Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Malware/Spyware Attack


  • This topic is locked This topic is locked
6 replies to this topic

#1 dark yux

dark yux

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 PM

Posted 03 March 2011 - 04:48 PM

Attached File  Attach.txt   16.04KB   2 downloads

Last week I tried to create an Regular user account and turn on the Guest account for security reasons. I noticed problems when I tried to use the accounts. The issues arose when I tried to delete a shortcut on the Desktop in the accounts. The UAC requested a password. I typed it in and the File transfer dialog started and then froze. I tried to kill it with Task Manager and it worked. Task Manager appeared to work fine until I went to the "Process" pane and clicked "Show process from all users." It was admin only so I put in my password and the Task Manager pane completely froze and would not respond. I could however kill it in the task bar system tray. I went to the "Control Panel" and clicked on "Add or remove user accounts" (Though this will happen when any admin only option is selected.). This window became unresponsive as well and I restarted Task Manager and tried to kill the Control Panel process. I got the "This program is unresponsive" dialog and clicked yes to force kill the process. The computer then asked to Restart Windows Explorer (not IE, it wasn't open) I clicked yes and the unresponsive windows cleared. I then tried to call a Windows Explorer window from the taskbar and got this error message "The remote procedure call failed and did not execute." I tried repeatedly and got the same message and "unknown errors". I then just logged out and deleted the accounts. In the administrator account my User folder, Notepad2's folder, and the HiJack This logfile were all locked. I rescanned, saved the HiJack logfile to the Desktop under a different name to get the below report. Other than that administrator works just fine. I used-- on full scan: avast!, Microsoft Security Essentials, Malwarebytes' Anti-Malware, Spybot Search&Destroy, and SUPERAntiSpyware. They did not find anything, accept some bad cookies (SUPERAntiSpyware).

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:55:19 PM, on 3/3/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8080.16413)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\DDNI\Lenovo Smile Dock\CenterStage.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://encrypted.google.com/"]http://encrypted.google.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://lenovo.msn.com"]http://lenovo.msn.com[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files (x86)\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast] "C:\Program Files (x86)\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Users\Christopher L Ramsey\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: iReboot 1.1.0.lnk = C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe
O4 - Global Startup: Lenovo Smile Dock.lnk = C:\Program Files (x86)\DDNi\Lenovo Smile Dock\Delay.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - [url="file://C:\Program"]file://C:\Program[/url] Files (x86)\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - [url="file://C:\Program"]file://C:\Program[/url] Files (x86)\ieSpell\wikipedia.HTM
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [url="http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab"]http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab[/url]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url]
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files (x86)\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: iReboot Background Service (iReboot) - Unknown owner - C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Oasis2Service - Unknown owner - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11487 bytes

DDS (Ver_10-12-12.02) - NTFS_AMD64  
Run by Christopher L Ramsey at 14:03:02.03 on Thu 03/03/2011
Internet Explorer: 9.0.8080.16413
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.1911.535 [GMT -5:00]

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\AVAST Software\Avast\AvastUI.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\DDNI\Lenovo Smile Dock\CenterStage.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Christopher L Ramsey\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://encrypted.google.com/
mStart Page = hxxp://lenovo.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files (x86)\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files (x86)\AVAST Software\Avast\aswWebRepIE.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [Google Update] "C:\Users\Christopher L Ramsey\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [avast] "C:\Program Files (x86)\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IREBOO~1.LNK - C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LENOVO~1.LNK - C:\Program Files (x86)\DDNi\Lenovo Smile Dock\Delay.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - [url="file://C:\Program"]file://C:\Program[/url] Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - [url="file://C:\Program"]file://C:\Program[/url] Files (x86)\ieSpell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\AVAST Software\Avast\aswWebRepIE64.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files (x86)\AVAST Software\Avast\aswWebRepIE64.dll
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
mRun-x64: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
mRun-x64: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
mRun-x64: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
mRun-x64: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
mRun-x64: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

