Inactive Plagued; an up-hill battle with an unknow number of foe's

Status
Not open for further replies.
Plagued; an up-hill battle with an unknow number of foe's

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.17.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
main :: C3ENIGMA [administrator]

11/17/2012 8:35:54 PM
mbam-log-2012-11-17 (20-35-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 495898
Time elapsed: 23 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16448 BrowserJavaVersion: 1.6.0_31
Run by main at 21:14:37 on 2012-11-17
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{2E67F1BB-FCF7-41D4-B26C-4F260D9C8A2F} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F378AB2E-D8A9-421B-A315-FC80F1ED3D71} : NameServer = 192.168.2.1
SSODL: WebCheck - <orphaned>
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\main\AppData\Roaming\Mozilla\Firefox\Profiles\t1qy4gsk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Joystick Plugin\npjoystick.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npjoystick.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R? AtiDCM;AtiDCM
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? dmvsc;dmvsc
R? MBAMProtector;MBAMProtector
R? MBAMService;MBAMService
R? MSICDSetup;MSICDSetup
R? pbfilter;pbfilter
R? Roxio UPnP Renderer 11;Roxio UPnP Renderer 11
R? StorSvc;Storage Service
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? WatAdminSvc;Windows Activation Technologies Service
S? AMD External Events Utility;AMD External Events Utility
S? AMD FUEL Service;AMD FUEL Service
S? amdide64;amdide64
S? amdiox64;AMD IO Driver
S? AtiHDAudioService;AMD Function Driver for HD Audio Service
S? IntuitUpdateServiceV4;Intuit Update Service v4
S? MBAMScheduler;MBAMScheduler
S? nusb3hub;Renesas Electronics USB 3.0 Hub Driver
S? nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver
S? RichVideo64;Cyberlink RichVideo64 Service(CRVS)
S? RTL8167;Realtek 8167 NT Driver
S? SBSDWSCService;SBSD Security Center Service
S? usbfilter;AMD USB Filter Driver
S? WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer
.
=============== Created Last 30 ================
.
2012-11-18 00:41:02 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-11-18 00:41:00 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-11-18 00:41:00 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-11-18 00:37:26 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-18 00:37:25 917984 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2012-11-17 22:05:30 -------- d-sh--r- C:\bootwiz
2012-11-17 21:37:06 96224 ----a-w- C:\nssdbm3_2.dll
2012-11-17 21:22:21 816608 ----a-w- C:\mozsqlite3_4.dll
2012-11-17 21:20:16 9113 ----a-w- C:\D887Dd01
2012-11-17 21:20:16 12100 ----a-w- C:\26013d01
2012-11-17 21:20:16 11867 ----a-w- C:\502DEd01
2012-11-17 21:20:16 10657 ----a-w- C:\2467Ad01
2012-11-17 21:20:15 13102 ----a-w- C:\D8A2Cd01
2012-11-17 21:19:42 10648 ----a-w- C:\6722Cd01
2012-11-17 20:46:13 36570 ----a-w- C:\A1355d01
2012-11-17 19:08:15 43393 ----a-w- C:\378BBd01
2012-11-17 19:04:21 15685 ----a-w- C:\07567d01
2012-11-17 03:03:58 10688 ----a-w- C:\0230[1]_1.kmz
2012-11-16 20:10:42 114688 ----a-w- C:\~DF117757AB3F17CDC3.TMP
2012-11-16 19:55:40 114688 ----a-w- C:\~DFC22F4BFAEBBFFCAE.TMP
2012-11-16 06:26:39 114688 ----a-w- C:\~DF0CD2BA876DB59115.TMP
2012-11-16 06:11:37 114688 ----a-w- C:\~DF97A39E39178DAAD5.TMP
2012-11-16 05:56:34 114688 ----a-w- C:\~DFEE9B70DC1BB137B5.TMP
2012-11-16 05:30:30 13400986 ----a-w- C:\fla35BB.tmp
2012-11-16 04:44:43 19670 ----a-w- C:\969252ce11249fdd.customDestinations-ms~RF29575394.TMP
2012-11-16 04:25:27 114688 ----a-w- C:\~DFD2670CA30546D7CD.TMP
2012-11-16 04:00:10 150732 ----a-w- C:\5DBD0d01
2012-11-16 03:55:18 938 ----a-w- C:\F4C4Em01
2012-11-16 03:52:58 5637 ----a-w- C:\655AFd01
2012-11-16 03:52:08 5555 ----a-w- C:\D2EECd01_1
2012-11-16 03:38:09 114688 ----a-w- C:\~DF9A6227E29C65AFF5.TMP
