Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/Trojan has disabled my Windows Installer service, sound, WiFi and much more.


  • This topic is locked This topic is locked
4 replies to this topic

#1 Viljar

Viljar

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 30 March 2011 - 08:24 AM

Hello,

The day before yesterday I ran into problem which is rather peculiar. I was doing my own business on the laptop and decided to start watching TV Series "The Sons of Anarchy". Great show! I think I had watched around 5 minutes then suddenly the laptop made a strange noise and I could not hear any sound anymore. I though that the laptop was just tired and needed some rest, no biggies. The next day when I powered the computer the problem remained. Now I sawy that my WiFi icon next to the clock was disabled although I can still use the Internet, the icon is just in disabled mode. I cannot access program properties, windows updates, open pictures (class not registered) and probably there are other stuff too. I've tried installing and scanning with various AV programs, but all of the have failed. Maybe you guys can help me.

This is my HiJackThis log file:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:35:20, on 30.03.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\John S. Wallace\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
R3 - URLSearchHook: (no name) - {90d46c30-9f25-4104-aea9-35c3f84477ff} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\John S. Wallace\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-21-871688123-1330305446-1716116605-1001\..\Run: [Google Update] "C:\Users\John S. Wallace\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-871688123-1330305446-1716116605-1001\..\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" (User '?')
O4 - HKUS\S-1-5-21-871688123-1330305446-1716116605-1001\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (User '?')
O4 - S-1-5-21-871688123-1330305446-1716116605-1001 Startup: setup_9.0.0.722_28.03.2011_04-16.lnk = John S. Wallace\Desktop\Virus Removal Tool\setup_9.0.0.722_28.03.2011_04-16\startup.exe (User '?')
O4 - Startup: setup_9.0.0.722_28.03.2011_04-16.lnk = John S. Wallace\Desktop\Virus Removal Tool\setup_9.0.0.722_28.03.2011_04-16\startup.exe
O8 - Extra context menu item: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pu...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

Kind Regards,
Viljar Lumi

//EDIT
I restarted my laptop to scan it in safe mode. Now I'm back in normal mode and in the mean time something else has happened. I cannot open Microsoft Words or other programs anymore, I haven't closed my browser that's why I can still use it. Please help me.

EDIT: Please be patient. There are over 240 unanswered topics in this forum at present and the current average wait time to receive help is 5-6 days. ~BP

Edited by Budapest, 01 April 2011 - 04:36 PM.
Moved from AII ~BP


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:51 PM

Posted 05 April 2011 - 10:51 AM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 Viljar

Viljar
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 08 April 2011 - 02:48 PM

Hello and thank your for your reply. I haven't been able to access my laptop fir the past week, that's why my answer to you is late. I have been working also with the guys from daniweb.com but I think that two heads are two heads.

So, onto your instructions. I managed to download DDS.scr but when downloading DDS.pif I got this error:
Opera
Error when initalizing the file dialog: 0xFFFF
Internal program error.

This is what happens when I use Opera browser. When I use FireFox I get nothing, the browser does not allow me to download/save the file, it just does not do nothing. It directly opens the file and shows weird characters.

So when I disconnect from Internet and run DDS.scr I get a log file opened in NotePad and also an error with that:
Windows Script Host
Can't find script engine "VBSCRIPT" for script "C:\Users\John S. Wallace\AppData\Local\Temp\MSGB.PIF".

When I press "OK" it simply disappears, but luckily the log file stays open:

DDS.SCR Log File:
.
DDS (Ver_11-03-05.01) - NTFS_AMD64  
Run by John S. Wallace at 22:36:21,22 on R 08.04.2011
Internet Explorer: 8.0.7600.16385
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No File
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - No File
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "C:\Users\John S. Wallace\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JOHNS~1.WAL\AppData\Roaming\Mozilla\Firefox\Profiles\w6mq34oo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - mipony-plugin Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - component: C:\Users\John S. Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\w6mq34oo.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\John S. Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\w6mq34oo.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\John S. Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\w6mq34oo.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\John S. Wallace\AppData\Roaming\Mozilla\Firefox\Profiles\w6mq34oo.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\John S. Wallace\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\John S. Wallace\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Veoh Web Player Community Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - %profile%\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
FF - Ext: mipony-plugin Community Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - %profile%\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-04-02 21:20:42	--------	d-sh--w-	C:\$RECYCLE.BIN
2011-04-01 10:35:09	98816	----a-w-	C:\Windows\sed.exe
2011-04-01 10:35:09	89088	----a-w-	C:\Windows\MBR.exe
2011-04-01 10:35:09	256512	----a-w-	C:\Windows\PEV.exe
2011-04-01 10:35:09	161792	----a-w-	C:\Windows\SWREG.exe
2011-03-30 17:31:06	38224	----a-w-	C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-30 17:31:05	--------	d-----w-	C:\PROGRA~3\Malwarebytes
2011-03-30 17:31:03	24664	----a-w-	C:\Windows\System32\drivers\mbam.sys
2011-03-30 17:31:02	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-30 10:21:55	--------	d-----w-	C:\PROGRA~3\MFAData
2011-03-29 14:03:54	--------	d-----w-	C:\PROGRA~3\Kaspersky Lab
2011-03-29 14:02:39	40464	----a-w-	C:\Windows\System32\drivers\71125392.sys
2011-03-29 14:02:39	352784	----a-w-	C:\Windows\System32\drivers\7112539.sys
2011-03-29 14:02:39	157712	----a-w-	C:\Windows\System32\drivers\71125391.sys
2011-03-29 13:45:18	--------	d-----w-	C:\PROGRA~3\Kaspersky Lab Setup Files
2011-03-29 13:18:27	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\ElevatedDiagnostics
2011-03-29 12:49:48	74272	----a-w-	C:\Windows\System32\RtNicProp64.dll
2011-03-29 12:49:48	428136	----a-w-	C:\Windows\System32\drivers\Rt64win7.sys
2011-03-29 08:10:12	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{A4A3257E-A142-4431-97AC-11A642B25B83}
2011-03-28 20:10:49	--------	d-----w-	C:\PROGRA~3\Nexon
2011-03-28 19:42:13	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{871827A6-85BF-48F5-95A3-A3C44E7DFF5E}
2011-03-28 12:08:08	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\Collectorz.com
2011-03-28 12:08:04	--------	d-----w-	C:\Program Files (x86)\Collectorz.com
2011-03-28 09:12:13	--------	d-----w-	C:\Program Files (x86)\BandiMPEG1
2011-03-28 09:02:16	--------	d-----w-	C:\PROGRA~3\NexonUS
2011-03-28 07:41:48	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{12368CA5-B578-4E76-A0CB-E8542E8112F0}
2011-03-28 07:24:49	--------	d-----w-	C:\Program Files (x86)\Pando Networks
2011-03-27 16:02:22	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\Merit Aktiva
2011-03-27 16:01:27	--------	d-----w-	C:\Merit
2011-03-27 15:43:21	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Roaming\Peachtree
2011-03-27 15:41:30	2134016	----a-w-	C:\Windows\SysWow64\cdintf251.dll
2011-03-27 15:40:52	--------	d-----w-	C:\Windows\Crystal
2011-03-27 15:40:32	--------	d-----w-	C:\Program Files (x86)\Common Files\Peach
2011-03-27 15:39:17	--------	d-----w-	C:\Program Files (x86)\Business Objects