============= SERVICES / DRIVERS ===============

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-2 505176]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-3-2 280408]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-3-2 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-3-2 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files (x86)\AVAST Software\Avast\AvastSvc.exe [2011-3-2 42184]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-9 13336]
R2 iReboot;iReboot Background Service;C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe [2008-4-27 9216]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-6-23 46080]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-9 2320920]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2010-12-9 28176]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2011-1-11 31088]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-12-9 167816]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-12-9 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-9 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-12-9 271872]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 vm332avs;Lenovo Camera2;C:\Windows\System32\drivers\vm332avs.sys [2010-12-9 229456]
R3 wdmirror;wdmirror;C:\Windows\System32\drivers\WDMirror.sys [2011-3-2 11280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-3 1153368]
S3 Bridge0;Bridge0;C:\Windows\System32\drivers\WDBridge.sys [2011-3-2 79376]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-2-26 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-15 38152]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files (x86)\Lenovo\ReadyComm\AppSvc.exe [2011-3-2 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files (x86)\Lenovo\ReadyComm\ConnSvc.exe [2011-3-2 575304]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2011-2-27 19936]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2011-2-27 13280]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-12-9 242720]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-26 1255736]
S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2011-03-03 18:49:40 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\{207C2A05-F39C-48EB-A755-C02ADAC06E4D}
2011-03-03 18:09:26 388096 ----a-r- C:\Users\CHRIST~1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-03 18:09:25 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-03-03 17:53:57 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-03-03 17:53:57 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-03-03 00:41:26 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\Malwarebytes
2011-03-03 00:41:19 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-03 00:41:17 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-03 00:41:13 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-03-03 00:41:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-03 00:38:03 505176 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2011-03-03 00:38:02 64344 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2011-03-03 00:37:19 40648 ----a-w- C:\windows\avastSS.scr
2011-03-03 00:37:11 -------- d-----w- C:\Program Files (x86)\AVAST Software
2011-03-03 00:34:25 -------- d-----w- C:\Program Files\AVAST Software
2011-03-03 00:34:25 -------- d-----w- C:\PROGRA~3\AVAST Software
2011-03-03 00:25:10 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2011-03-03 00:25:09 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\SUPERAntiSpyware.com
2011-03-03 00:25:03 -------- d-----w- C:\PROGRA~3\!SASCORE
2011-03-03 00:24:57 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-03-02 23:19:45 79376 ----a-w- C:\windows\System32\drivers\WDBridge.sys
2011-03-02 23:19:44 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\Lenovo
2011-03-02 23:19:43 11280 ----a-w- C:\windows\System32\drivers\WDMirror.sys
2011-03-02 23:19:42 22344 ----a-w- C:\windows\System32\WDMirror.dll
2011-03-02 23:19:28 16648 ------r- C:\windows\SysWow64\LogAPI.dll
2011-03-02 20:28:43 7947600 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{951EC89A-E0EF-4878-BFFF-A8E8816FDCFC}\mpengine.dll
2011-03-02 20:19:50 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\{DF478263-269F-4AA6-83F6-A56F9653CB77}
2011-03-02 05:14:31 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\Apple Computer
2011-03-02 05:09:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-03-02 05:09:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-03-02 05:09:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-02 05:09:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-02 05:09:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-02 05:09:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-02 05:09:45 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-03-02 05:07:41 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\Apple
2011-03-02 04:05:43 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\{DBC95FD8-8122-4D83-9A09-92EABF27F98F}
2011-03-01 15:56:51 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\{61C9CF9A-5C80-48A2-A2DE-EF5129DA7BC2}
2011-03-01 14:20:06 -------- dc-h--w- C:\PROGRA~3\{DC88B4E9-0A30-46AE-A4D5-38E7C0D304E4}
2011-02-28 21:17:18 -------- d-----w- C:\Program Files (x86)\ieSpell
2011-02-28 21:12:57 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\Diagnostics
2011-02-28 20:57:02 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\GrabPro
2011-02-28 19:53:13 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\{96B0EC24-82CF-478F-88DF-E2DB5568D3E2}
2011-02-28 16:49:28 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\{FA754A7B-7998-4587-9E30-523F29E312DD}
2011-02-28 16:35:15 -------- d--h--w- C:\Users\Christopher L Ramsey\.gimp-2.6
2011-02-28 16:34:46 -------- d-----w- C:\Program Files (x86)\GIMP-2.0
2011-02-28 15:22:25 -------- d-----w- C:\Program Files (x86)\Notepad2