2012-11-16 03:23:07 114688 ----a-w- C:\~DFFC1A26072C6F0A15.TMP
2012-11-16 02:30:56 3642 ----a-w- C:\74d7f43c1561fc1e.customDestinations-ms~RFf9ff6.TMP
2012-11-16 01:48:48 9659 ----a-w- C:\E437Cd01
2012-11-16 00:33:48 305478 ----a-w- C:\309D3d01
2012-11-15 23:54:06 -------- d-----w- C:\Users\main\AppData\Roaming\System
2012-11-15 23:54:00 87552 ----a-w- C:\0.1103411556380407
2012-11-15 23:35:26 13723 ----a-w- C:\3D907d01
2012-11-15 23:05:38 114688 ----a-w- C:\~DF965E1949AC82BFFA.TMP
2012-11-15 22:20:00 114688 ----a-w- C:\~DF89E989F98975ACD8.TMP
2012-11-15 21:32:59 312178 ----a-w- C:\00E61d01
2012-11-15 21:15:42 114688 ----a-w- C:\~DF2EA57873294291B2.TMP
2012-11-15 21:00:41 114688 ----a-w- C:\~DFBCBE61F3602A0B03.TMP
2012-11-15 20:15:24 114688 ----a-w- C:\~DFA8F817D91D29DCC9.TMP
2012-11-15 19:47:24 39220 ----a-w- C:\FA5DBd01
2012-11-15 19:26:08 317412 ----a-w- C:\1DF43d01
2012-11-15 19:17:16 114688 ----a-w- C:\~DF97A3BB1DC58922C1.TMP
2012-11-15 17:58:27 114688 ----a-w- C:\~DF768ED986A7536566.TMP
2012-11-15 01:11:02 114688 ----a-w- C:\~DF8D48529BBD65EA93.TMP
2012-11-14 23:13:08 114688 ----a-w- C:\~DF78E1066D1EDAF118.TMP
2012-11-14 21:05:53 114688 ----a-w- C:\~DF8292E79C4678666C.TMP
2012-11-14 20:36:16 114688 ----a-w- C:\~DFD90BF559106D2D18.TMP
2012-11-14 16:49:11 114688 ----a-w- C:\~DF9478C783943EF0BB.TMP
2012-11-14 15:42:25 12787 ----a-w- C:\110ECd01
2012-11-14 05:49:16 114688 ----a-w- C:\~DF26F0AE7569F33938.TMP
2012-11-14 05:10:15 306935 ----a-w- C:\76113d01
2012-11-14 00:54:17 114688 ----a-w- C:\~DFCD2899453403089D.TMP
2012-11-14 00:39:15 114688 ----a-w- C:\~DF7A9FF13DAD398BC6.TMP
2012-11-14 00:01:42 100000 ----a-w- C:\052A4d01
2012-11-13 22:20:16 114688 ----a-w- C:\~DF0BC056FD3E940765.TMP
2012-11-13 22:05:13 114688 ----a-w- C:\~DF28AD56753C5F433D.TMP
2012-11-13 17:25:55 2279 ----a-w- C:\9D6BEm01
2012-11-13 16:45:14 114688 ----a-w- C:\~DF498EC8C7E67A7BCB.TMP
2012-11-13 16:35:40 122350 ----a-w- C:\48725d01
2012-11-13 16:30:12 114688 ----a-w- C:\~DF0BC58E82520CBF8C.TMP
2012-11-13 07:22:39 6188 ----a-w- C:\7B280d01_1
2012-11-13 01:36:01 114688 ----a-w- C:\~DF31A6BBC6103EB26B.TMP
2012-11-13 01:08:11 114688 ----a-w- C:\~DF6610662BA6C5864A.TMP
2012-11-12 21:27:23 114688 ----a-w- C:\~DF740EDB83F307E862.TMP
2012-11-12 21:12:20 114688 ----a-w- C:\~DF356C3F006619831B.TMP
2012-11-12 21:10:45 2469 ----a-w- C:\E190Cd01
2012-11-12 19:51:22 114688 ----a-w- C:\~DFB7E4F7B71746B9D2.TMP
2012-11-12 19:49:56 2109 ----a-w- C:\FA24Bd01_2
2012-11-12 19:29:57 17745 ----a-w- C:\CB2D4d01
2012-11-12 19:29:05 812 ----a-w- C:\614C2d01
2012-11-12 19:28:41 9805 ----a-w- C:\B1900d01
2012-11-12 19:28:11 4997 ----a-w- C:\80E4Dm01
2012-11-12 19:25:22 8649 ----a-w- C:\40163d01
2012-11-12 19:25:00 9233 ----a-w- C:\4194Ed01
2012-11-12 19:24:51 4998 ----a-w- C:\3B335m01
2012-11-12 19:24:50 5116 ----a-w- C:\355C8m01
2012-11-12 19:18:36 1182 ----a-w- C:\A9B34d01
2012-11-12 18:12:48 13266 ----a-w- C:\0F222d01
2012-11-11 19:56:45 114688 ----a-w- C:\~DF3A5B7E10CF66A085.TMP
2012-11-11 19:41:43 114688 ----a-w- C:\~DF9C9ACBC493BC28B1.TMP
2012-11-11 17:47:57 114688 ----a-w- C:\~DFD3CEC2E447D65829.TMP
2012-11-11 15:03:23 2277 ----a-w- C:\B87F8m01
2012-11-11 12:31:48 1182 ----a-w- C:\A39D1d01
2012-11-11 02:49:11 114688 ----a-w- C:\~DF95421B1F220FC477.TMP
2012-11-11 00:28:14 56496 ----a-w- C:\BEAFCd01
2012-11-10 22:48:36 114688 ----a-w- C:\~DF0EFCA2E9FF7237EE.TMP
2012-11-10 22:33:34 114688 ----a-w- C:\~DFB3DA4A2DF2F4F36C.TMP
2012-11-10 21:13:42 114688 ----a-w- C:\~DF0D2299436CB3C121.TMP
2012-11-10 18:11:39 114688 ----a-w- C:\~DFF674CC3EC66EC934.TMP
2012-11-10 17:56:37 114688 ----a-w- C:\~DFACE7BD745A086131.TMP
2012-11-10 10:12:10 114688 ----a-w- C:\~DFC63D7D41F4988809.TMP
2012-11-10 01:43:14 114688 ----a-w- C:\~DF99F31610752FDE0E.TMP
2012-11-10 01:28:12 114688 ----a-w- C:\~DF7D5C36DD195FF2D2.TMP
2012-11-10 00:37:23 114688 ----a-w- C:\~DF3AC360094F54C448.TMP
2012-11-10 00:20:11 114688 ----a-w- C:\~DF97ED7BFCF5D9E977.TMP