2011-03-27 15:37:17	--------	d-----w-	C:\Program Files (x86)\Pervasive Software
2011-03-27 15:36:52	--------	d-----w-	C:\Program Files (x86)\Sage Software
2011-03-27 15:31:16	655872	----a-w-	C:\Windows\SysWow64\msvcr90.dll
2011-03-27 15:31:16	568832	----a-w-	C:\Windows\SysWow64\msvcp90.dll
2011-03-27 15:31:16	1156600	----a-w-	C:\Windows\SysWow64\MFC90.dll
2011-03-27 15:31:16	1060864	----a-w-	C:\Windows\SysWow64\MFC71.dll
2011-03-27 15:30:32	--------	d-----w-	C:\Windows\PeachInst
2011-03-27 08:05:26	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{BA527FD0-D53F-40E6-91FA-DFBF657D955C}
2011-03-26 20:05:01	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{86B39EA0-FF30-4D16-A607-83C8F12D1118}
2011-03-26 08:04:37	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{0082E903-F520-4D70-B399-A97AF7EE9AF5}
2011-03-25 09:51:40	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{4E755C97-5856-4E72-83A0-09C61A263E28}
2011-03-25 09:51:01	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{72667CA4-9452-40E9-851F-D1CC50DEA3E6}
2011-03-25 07:59:34	8424784	----a-w-	C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{D320B60E-E6F9-4398-8C14-2E9CE618334A}\mpengine.dll
2011-03-25 07:57:10	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{85E3603D-F410-4589-8794-F71D7B64F3DE}
2011-03-24 08:46:50	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{5E13E403-C60D-40A7-929D-E9958DB0226D}
2011-03-23 20:15:59	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{C82A65FE-2BE6-4BD9-98DD-3CD82CF7D71F}
2011-03-23 08:15:36	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{30A791B6-6ED0-4EB6-A27F-5848C87D390D}
2011-03-22 08:32:26	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{960D21BD-BE2F-4C4A-A0B6-67468180D042}
2011-03-21 09:20:41	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{B3E0070F-CB54-4A12-811E-F8BAE68EB4E4}
2011-03-20 21:20:16	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{98BF37A0-A761-49A0-9FD1-2F176E2AF301}
2011-03-20 09:56:34	--------	d-----r-	C:\Program Files (x86)\Skype
2011-03-20 09:19:51	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{CC8D4F52-358C-419D-ABC8-BD6245EE1BEE}
2011-03-19 09:07:35	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{CCE86BF6-151D-4631-B7DB-5AD3F5F8C0C2}
2011-03-18 09:47:02	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{C72ACC80-C7CA-4D94-84A7-F076614A6777}
2011-03-17 21:23:20	--------	d-----w-	C:\Program Files (x86)\NVIDIA Corporation
2011-03-17 21:23:16	--------	d-----w-	C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-03-17 21:22:44	--------	d-----w-	C:\Windows\SysWow64\xlive
2011-03-17 21:22:44	--------	d-----w-	C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-03-17 14:55:18	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\Ubisoft Game Launcher
2011-03-17 14:46:21	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Roaming\PunkBuster
2011-03-17 14:44:57	519000	----a-w-	C:\Windows\System32\d3dx10_40.dll
2011-03-17 14:44:57	452440	----a-w-	C:\Windows\SysWow64\d3dx10_40.dll
2011-03-17 14:44:57	2605920	----a-w-	C:\Windows\System32\D3DCompiler_40.dll
2011-03-17 14:44:57	2036576	----a-w-	C:\Windows\SysWow64\D3DCompiler_40.dll
2011-03-17 14:44:54	5631312	----a-w-	C:\Windows\System32\D3DX9_40.dll
2011-03-17 14:44:54	4379984	----a-w-	C:\Windows\SysWow64\D3DX9_40.dll
2011-03-17 10:44:34	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{0EE22538-00BF-4C44-AE3F-BC060447CB3D}
2011-03-17 05:41:43	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{56AD03C4-F2E8-4279-A651-00DE95C1D40E}
2011-03-16 20:05:04	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\PunkBuster
2011-03-16 19:39:26	266293	----a-w-	C:\Windows\SysWow64\temp.000
2011-03-16 08:27:04	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{970EE0BE-2F14-48D2-BCF4-D63DE1053197}
2011-03-15 14:21:10	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{1623F24E-C980-4AE2-B1DB-5011766C161D}
2011-03-14 21:08:19	--------	d-----w-	C:\Program Files (x86)\MSXML 4.0
