolbar 1.1.0
QuickTime
Real Alternative 2.0.2
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Section Builder 8
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Sentinel Protection Installer 7.6.1
Sentinel System Driver
Sizer 3.34
Skins
Skype Toolbars
Skype™ 5.1
SolveigMM AVI Trimmer
Sound Blaster X-Fi MB
SumatraPDF
The KMPlayer (remove only)
TitanLM
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
tools-windows
Universal Document Converter (Demo)
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VBA (2720)
VietOCR3.NET
VIPRE Antivirus Premium
Visual C++ 2008 x86 Runtime - (v9.0.30729.4967)
Visual C++ 2008 x86 Runtime - v9.0.30729.4967
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 1.1.9
VMware Player
VMwarePlayer_x86
VobSub 2.23
Vodafone Mobile Connect Lite
WIDCOMM Bluetooth Software 6.2.0.6600
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Xilisoft Audio Maker
Xvid 1.2.2
.
==== End Of File ===========================
and dds log:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088
Run by Michael at 1:06:02 on 2012-12-05
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3036.1837 [GMT 8:00]
.
AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Sunbelt VIPRE *Enabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Sensible Vision\Fast Access\FASecFacX.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Sensible Vision\Fast Access\FAService.exe
C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\system32\vmnat.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/advanced_search?hl=en
mWinlogon: Userinit = userinit.exe,,c:\users\michael\appdata\local\qjxavwgy\yppmgwpp.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\program files\sensible vision\fast access\FAIESSO.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -
uRun: [Akamai NetSession Interface] "c:\users\michael\appdata\local\akamai\netsession_win.exe"
uRun: [YppMgwpp] c:\users\michael\appdata\local\qjxavwgy\yppmgwpp.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
mRun: [FAStartup] <no file>
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Download with ImTOO iPhone Transfer Platinum - c:\program files\imtoo\iphone transfer platinum\upod_link.HTM
IE: Download with iphone-transfer-platinum - c:\program files\imtoo\iphone transfer platinum\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
LSP: %windir%\system32\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: Interfaces\{5992EEE3-B44D-4DEE-B664-3E499B7C733F} : DHCPNameServer = 203.21.112.40 202.81.67.132
TCP: Interfaces\{75B2985B-3C72-42E1-B639-B6445B4415B4} : DHCPNameServer = 10.1.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: FastAccess - c:\program files\sensible vision\fast access\FALogNot.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
LSA: Notification Packages = scecli FAPassSync
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\e63092ix.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8f5b8c32-7fea-4664-8705-00fd9e15844d%7D&mid=c2e66f00971347d0aa85200f89d047d7-6fba2f3aa6da7b384e30f188008b11f5f811bdce&ds=st011&v=11.0.0.9&lang=en&pr=sa&d=2012-05-19%2001%3A42%3A28&sap=ku&q=
FF - component: c:\users\michael\appdata\roaming\idm\idmmzcc5\components\idmmzcc.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50826.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\nitro\pro 8\npdf.dll
FF - plugin: c:\program files\nitro\pro 8\npnitroie.dll
FF - plugin: c:\program files\nitro\pro 8\npnitromozilla.dll
FF - plugin: c:\program files\nitro\pro 8\NPShellExtension.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - ExtSQL: 2012-10-20 11:03; googledictionary@toptip.ca; c:\users\michael\appdata\roaming\mozilla\firefox\profiles\e63092ix.default\extensions\googledictionary@toptip.ca.xpi
FF - ExtSQL: 2012-11-19 17:14; {5384767E-00D9-40E9-B72F-9CC39D655D6F}; c:\users\michael\appdata\roaming\mozilla\firefox\profiles\e63092ix.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF - ExtSQL: !HIDDEN! 2009-07-13 16:31; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [2012-7-6 71152]
R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-10-11 61296]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-15 233024]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-6-18 221784]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-7-19 202928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-7-3 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-3 180224]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-19 155648]
R2 FAService;FAService;c:\program files\sensible vision\fast access\FAService.exe [2008-9-6 2340096]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-11-21 100216]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\nitro pdf\professional 7\NitroPDFDriverService2.exe [2012-4-12 175624]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\nitro\pro 8\NitroPDFDriverService8.exe [2012-10-23 196616]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-4-12 69640]