2012-11-09 23:36:48 114688 ----a-w- C:\~DF6EA02C3E9FF78AAD.TMP
2012-11-09 23:15:01 114688 ----a-w- C:\~DF270703793FCF8F53.TMP
2012-11-09 18:28:47 114688 ----a-w- C:\~DF8DE609C0709E5191.TMP
2012-11-09 15:17:55 114688 ----a-w- C:\~DF16736B912B4C9907.TMP
2012-11-09 14:57:03 6223 ----a-w- C:\D71C1d01
2012-11-09 08:58:55 114688 ----a-w- C:\~DF3A850C425AD12E5B.TMP
2012-11-09 06:01:14 275418 ----a-w- C:\TRUSTEDINSTALLER.EXE-3CC531E5.pf
2012-11-09 04:07:06 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2012-11-09 01:00:08 114688 ----a-w- C:\~DFF5010467751EA981.TMP
2012-11-08 23:59:52 5584811 ----a-w- C:\WERF071.tmp.hdmp
2012-11-08 22:44:03 114688 ----a-w- C:\~DFA4AD0AFB9F81141A.TMP
2012-11-08 21:51:03 114688 ----a-w- C:\~DF74FA0F23A9F974D6.TMP
2012-11-08 20:40:33 114688 ----a-w- C:\~DF0390D85E260D071B.TMP
2012-11-08 19:07:39 97442 ----a-w- C:\MCINFO.EXE-73BBFA2D.pf
2012-11-08 17:03:18 114688 ----a-w- C:\~DF071E31D49F761A15.TMP
2012-11-08 16:13:02 114688 ----a-w- C:\~DF828E8DA25833B959.TMP
2012-11-08 03:09:52 196440 ----a-w- C:\Windows\System32\drivers\SET7DAE.tmp
2012-11-08 02:08:46 114688 ----a-w- C:\~DF16597E058F1FA8CB.TMP
2012-11-08 01:01:49 114688 ----a-w- C:\~DF12DEBDBAD1175697.TMP
2012-11-07 22:31:20 114688 ----a-w- C:\~DF9CB6144E47386241.TMP
2012-11-07 21:50:17 114688 ----a-w- C:\~DFE60EA20ED48791F3.TMP
2012-11-07 20:55:06 114688 ----a-w- C:\~DF0E896531D93394C9.TMP
2012-11-07 18:37:46 114688 ----a-w- C:\~DF081D0167290E305E.TMP
2012-11-06 22:36:59 -------- d-----w- C:\Users\main\AppData\Local\fontconfig
2012-11-06 22:36:58 -------- d-----w- C:\Users\main\AppData\Local\gegl-0.2
2012-11-06 22:36:58 -------- d-----w- C:\Users\main\.gimp-2.8
2012-11-06 22:30:28 -------- d-----w- C:\Program Files\GIMP 2
2012-11-03 23:12:53 -------- d-----w- C:\Program Files (x86)\W3i, LLC
2012-10-31 18:35:23 4 ----a-w- C:\FAPAD57.tmp
2012-10-31 18:26:39 4 ----a-w- C:\FAPAE5E.tmp
2012-10-27 19:10:52 33944 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2012-10-27 19:10:52 184248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-10-27 19:10:52 17248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
2012-10-27 19:10:52 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2012-10-27 19:10:52 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2012-10-27 19:10:52 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2012-10-27 19:10:52 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2012-10-27 19:10:52 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2012-10-27 19:10:52 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2012-10-27 19:10:52 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2012-10-27 19:10:52 15872 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npjoystick.dll
2012-10-27 02:43:19 -------- d-----w- C:\Program Files\CCleaner
2012-10-25 20:28:15 -------- d-----w- C:\Program Files (x86)\Western Digital Corporation
.
==================== Find3M ====================
.
2012-11-17 21:37:11 1065 ----a-w- C:\Mozilla Firefox.lnk~RF3aed4.TMP
2012-11-17 21:37:11 1053 ----a-w- C:\Mozilla Firefox.lnk~RF3aee4.TMP
2012-11-17 20:56:41 105692 ----a-w- C:\Uninstall.exe.moz-delete
2012-11-17 20:56:22 18237976 ----a-w- C:\Firefox Setup 16.0.2.exe
2012-10-27 19:10:53 115168 ----a-w- C:\maintenanceservice.exe_1.moz-delete
2012-10-24 17:50:41 155104 ----a-w- C:\softokn3_1.dll
2012-10-24 17:50:38 115168 ----a-w- C:\maintenanceservice.exe.moz-delete
2012-10-11 21:32:10 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-11 21:32:10 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-11 03:15:03 1656 ----a-w- C:\Windows\System32\ASOROSet.bin
2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-14 06:08:17 84952 ----a-w- C:\Windows\System32\drivers\9d5a3c1.sys
2012-09-05 14:25:38 19384 ----a-w- C:\Windows\System32\roboot64.exe
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 21:15:07.09 ===============