2011-03-14 11:50:45	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\Apple Computer
2011-03-14 11:48:54	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\Apple
2011-03-14 11:33:19	--------	d-----w-	C:\Program Files (x86)\Common Files\Macrovision Shared
2011-03-14 07:59:30	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{C0D09933-11E3-4E9C-ADDE-3D045DDDE821}
2011-03-13 19:21:52	--------	d-----w-	C:\PROGRA~3\regid.1986-12.com.adobe
2011-03-13 19:02:29	--------	d-----w-	C:\Windows\System32\SPReview
2011-03-13 19:01:53	--------	d-----w-	C:\Windows\System32\EventProviders
2011-03-13 14:13:41	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\Serif
2011-03-13 14:13:40	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Roaming\Serif
2011-03-13 12:34:40	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Roaming\Unity
2011-03-13 12:33:53	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Roaming\PACE Anti-Piracy
2011-03-13 12:33:53	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\PACE Anti-Piracy
2011-03-13 12:33:53	--------	d-----w-	C:\Program Files (x86)\Common Files\PACE Anti-Piracy
2011-03-13 12:33:53	--------	d-----w-	C:\PROGRA~3\PACE Anti-Piracy
2011-03-13 12:25:22	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\Unity
2011-03-13 12:19:46	--------	d-----w-	C:\Program Files (x86)\Unity
2011-03-13 11:24:17	--------	d-----w-	C:\Program Files (x86)\Fraps
2011-03-13 11:15:48	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\Sony
2011-03-13 11:08:17	--------	d-----w-	C:\Program Files\Sony
2011-03-13 11:08:17	--------	d-----w-	C:\Program Files (x86)\Sony
2011-03-13 09:54:56	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{69B3A67C-A939-42DF-BE75-0A115D58659E}
2011-03-12 11:49:03	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{F9B30348-0FCB-4096-807A-101616C8E0AE}
2011-03-12 11:30:23	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{CFD6FFE2-7518-4AB9-B937-AF68AF6BDC68}
2011-03-11 17:51:21	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\PCSX2
2011-03-11 17:50:43	--------	d-----w-	C:\Program Files (x86)\PCSX2 0.9.7
2011-03-11 12:42:22	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Roaming\Mipony
2011-03-11 12:42:06	--------	d-----w-	C:\Program Files (x86)\MiPony
2011-03-11 12:19:18	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Roaming\DMCache
2011-03-11 11:06:38	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{03CDF9CC-D972-47D5-A5CF-76B36D4494D6}
2011-03-10 21:50:00	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{82FF04DB-ECBA-4F09-87BD-2EDF2E976EBD}
2011-03-10 08:55:36	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{0A615E22-CC61-43A5-ADFB-31D8DD29FED7}
2011-03-10 08:55:36	--------	d-----w-	C:\Users\JOHNS~1.WAL\AppData\Local\{04B6E114-8A1C-4943-9947-7DD151FCAFB1}
.
==================== Find3M  ====================
.
2011-03-26 08:22:56	419840	----a-w-	C:\Windows\System32\systemcpl.dll
2011-03-26 08:22:56	14848	----a-w-	C:\Windows\System32\slwga.dll
2011-03-26 08:22:56	13824	----a-w-	C:\Windows\SysWow64\slwga.dll
2011-03-14 07:41:19	175104	----a-w-	C:\Windows\System32\msclmd.dll
2011-03-14 07:41:19	152064	----a-w-	C:\Windows\SysWow64\msclmd.dll
2011-03-06 21:21:24	0	----a-w-	C:\Windows\ativpsrm.bin
2011-02-19 06:37:44	1135104	----a-w-	C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10	1540608	----a-w-	C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49	902656	----a-w-	C:\Windows\System32\d2d1.dll
2011-02-19 05:32:48	1074176	----a-w-	C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35	739840	----a-w-	C:\Windows\SysWow64\d2d1.dll
2011-02-16 14:11:08	107552	----a-w-	C:\Windows\System32\RTNUninst64.dll
2011-02-10 13:00:20	86016	----a-w-	C:\Windows\SysWow64\frapsvid.dll
2011-02-10 13:00:18	84992	----a-w-	C:\Windows\System32\frapsv64.dll
2011-02-09 12:26:50	26712	----a-w-	C:\Windows\System32\drivers\johci.sys
2011-02-02 16:11:20	270720	------w-	C:\Windows\System32\MpSigStub.exe
2011-01-31 14:04:40	174168	----a-w-	C:\Windows\System32\drivers\jmcr.sys
2011-01-26 23:37:20	9085952	----a-w-	C:\Windows\System32\drivers\atikmdag.sys