R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2011-5-11 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-11 74968]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2011-5-11 181584]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2009-9-17 369952]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\common files\safenet sentinel\sentinel security runtime\sntlsrtsrvr.exe [2009-9-17 292128]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-9-18 9216]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-8-1 719512]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-11-23 245760]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-7-3 144128]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-8-3 230912]
R3 hcw17bda;Hauppauge SMS1000-based;c:\windows\system32\drivers\hcw17bda.sys [2009-7-3 44288]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-3 203264]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-7-3 3662848]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-7-19 69208]
S2 TitanLM;TitanLM;c:\program files\titanlm\titanLM.exe [2011-2-3 326656]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-7-3 29736]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-7-3 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-7-3 79360]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2009-7-23 112128]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-7-23 100736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-4 22856]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-4-11 21744]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2009-7-19 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-6-18 94040]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files\common files\creative labs shared\service\XMBLicensing.exe [2009-7-3 79360]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
FileExt: .txt: Applications\wordpad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2012-12-04 07:03:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-04 02:53:53 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-04 02:53:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-03 14:34:03 -------- d-----w- c:\users\michael\appdata\roaming\Musue
2012-12-03 14:34:03 -------- d-----w- c:\users\michael\appdata\roaming\Ivzaqa
2012-12-03 14:34:03 -------- d-----w- c:\users\michael\appdata\roaming\Ewzyn
2012-11-29 12:03:26 -------- d-----w- c:\users\michael\appdata\roaming\foobar2000
2012-11-29 12:03:17 -------- d-----w- c:\program files\foobar2000
2012-11-27 07:29:19 -------- d-----w- c:\users\michael\appdata\roaming\FFSJ
2012-11-23 08:53:41 -------- d-----w- C:\Brother
2012-11-23 08:53:32 -------- d-----w- c:\program files\Browny02
2012-11-23 08:53:26 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-11-23 08:53:26 217088 ------w- c:\windows\system32\NSSearch.dll
2012-11-23 08:53:25 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-11-23 08:53:25 2560 ------w- c:\windows\system32\BrDctF2S.dll
2012-11-23 08:53:25 -------- d-----w- c:\program files\Brother
2012-11-21 13:02:36 100216 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-11-20 06:38:28 -------- d-----w- c:\programdata\Windows
.
==================== Find3M ====================
.
2012-10-23 05:51:36 18440 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-10-01 05:05:41 4779592 ----a-w- c:\windows\system32\SpoonUninstall.exe
2012-05-25 01:09:07 3993600 ----a-w- c:\program files\GUT23C6.tmp
2009-07-10 04:39:00 350720 ----a-w- c:\program files\hjsplit.exe
.
============= FINISH: 1:07:59.16 ===============
Thanks in advance, I can't cope with these problems.
Even though all (6 ?) threats are removed by MBAM, they do re-appear after the computer is rebooted
As per your instructions:
MBAM log
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.04.08
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Michael :: MICHAEL-PC [administrator]
5/12/2012 12:57:25 AM
mbam-log-2012-12-05 (00-57-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 277634
Time elapsed: 4 minute(s), 55 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Delete on reboot.
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 4
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,,C:\Users\Michael\AppData\Local\qjxavwgy\yppmgwpp.exe) Good: (userinit.exe) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Attach.txt log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 3/07/2009 3:40:54 AM
System Uptime: 5/12/2012 1:04:12 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0W497D
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | U2E1 | 2533/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 18.136 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 9.219 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0004
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #4
PNP Device ID: ROOT\*ISATAP\0004
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0007
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #7
PNP Device ID: ROOT\*ISATAP\0007
Service: tunnel
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description:
Device ID: ROOT\IMAGE\0001
Manufacturer: Creative Technology Ltd.
Name: Creative Live! Camera
PNP Device ID: ROOT\IMAGE\0001
Service:
.
==== System Restore Points ===================
.