ATTACH
.
==== Installed Programs ======================
.
µTorrent
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
AMD APP SDK Runtime
AMD Drag and Drop Transcoding
AMD Fuel
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
Art Effects for PDR10
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
BleachBit
Blender
Cardiris Pro 5
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CyberLink PowerDirector 10
CyberLink WaveEditor
Data Lifeguard Diagnostic for Windows 1.24
Electronics Assistant V4.2
FileZilla Client 3.5.3
GIMP 2.8.2
Google Earth
Google Update Helper
GQ USB Programmer
Hewlett-Packard ACLM.NET v1.1.0.0
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Product Detection
HP Update
HPDiagnosticAlert
HydraVision
I.R.I.S. OCR
ImgBurn
Japanese Fonts Support For Adobe Reader X
Java Auto Updater
Java(TM) 6 Update 31
JMicron JMB36X Driver
Joystick Plug-in
Living Marine Aquarium 2
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Combat Flight Simulator 3.1
Microsoft Office Outlook 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Multisim 8
OpenOffice.org 3.4.1
PeerBlock 1.0.0 (r181)
PL-2303 USB-to-Serial
PowerDirector
QuickTime
Readiris Pro 12
Realtek Ethernet Controller Driver
Recuva
Renesas Electronics USB 3.0 Host Controller Driver
Roxio Video Capture USB Driver
SeaMonkey (2.7.2)
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Shared C Run-time for x64
SmartSound Quicktracks 5
SmartSound Quicktracks Plugin
Spybot - Search & Destroy
The Print Shop 23
The Print Shop 3.0 Fonts
The Print Shop 3.0 Professional
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2010 wwiiper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2011 wwiiper
TurboTax 2011 wwviper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Vizimag 3.193
WinPcap 4.1.2
WinRAR 4.11 (32-bit)
WinZip 16.0
WinZip System Utilities Suite
Wireshark 1.8.2 (64-bit)
WMV9/VC-1 Video Playback
.
==== End Of File ===========================

Thank you in advance for your help.
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

You need to give me some info about your computer issues.

You're not running any AV program.
Why?
That's a step 1 from our preliminaries.
 
undefinedMy problem seems to be with Internet browsers. They don't load pages correctly. In Firefox google results start a page length down and in ie this site for example has trouble loading the human detector where it ask's you a question. I uninstalled mcafee but I do own a full copy for another year or two.
 
Why did you uninstall McAfee?
Reinstall it before we go any further.

Next...

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

********************************************

Download Malwarebytes Anti-Rootkit from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Status
Not open for further replies.
Back