2011-01-26 23:22:18	22295040	----a-w-	C:\Windows\System32\atio6axx.dll
2011-01-26 23:00:44	143360	----a-w-	C:\Windows\System32\atiapfxx.exe
2011-01-26 23:00:30	596480	----a-w-	C:\Windows\SysWow64\aticfx32.dll
2011-01-26 22:59:46	17204736	----a-w-	C:\Windows\SysWow64\atioglxx.dll
2011-01-26 22:59:10	708608	----a-w-	C:\Windows\System32\aticfx64.dll
2011-01-26 22:56:30	462848	----a-w-	C:\Windows\System32\ATIDEMGX.dll
2011-01-26 22:56:14	479232	----a-w-	C:\Windows\System32\atieclxx.exe
2011-01-26 22:55:36	203776	----a-w-	C:\Windows\System32\atiesrxx.exe
2011-01-26 22:54:20	120320	----a-w-	C:\Windows\System32\atitmm64.dll
2011-01-26 22:54:00	423424	----a-w-	C:\Windows\System32\atipdl64.dll
2011-01-26 22:53:54	356352	----a-w-	C:\Windows\SysWow64\atipdlxx.dll
2011-01-26 22:53:42	278528	----a-w-	C:\Windows\SysWow64\Oemdspif.dll
2011-01-26 22:53:36	16384	----a-w-	C:\Windows\System32\atimuixx.dll
2011-01-26 22:53:32	59392	----a-w-	C:\Windows\System32\atiedu64.dll
2011-01-26 22:53:26	43520	----a-w-	C:\Windows\SysWow64\ati2edxx.dll
2011-01-26 22:49:44	4105728	----a-w-	C:\Windows\SysWow64\atidxx32.dll
2011-01-26 22:40:02	4847616	----a-w-	C:\Windows\System32\atidxx64.dll
2011-01-26 22:32:46	1208320	----a-w-	C:\Windows\System32\atiumd6v.dll
2011-01-26 22:32:12	1912832	----a-w-	C:\Windows\SysWow64\atiumdmv.dll
2011-01-26 22:32:00	3222016	----a-w-	C:\Windows\System32\atiumd6a.dll
2011-01-26 22:28:52	4170752	----a-w-	C:\Windows\SysWow64\atiumdag.dll
2011-01-26 22:27:52	51200	----a-w-	C:\Windows\System32\aticalrt64.dll
2011-01-26 22:27:50	46080	----a-w-	C:\Windows\SysWow64\aticalrt.dll
2011-01-26 22:27:42	44544	----a-w-	C:\Windows\System32\aticalcl64.dll
2011-01-26 22:27:40	44032	----a-w-	C:\Windows\SysWow64\aticalcl.dll
2011-01-26 22:27:30	6982144	----a-w-	C:\Windows\System32\aticaldd64.dll
2011-01-26 22:25:50	5580800	----a-w-	C:\Windows\SysWow64\aticaldd.dll
2011-01-26 22:24:18	3463680	----a-w-	C:\Windows\SysWow64\atiumdva.dll
2011-01-26 22:21:58	5316096	----a-w-	C:\Windows\System32\atiumd64.dll
2011-01-26 22:20:46	58880	----a-w-	C:\Windows\System32\coinst.dll
2011-01-26 22:14:14	354304	----a-w-	C:\Windows\System32\atiadlxx.dll
2011-01-26 22:14:08	249856	----a-w-	C:\Windows\SysWow64\atiadlxy.dll
2011-01-26 22:13:56	14848	----a-w-	C:\Windows\System32\atig6pxx.dll
2011-01-26 22:13:52	12800	----a-w-	C:\Windows\SysWow64\atiglpxx.dll
2011-01-26 22:13:52	12800	----a-w-	C:\Windows\System32\atiglpxx.dll
2011-01-26 22:13:50	39936	----a-w-	C:\Windows\System32\atig6txx.dll
2011-01-26 22:13:42	32768	----a-w-	C:\Windows\SysWow64\atigktxx.dll
2011-01-26 22:13:32	299520	----a-w-	C:\Windows\System32\drivers\atikmpag.sys
2011-01-26 22:12:46	39936	----a-w-	C:\Windows\System32\atiuxp64.dll
2011-01-26 22:12:40	30720	----a-w-	C:\Windows\SysWow64\atiuxpag.dll
2011-01-26 22:12:32	38400	----a-w-	C:\Windows\System32\atiu9p64.dll
2011-01-26 22:12:24	28672	----a-w-	C:\Windows\SysWow64\atiu9pag.dll
2011-01-26 22:11:46	53248	----a-w-	C:\Windows\System32\drivers\ati2erec.dll
2011-01-26 22:08:46	53760	----a-w-	C:\Windows\System32\atimpc64.dll
2011-01-26 22:08:46	53760	----a-w-	C:\Windows\System32\amdpcom64.dll
2011-01-26 22:08:40	52736	----a-w-	C:\Windows\SysWow64\atimpc32.dll
2011-01-26 22:08:40	52736	----a-w-	C:\Windows\SysWow64\amdpcom32.dll
2011-01-26 06:53:10	982912	----a-w-	C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10	265088	----a-w-	C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20	144384	----a-w-	C:\Windows\System32\cdd.dll
2010-11-18 19:27:34	162816	----a-w-	C:\Program Files (x86)\7z.sfx
2010-11-18 19:27:34	152064	----a-w-	C:\Program Files (x86)\7zCon.sfx
2010-11-18 19:24:20	1422336	----a-w-	C:\Program Files (x86)\7z.dll
2010-11-18 19:11:38	387072	----a-w-	C:\Program Files (x86)\7zG.exe
2010-11-18 19:10:48	740352	----a-w-	C:\Program Files (x86)\7zFM.exe
2010-11-18 19:08:50	86016	----a-w-	C:\Program Files (x86)\7-zip.dll
2010-11-18 19:08:30	284160	----a-w-	C:\Program Files (x86)\7z.exe
.
============= FINISH: 22:37:02,70 ===============