RP423: 4/12/2012 1:11:22 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 4.65
A-PDF Restrictions Remover 1.6
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Advanced Audio FX Engine
Akamai NetSession Interface
Akamai NetSession Interface Service
Any Video Converter 3.1.8
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASDIP 4.1.0
ATI Catalyst Control Center
AVI ReComp 1.5.0
AviSynth 2.5
AVS Document Converter 2.0.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
AZImage 2.5.1.0
B-LINE for Windows
BadCopy Pro
Bigasoft iPod Transfer 1.5.15.4023
Bonjour
calibre
Canon MG6100 series MP Drivers
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 4.0
Canon Solution Menu EX
Canon Utilities Digital Photo Professional 3.11
Canon Utilities EOS Utility
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CanoScan LiDE 210 Scanner Driver
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCleaner
Choice Guard
Compatibility Pack for the 2007 Office system
COWON Media Center - jetAudio Basic
Crane Demo
dBpoweramp [Calculate Audio CRC] Codec
dBpoweramp Dalet Codec
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Mp2 and BwfMp2 codec
dBpoweramp mp3 (Fraunhofer IIS) Codec
dBpoweramp Ogg Vorbis Codec
dBpoweramp Real Audio (Helix) Encoder
dBPoweramp tooLame MP2 codec
dBpoweramp Wave64 Codec
dBpoweramp WavPack Codec
Dell DataSafe Online
Dell Dock
Dell Driver Download Manager
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Video Chat
Dell Webcam Central
Digital Photo Navigator 1.5
Document Express DjVu Plug-in
Driver Robot
Easy CD-DA Extractor 15
Easy CD-DA Extractor 2011
Everio MediaBrowser HD Edition
Exact Audio Copy 1.0beta3
FastAccess
FaxAmatic
FileZilla Client 3.5.3
FLOW-3D 10.0.1
foobar2000 v1.1.18
FormatFactory 2.60
Google Chrome
Google Update Helper
GoToAssist 8.0.0.514
HL-2270DW
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP-MPI 1.1
ImgBurn
ImTOO iPhone Transfer Platinum
Integrated Webcam Driver (1.06.03.0309)
Internet Download Manager
ISO Recorder
ITECIR Driver
iTunes
Java(TM) 6 Update 13
Junk Mail filter update
Learn Chinese 2008 6.1
Limcon V3
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.65.1.1000
Medieval CUE Splitter
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft HPC Pack 2008 R2 MS-MPI Redistributable Pack
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
Monkey's Audio
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Navman NavDesk 2008
NewsBin Pro
Nitro Pro 7
Nitro Pro 8
PowerDVD
PowerISO
QuickSet
QuickStores-Toolbar 1.1.0
QuickTime
Real Alternative 2.0.2
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Section Builder 8
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Sentinel Protection Installer 7.6.1
Sentinel System Driver
Sizer 3.34
Skins
Skype Toolbars
Skype™ 5.1
SolveigMM AVI Trimmer
Sound Blaster X-Fi MB
SumatraPDF
The KMPlayer (remove only)
TitanLM
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
tools-windows
Universal Document Converter (Demo)
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VBA (2720)
VietOCR3.NET
VIPRE Antivirus Premium
Visual C++ 2008 x86 Runtime - (v9.0.30729.4967)
Visual C++ 2008 x86 Runtime - v9.0.30729.4967
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 1.1.9
VMware Player
VMwarePlayer_x86
VobSub 2.23
Vodafone Mobile Connect Lite
WIDCOMM Bluetooth Software 6.2.0.6600
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Xilisoft Audio Maker
Xvid 1.2.2
.
==== End Of File ===========================
and dds log:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088
Run by Michael at 1:06:02 on 2012-12-05
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3036.1837 [GMT 8:00]
.
AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Sunbelt VIPRE *Enabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Sensible Vision\Fast Access\FASecFacX.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Sensible Vision\Fast Access\FAService.exe
C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\system32\vmnat.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/advanced_search?hl=en
mWinlogon: Userinit = userinit.exe,,c:\users\michael\appdata\local\qjxavwgy\yppmgwpp.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\program files\sensible vision\fast access\FAIESSO.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -
uRun: [Akamai NetSession Interface] "c:\users\michael\appdata\local\akamai\netsession_win.exe"
uRun: [YppMgwpp] c:\users\michael\appdata\local\qjxavwgy\yppmgwpp.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
mRun: [FAStartup] <no file>
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Download with ImTOO iPhone Transfer Platinum - c:\program files\imtoo\iphone transfer platinum\upod_link.HTM
IE: Download with iphone-transfer-platinum - c:\program files\imtoo\iphone transfer platinum\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
LSP: %windir%\system32\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: Interfaces\{5992EEE3-B44D-4DEE-B664-3E499B7C733F} : DHCPNameServer = 203.21.112.40 202.81.67.132
TCP: Interfaces\{75B2985B-3C72-42E1-B639-B6445B4415B4} : DHCPNameServer = 10.1.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: FastAccess - c:\program files\sensible vision\fast access\FALogNot.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
LSA: Notification Packages = scecli FAPassSync
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\e63092ix.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8f5b8c32-7fea-4664-8705-00fd9e15844d%7D&mid=c2e66f00971347d0aa85200f89d047d7-6fba2f3aa6da7b384e30f188008b11f5f811bdce&ds=st011&v=11.0.0.9&lang=en&pr=sa&d=2012-05-19%2001%3A42%3A28&sap=ku&q=