2011-02-28 15:17:11 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\inkscape
2011-02-28 15:12:40 -------- d-----w- C:\Program Files (x86)\Inkscape
2011-02-28 14:52:13 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\Apps
2011-02-27 22:53:28 7947600 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-27 21:43:55 801352 ----a-w- C:\windows\System32\pwNative.exe
2011-02-27 21:43:55 19936 ------w- C:\windows\System32\pwdrvio.sys
2011-02-27 21:43:53 13280 ------w- C:\windows\System32\pwdspio.sys
2011-02-27 13:44:06 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\NeoSmart_Technologies
2011-02-27 13:41:15 -------- d-----w- C:\Program Files (x86)\NeoSmart Technologies
2011-02-27 04:20:38 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\LibreOffice
2011-02-26 22:29:31 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{21B33923-97BB-438B-AF82-B143CB8C3531}\gapaengine.dll
2011-02-26 19:52:49 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-02-26 19:52:36 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-02-26 19:52:22 374664 ----a-w- C:\windows\System32\drivers\netio.sys
2011-02-26 19:29:45 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\{711D0EF9-CD6E-4138-8881-71C2403D9FEC}
2011-02-26 19:27:17 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\{50C049E2-37D7-426C-8153-EEB3F4AE5CA0}
2011-02-26 19:25:41 -------- d-----w- C:\windows\en
2011-02-26 19:05:35 48488 ----a-w- C:\windows\System32\drivers\fssfltr.sys
2011-02-26 19:05:03 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{AD80AB77-6B21-4417-A7EC-4A8F4E84B1C0}\mpengine.dll
2011-02-26 19:05:02 270720 ------w- C:\windows\System32\MpSigStub.exe
2011-02-26 19:02:53 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll
2011-02-26 19:02:53 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll
2011-02-26 19:02:52 523088 ----a-w- C:\windows\System32\d3dx10_42.dll
2011-02-26 19:02:52 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll
2011-02-26 19:02:26 4398360 ----a-w- C:\windows\System32\d3dx9_32.dll
2011-02-26 19:02:26 3426072 ----a-w- C:\windows\SysWow64\d3dx9_32.dll
2011-02-26 19:02:18 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b09108a91cbd5e703\MeshBetaRemover.exe
2011-02-26 18:14:30 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2011-02-26 18:08:14 -------- d-----w- C:\Program Files (x86)\Feedback Tool
2011-02-26 16:19:22 -------- d-----w- C:\Program Files (x86)\LibreOffice 3
2011-02-26 16:07:00 -------- d-----r- C:\Program Files (x86)\Skype
2011-02-26 16:00:11 -------- d-----w- C:\Program Files (x86)\gnucash
2011-02-26 15:04:34 -------- d-----w- C:\windows\SysWow64\Wat
2011-02-26 15:04:34 -------- d-----w- C:\windows\System32\Wat
2011-02-26 14:50:36 367104 ----a-w- C:\windows\System32\wcncsvc.dll
2011-02-26 14:50:36 276992 ----a-w- C:\windows\SysWow64\wcncsvc.dll
2011-02-26 14:44:56 99176 ----a-w- C:\windows\SysWow64\PresentationHostProxy.dll
2011-02-26 14:44:56 49472 ----a-w- C:\windows\SysWow64\netfxperf.dll
2011-02-26 14:44:56 444752 ----a-w- C:\windows\System32\mscoree.dll
2011-02-26 14:44:56 320352 ----a-w- C:\windows\System32\PresentationHost.exe
2011-02-26 14:44:56 297808 ----a-w- C:\windows\SysWow64\mscoree.dll
2011-02-26 14:44:56 295264 ----a-w- C:\windows\SysWow64\PresentationHost.exe
2011-02-26 14:44:56 1130824 ----a-w- C:\windows\SysWow64\dfshim.dll
2011-02-26 14:44:56 109912 ----a-w- C:\windows\System32\PresentationHostProxy.dll
2011-02-26 14:44:55 48960 ----a-w- C:\windows\System32\netfxperf.dll
2011-02-26 14:44:55 1942856 ----a-w- C:\windows\System32\dfshim.dll
2011-02-26 14:41:03 184832 ----a-w- C:\windows\System32\drivers\usbvideo.sys
2011-02-26 14:41:02 243712 ----a-w- C:\windows\System32\drivers\ks.sys
2011-02-26 05:02:31 0 ----a-w- C:\windows\SysWow64\sho513.tmp
2011-02-26 05:00:44 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\Windows Live
2011-02-26 05:00:25 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\Windows Live Writer
2011-02-26 05:00:25 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\Windows Live Writer
2011-02-26 00:17:56 2003968 ----a-w- C:\windows\System32\msxml6.dll
2011-02-26 00:16:47 112000 ----a-w- C:\windows\System32\consent.exe
2011-02-26 00:15:35 738816 ----a-w- C:\windows\SysWow64\wmpmde.dll
2011-02-26 00:15:35 1024512 ----a-w- C:\windows\System32\wmpmde.dll
2011-02-26 00:15:34 27008 ----a-w- C:\windows\System32\drivers\Diskdump.sys
2011-02-26 00:15:33 395776 ----a-w- C:\windows\System32\webio.dll
2011-02-26 00:15:33 314368 ----a-w- C:\windows\SysWow64\webio.dll
2011-02-26 00:15:27 861184 ----a-w- C:\windows\System32\oleaut32.dll
2011-02-26 00:15:27 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2011-02-25 22:44:45 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\CyberLink
2011-02-25 17:18:13 -------- d-----w- C:\PROGRA~3\VirtualizedApplications
2011-02-25 15:07:14 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\SoftGrid Client
2011-02-25 15:07:12 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\SoftGrid Client
2011-02-25 15:06:20 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-02-25 15:06:00 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\TP
2011-02-25 13:19:43 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\ooVoo Details
2011-02-25 13:16:03 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\Google
2011-02-25 07:13:57 -------- d-----w- C:\Program Files (x86)\Mozilla Sunbird
2011-02-16 19:26:00 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-02-16 19:01:28 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\Adobe
2011-02-16 18:54:12 -------- d-----w- C:\Users\CHRIST~1\AppData\Local\Mozilla
2011-02-16 18:54:06 -------- d-----w- C:\Program Files (x86)\SeaMonkey
2011-02-16 17:23:37 -------- d-----w- C:\Users\CHRIST~1\AppData\Roaming\Intel Corporation
2011-02-16 17:20:30 -------- d-sh--w- C:\Recovery