DDS.SCR Attach Log File
.
==== Installed Programs ======================
.
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Community Help
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5
Adobe Reader X (10.0.1)
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
µTorrent
Bandisoft MPEG-1 Decoder
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help English
CleanMyPC - Registry Cleaner
Collectorz.com Movie Collector
Crystal Reports 2008 Runtime SP1
D3DX10
Driver Genius Professional Edition
FlashFXP v4.0
Fraps (remove only)
GOM Player
Google Chrome
JMicron 1394 Filter Driver
JMicron Flash Media Controller Driver
Junk Mail filter update
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Merit Aktiva
Mesh Runtime
Messenger Companion
Messengeri kaaslane
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MiPony 1.2.2
Mozilla Firefox (3.6.16)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
Opera 11.01
PCSX2 - Playstation 2 Emulator
PDF Settings CS5
Photoshop Camera Raw
Pixel Bender Toolkit
Python 2.7.1
QuickTime
RapidShare Manager 2
Realtek Ethernet Controller Driver
Realtek HDMI Audio Driver for ATI
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.1
Suite Shared Configuration CS4
Total Commander (Remove or Repair)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
uTorrentBar Toolbar
Veoh Web Player
Winamp
Winamp Detector Plug-in
Windows Live'i fotogalerii
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX-i juhtelement kaugühendustele
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.00
WinZip 15.0
VLC media player 1.1.7
.
==== End Of File ===========================

As far as the GMER is considered then when I open it, I can only choose Services, Registry, Files, C:\ and ADS from the Rootkit/Malware category. Other options are closed - meaning that, I cannot (un)tick them, therefore I cannot scan all the required parts.

When scanning with GMER only one thing appears. I cannot save a log file or anything, but I can copy the result:
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-08 22:46:09
Windows 6.1.7600  
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg  HKCU\Software\Microsoft\Windows Live\Companion\viljarlumi@hotmail.com@e5150aaeac670cbbe758da4fd480526e\r\n  0x74 0xCF 0x7F 0x45 ...

I have taken some steps to fix my problem, but I really do not what information could be helpful to you. All what I have done can be seen in this forum - http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/356758 I suppose when experts from this forum read that thread, they understand it better than I could explain.

I'll be happy to give you any extra information. I hope you guys can help me.

Kind regards,
Viljar Lumi

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:51 PM

Posted 15 April 2011 - 01:48 PM

Hi, and sorry for the delay.

I see you have also run Combofix. Please post me the log at c:\combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:51 PM

Posted 21 April 2011 - 01:22 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users