FF - component: c:\users\michael\appdata\roaming\idm\idmmzcc5\components\idmmzcc.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50826.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\nitro\pro 8\npdf.dll
FF - plugin: c:\program files\nitro\pro 8\npnitroie.dll
FF - plugin: c:\program files\nitro\pro 8\npnitromozilla.dll
FF - plugin: c:\program files\nitro\pro 8\NPShellExtension.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - ExtSQL: 2012-10-20 11:03; googledictionary@toptip.ca; c:\users\michael\appdata\roaming\mozilla\firefox\profiles\e63092ix.default\extensions\googledictionary@toptip.ca.xpi
FF - ExtSQL: 2012-11-19 17:14; {5384767E-00D9-40E9-B72F-9CC39D655D6F}; c:\users\michael\appdata\roaming\mozilla\firefox\profiles\e63092ix.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF - ExtSQL: !HIDDEN! 2009-07-13 16:31; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [2012-7-6 71152]
R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-10-11 61296]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-15 233024]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-6-18 221784]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-7-19 202928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-7-3 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-3 180224]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-19 155648]
R2 FAService;FAService;c:\program files\sensible vision\fast access\FAService.exe [2008-9-6 2340096]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-11-21 100216]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\nitro pdf\professional 7\NitroPDFDriverService2.exe [2012-4-12 175624]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\nitro\pro 8\NitroPDFDriverService8.exe [2012-10-23 196616]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-4-12 69640]
R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2011-5-11 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-11 74968]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2011-5-11 181584]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2009-9-17 369952]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\common files\safenet sentinel\sentinel security runtime\sntlsrtsrvr.exe [2009-9-17 292128]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-9-18 9216]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-8-1 719512]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-11-23 245760]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-7-3 144128]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-8-3 230912]
R3 hcw17bda;Hauppauge SMS1000-based;c:\windows\system32\drivers\hcw17bda.sys [2009-7-3 44288]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-3 203264]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-7-3 3662848]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-7-19 69208]
S2 TitanLM;TitanLM;c:\program files\titanlm\titanLM.exe [2011-2-3 326656]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-7-3 29736]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-7-3 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-7-3 79360]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2009-7-23 112128]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-7-23 100736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-4 22856]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-4-11 21744]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2009-7-19 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-6-18 94040]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files\common files\creative labs shared\service\XMBLicensing.exe [2009-7-3 79360]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
FileExt: .txt: Applications\wordpad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2012-12-04 07:03:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-04 02:53:53 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-04 02:53:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-03 14:34:03 -------- d-----w- c:\users\michael\appdata\roaming\Musue
2012-12-03 14:34:03 -------- d-----w- c:\users\michael\appdata\roaming\Ivzaqa
2012-12-03 14:34:03 -------- d-----w- c:\users\michael\appdata\roaming\Ewzyn
2012-11-29 12:03:26 -------- d-----w- c:\users\michael\appdata\roaming\foobar2000
2012-11-29 12:03:17 -------- d-----w- c:\program files\foobar2000
2012-11-27 07:29:19 -------- d-----w- c:\users\michael\appdata\roaming\FFSJ
2012-11-23 08:53:41 -------- d-----w- C:\Brother
2012-11-23 08:53:32 -------- d-----w- c:\program files\Browny02
2012-11-23 08:53:26 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-11-23 08:53:26 217088 ------w- c:\windows\system32\NSSearch.dll
2012-11-23 08:53:25 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-11-23 08:53:25 2560 ------w- c:\windows\system32\BrDctF2S.dll
2012-11-23 08:53:25 -------- d-----w- c:\program files\Brother
2012-11-21 13:02:36 100216 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-11-20 06:38:28 -------- d-----w- c:\programdata\Windows
.
==================== Find3M ====================
.
2012-10-23 05:51:36 18440 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-10-01 05:05:41 4779592 ----a-w- c:\windows\system32\SpoonUninstall.exe
2012-05-25 01:09:07 3993600 ----a-w- c:\program files\GUT23C6.tmp
2009-07-10 04:39:00 350720 ----a-w- c:\program files\hjsplit.exe
.
============= FINISH: 1:07:59.16 ===============
Thanks in advance, I can't cope with these problems.
Even though all (6 ?) threats are removed by MBAM, they do re-appear after the computer is rebooted