==================== Find3M  ====================

2011-02-26 18:14:30 902656 ----a-w- C:\windows\System32\d2d1.dll
2011-02-26 18:14:30 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
2011-02-26 18:14:30 265088 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2011-02-26 18:14:30 229888 ----a-w- C:\windows\System32\XpsRasterService.dll
2011-02-26 18:14:30 1863680 ----a-w- C:\windows\System32\ExplorerFrame.dll
2011-02-26 18:14:30 1837568 ----a-w- C:\windows\System32\d3d10warp.dll
2011-02-26 18:14:30 1540608 ----a-w- C:\windows\System32\DWrite.dll
2011-02-26 18:14:30 1495040 ----a-w- C:\windows\SysWow64\ExplorerFrame.dll
2011-02-26 18:14:30 144384 ----a-w- C:\windows\System32\cdd.dll
2011-02-26 18:14:30 135168 ----a-w- C:\windows\SysWow64\XpsRasterService.dll
2011-02-26 18:14:30 1170944 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2011-02-26 18:14:30 1133568 ----a-w- C:\windows\System32\FntCache.dll
2011-02-26 18:14:30 1074176 ----a-w- C:\windows\SysWow64\DWrite.dll
2011-01-17 06:17:00 197120 ----a-w- C:\windows\System32\d3d10_1.dll
2011-01-17 05:38:38 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
2011-01-12 03:33:14 31088 ----a-w- C:\windows\System32\drivers\clwvd.sys
2011-01-07 08:07:24 662528 ----a-w- C:\windows\System32\XpsPrint.dll
2011-01-07 08:07:24 475648 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2011-01-07 08:06:50 46080 ----a-w- C:\windows\System32\atmlib.dll
2011-01-07 07:31:10 442880 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\windows\SysWow64\atmfd.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\windows\System32\win32k.sys
2010-12-21 06:16:27 97280 ----a-w- C:\windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\windows\System32\winhttp.dll
2010-12-21 06:16:09 258048 ----a-w- C:\windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\windows\System32\slwga.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 350720 ----a-w- C:\windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\windows\SysWow64\davclnt.dll
2010-12-18 06:11:34 714752 ----a-w- C:\windows\System32\kerberos.dll
2010-12-18 05:29:31 541184 ----a-w- C:\windows\SysWow64\kerberos.dll
2010-12-09 19:00:19 512 ----a-w- C:\windows\current.bin
2010-12-09 18:59:01 512 ----a-w- C:\windows\previous.bin
2010-12-09 18:46:05 2219520 ----a-w- C:\windows\System32\Apblend64.dll
2010-12-09 18:46:05 2110816 ----a-w- C:\windows\SysWow64\Apblend.dll
2010-12-09 18:46:05 1767936 ----a-w- C:\windows\System32\imagereog.dll
2010-12-09 18:46:05 1398112 ----a-w- C:\windows\SysWow64\Imagereog.dll
2010-12-09 18:46:05 1171456 ----a-w- C:\windows\SysWow64\PicNotify.dll
2010-12-09 18:46:05 11104 ----a-w- C:\windows\SysWow64\biologon.dll
2010-12-09 18:46:05 1025376 ----a-w- C:\windows\SysWow64\CamOpEx.dll
2010-12-09 18:46:02 778240 ----a-w- C:\windows\System32\EncIcons.dll
2010-12-09 18:46:02 622592 ----a-w- C:\windows\System32\SimpleExt.dll
2010-12-09 18:46:02 1502720 ----a-w- C:\windows\System32\IcnOvrly.dll
2010-12-09 18:45:57 876032 ----a-w- C:\windows\SysWow64\DevIL.dll
2010-12-09 18:45:57 77824 ----a-w- C:\windows\SysWow64\ILU.dll
2010-12-09 18:45:57 3727720 ----a-w- C:\windows\SysWow64\d3dx9_35.dll
2010-12-09 18:45:57 32768 ----a-w- C:\windows\SysWow64\ILUT.dll
2010-12-09 18:45:57 1044480 ----a-w- C:\windows\SysWow64\3DImageRenderer.dll
2010-12-09 09:54:15 52224 ----a-w- C:\windows\System32\rtutils.dll
2010-12-09 09:54:15 37376 ----a-w- C:\windows\SysWow64\rtutils.dll
2010-12-09 09:54:07 82944 ----a-w- C:\windows\SysWow64\iccvid.dll
2010-12-09 09:52:59 410504 ----a-w- C:\windows\System32\drivers\iaStorV.sys
2010-12-09 09:52:59 27016 ----a-w- C:\windows\System32\drivers\amdxata.sys
2010-12-09 09:52:59 2566144 ----a-w- C:\windows\System32\esent.dll
2010-12-09 09:52:59 187264 ----a-w- C:\windows\System32\drivers\storport.sys
2010-12-09 09:52:59 1686016 ----a-w- C:\windows\SysWow64\esent.dll
2010-12-09 09:52:59 166280 ----a-w- C:\windows\System32\drivers\nvstor.sys
2010-12-09 09:52:59 1657216 ----a-w- C:\windows\System32\drivers\ntfs.sys
2010-12-09 09:52:59 148352 ----a-w- C:\windows\System32\drivers\nvraid.sys
2010-12-09 09:52:59 107912 ----a-w- C:\windows\System32\drivers\amdsata.sys
2010-12-09 09:51:43 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2010-12-09 09:51:43 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2010-12-09 09:51:43 153160 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2010-12-09 09:51:43 1446912 ----a-w- C:\windows\System32\lsasrv.dll
2010-12-09 09:51:23 286720 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2010-12-09 09:51:23 157696 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2010-12-09 09:51:23 125952 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2010-12-09 09:50:17 84992 ----a-w- C:\windows\System32\asycfilt.dll
2010-12-09 09:50:17 67584 ----a-w- C:\windows\SysWow64\asycfilt.dll
2010-12-09 09:50:09 139264 ----a-w- C:\windows\System32\cabview.dll
2010-12-09 09:50:09 132608 ----a-w- C:\windows\SysWow64\cabview.dll
2010-12-09 09:48:31 613888 ----a-w- C:\windows\System32\psisdecd.dll
2010-12-09 09:48:31 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll
2010-12-09 09:48:19 389632 ----a-w- C:\windows\System32\winlogon.exe
2010-12-09 09:48:19 2870272 ----a-w- C:\windows\explorer.exe
2010-12-09 09:48:19 2614272 ----a-w- C:\windows\SysWow64\explorer.exe
2010-12-09 09:46:51 70656 ----a-w- C:\windows\SysWow64\fontsub.dll
2010-12-09 09:46:51 100864 ----a-w- C:\windows\System32\fontsub.dll
2010-12-09 09:45:22 311808 ----a-w- C:\windows\System32\msv1_0.dll
2010-12-09 09:45:22 257024 ----a-w- C:\windows\SysWow64\msv1_0.dll
2010-12-09 09:45:14 46592 ----a-w- C:\windows\System32\msasn1.dll
2010-12-09 09:45:14 34816 ----a-w- C:\windows\SysWow64\msasn1.dll
2010-12-09 09:44:46 1975296 ----a-w- C:\windows\System32\CertEnroll.dll
2010-12-09 09:44:46 1320960 ----a-w- C:\windows\SysWow64\CertEnroll.dll

============= FINISH: 14:04:15.64 ===============


BC AdBot (Login to Remove)

 


#2 dark yux

dark yux
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 PM

Posted 05 March 2011 - 04:06 PM

Please help!!!!!!!!!!!!!!!!!!!!!!

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our MRT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the MRT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 05 March 2011 - 06:55 PM.


#3 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 368 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:04:42 AM

Posted 11 March 2011 - 09:47 AM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Bleeping Computer. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Multiple Anti-Virus Advice:

You appear to have both avast! Free Antivirus and Microsoft Security Essentials installed and active in system memory. Even if one is kept as a on-demand scanner only the overall situation is far from ideal. A system conflict will occur plus overall online protection is actually lessoned. I advise you decide which you would prefer to keep and uninstall one only of the aforementioned.

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimised
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.


#4 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 368 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:04:42 AM

Posted 15 March 2011 - 10:06 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

#5 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 368 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:04:42 AM

Posted 17 March 2011 - 10:51 AM

This topic has been re-opened at the request of the person who originally posted. -------------- Per your PM I am actually prepared to assist you even though you state this regards a different machine. I need to know a few things first however... 1. What Operating System is in use. 2. Is the machine in question used for business related activities or home use only? 3. Is the actual machine your property? 4. Are you using a Router at all? Please answer the above when ready and we will go from there, thank you.

Edited by Dakeyras, 17 March 2011 - 10:56 AM.
Added questions.


#6 dark yux

dark yux
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 PM

Posted 17 March 2011 - 04:00 PM

This topic has been re-opened at the request of the person who originally posted.

--------------

Per your PM I am actually prepared to assist you even though you state this regards a different machine.

I need to know a few things first however...

1. What Operating System is in use.

2. Is the machine in question used for business related activities or home use only?

3. Is the actual machine your property?

4. Are you using a Router at all?

Please answer the above when ready and we will go from there, thank you.


1.) I'm using Windows 7 Home Premimum 64-bit on an Lenovo G650

2.) The machine at the moment is for home use.

3.) Yes this is my computer.

4.) I am using an unsecured wireless internet connection Windows detected from my house. The name of the network is "linksys-g" so it's somebody's router (according to Google linksys is a router brand).

#7 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 368 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:04:42 AM

Posted 17 March 2011 - 05:13 PM

I am using an unsecured wireless internet connection Windows detected from my house. The name of the network is "linksys-g" so it's somebody's router (according to Google linksys is a router brand).

By your own admission you are hijacking another persons Internet Conection...Apart from being highly unethical it is also illegal in my humble opinion and shame on you. I pay for my ISP and so should you.

As it stands I am withdrawing my assistance, if you wish to contest my decision feel free to contact a Forum Admin.

This Topic is now closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users