Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help - Cycbot infection found


  • This topic is locked This topic is locked
8 replies to this topic

#1 OhCrud

OhCrud

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 06 January 2012 - 12:27 AM

Hi folks, I'm reposting my problem here as per Broni's request (sorry, new here, didn't know it should go here)

Microsoft Security Essentials picked up a few cycbot.B and cycbot.G infections over the last 3 days, as well as Fareit.gen!C, Iframe.AC, and Fareit the day before. I also noticed a few .exe's named things like 69A.exe and AAE.exe in the running Processes when MSE first notified me of the Cycbot infections; MSE took care of them a bit later.

I ran a full scan on MSE last night but this morning a few new infections were found, and my browsers' proxy settings were tampered with. I'm assuming the infection occurred 3 days ago or so, when I connected to an unsecured wireless network, but I'm not sure (Is there a way to figure out when the infection actually occurred?)

I'm running Windows 7 Home Premium 64-bit, firewalled with Windows Firewall. I often use Chrome and Firefox. I ran a full scan with MSE last night but new ones popped up again this morning. Running a new scan as we speak, and downloading HijackThis.

Can someone help me figure out what next steps I should take? This is my personal laptop and I have personal info of all kinds on here. I've just changed my passwords to my email and banking sites (using a diff. computer - my wife's Mac - but it's on the same home network), and I'd like to avoid doing a complete re-format as I've never done it before and it seems v. time-consuming, but if I have to in order to keep using this computer I'm willing to do so.

Also, should I back up my files now, or would backing them up just infect whatever else I use? I can burn to DVDs or to an external HD, but that external HD has all my other backups on it (unfortunately a few months old). If I can, will Windows 7's backup tool do the trick?

Thanks for your help. Could really use some suggestions on what next steps to take.
*A


OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Genuine Intel® CPU U2300 @ 1.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3998 Mb
Graphics Card: Mobile Intel® 4 Series Express Chipset Family, 1807 Mb
Hard Drives: C: Total - 140236 MB, Free - 8591 MB;
Motherboard: Acer, Base Board Product Name
Antivirus: Microsoft Security Essentials, Updated and Enabled

Also, my brwosers' proxy settings changed (just this morning, happened right after MSE quarantined a cycbot infection), but I changed the proxy settings back.

Also, I looked through my computer's event logs, and found that the last time I performed a full scan using MSE was on December 7 (approx. one month ago), but MSE has been constantly updating and has been on the whole time. It makes some sense to me that the infections began two days ago, as I had just connected to an unsecured network that day, I believe. Is it a fairly safe bet that MSE caught these as they were happening and thus I probably don't need to cancel my credit cards and all that?

Thanks in advance for any help you can provide, and any suggestions on what steps I should take to protect my personal info and my computer.


As per Broni's request, here is the DDS log (didn't do GMER since i'm running 64-bit Windows 7 Home Premium)


.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion:

1.6.0_26
Run by arnie at 21:14:15 on 2012-01-05
Microsoft Windows 7 Home Premium

6.1.7601.1.1252.1.1033.18.3999.2020 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43

-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7

-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-

9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware

\MsMpEng.exe
C:\Windows\System32\svchost.exe -k

LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k

LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k

LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\EgisTec\MyWinLocker

3\x86\MWLService.exe
C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live

\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live

\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager

\IAANTMon.exe
c:\Program Files\Microsoft Security Client\Antimalware

\NisSrv.exe
C:\Windows\system32\svchost.exe -k

NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager

\IAAnotif.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\ZuneLauncher.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Launch Manager\LManager.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\EgisTec Egis Software Update

\EgisUpdate.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Google\Google Desktop Search

\GoogleDesktop.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Google\Google Desktop Search

\GoogleDesktop.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility

\CNMNSUT.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Common Files\Java\Java Update

\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\User Data\Default

\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.8.2.0_0\plugin

\ClickClean.exe
C:\Windows\system32\taskhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mail.google.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?

b=ACAW&l=0409&m=aspire_1410&r=273610093416l0363z1m5w47k1r87s
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?

b=ACAW&l=0409&m=aspire_1410&r=273610093416l0363z1m5w47k1r87s
mStart Page = hxxp://homepage.acer.com/rdr.aspx?

b=ACAW&l=0409&m=aspire_1410&r=273610093416l0363z1m5w47k1r87s
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:56182
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-

fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-

a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX

\ewpexbho.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-

8ecc-5164760863c6} - C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

"C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-

9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin

\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-

4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX

\ewpexhlp.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:

\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-

1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX

\ewpexhlp.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Google Update] "C:\Users\arnie\AppData\Local\Google

\Update\GoogleUpdate.exe" /c
uRun: [SandboxieControl] "C:\Program Files\Sandboxie

\SbieCtrl.exe"
uRun: [8EA5DC038E5DF8EDCEF1038BDEFC4FB89F05D748._service_run]

"C:\Users\arnie\AppData\Local\Google\Chrome\Application

\chrome.exe" --type=service
uRun: [ShowBatteryBar] "C:\Program Files\BatteryBar

\ShowBatteryBar.exe" show
mRun: [LManager] C:\Program Files (x86)\Launch Manager

\LManager.exe
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink

\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files

(x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis

Software Update\EgisUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files

(x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer

Assist\launcher.exe
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google

\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe

\ARM\1.0\AdobeARM.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go

\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink

\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files

(x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE

\CyberLink\Power2Go\6.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink

\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files

(x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software

\CyberLink\PowerStarter"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon

\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common

Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime

\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple

\Apple Application Support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files

(x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\arnie\AppData\Roaming

\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:

\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs

\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM

\AcerVCM.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs

\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint

\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:

\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-

47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live

\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-

4330-914C-F5F514E3486C} - C:

\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-

4E2E-BF3B-96E929D65503} - C:

\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-

i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-

i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-

i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-

i586.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-2074BFCD5D60} :

DhcpNameServer = 10.0.1.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-

2074BFCD5D60}\16474777966696 : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-

2074BFCD5D60}\2456C6B696E6F574F575962756C6563737F5 :

DhcpNameServer = 192.168.2.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-

2074BFCD5D60}\2656C6B696E6534376 : DhcpNameServer =

192.168.2.1 192.168.1.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-

2074BFCD5D60}\44F62796F60275962756C656373702E4564777F627B6 :

DhcpNameServer = 192.168.2.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-

2074BFCD5D60}\4556160234861696024556 : DhcpNameServer =

192.168.0.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-

2074BFCD5D60}\679667163656 : DhcpNameServer = 192.168.0.1

216.151.4.3
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-

2074BFCD5D60}\B4149514 : DhcpNameServer = 192.168.2.1

192.168.2.1 76.14.0.9 76.14.0.8
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:

\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-

FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-

BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-

WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-

8ECC-5164760863C6} - C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-

03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar

\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-

BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin

\jp2ssv.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-

4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX

\ewpexhlp.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

"C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager

\LManager.exe
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink

\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files

(x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec

Egis Software Update\EgisUpdate.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files

(x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer

\Acer Assist\launcher.exe
mRun-x64: [Google Desktop Search] "C:\Program Files

(x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files

\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink

\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files

(x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:

\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce

"SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files

(x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:

\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce

"Software\CyberLink\PowerStarter"
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon

\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common

Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime

\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files

\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files

(x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\arnie\AppData\Roaming\Mozilla

\Firefox\Profiles\uhlrqdqd.default\
FF - prefs.js: browser.startup.homepage -

hxxps://mail.google.com/mail/?shva=1#inbox|

https://www.google.com/finance/portfolio|

http://www.google.com/calendar/render?pli=1|

http://www.google.com/ig|facebook.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader

\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX

\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth

\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update

\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update

\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update

\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update

\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update

\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update

\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update

\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update

\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin

\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight

\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live

\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins

\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins

\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins

\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo

Gallery\NPWLPG.dll
FF - plugin: C:\Users\arnie\AppData\Local\Google\Update

\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\arnie\AppData\LocalLow\Unity\WebPlayer

\loader\npUnity3D32.dll
FF - plugin: C:\Users\arnie\AppData\Roaming\Mozilla\plugins

\npgoogletalk.dll
FF - plugin: C:\Users\arnie\AppData\Roaming\Mozilla\plugins

\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows

\system32\DRIVERS\MpFilter.sys --> C:\Windows

\system32\DRIVERS\MpFilter.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS

\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS

\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS

\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS

\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS

\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS

\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows

\system32\DRIVERS\vwififlt.sys --> C:\Windows

\system32\DRIVERS\vwififlt.sys [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer

ePower Management\ePowerSvc.exe [2009-8-20 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer

\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 MBAMService;MBAMService;C:\Program Files

(x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-5

652872]
R2 MWLService;MyWinLocker Service;C:\Program Files

(x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-6

311592]
R2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer

\Acer VCM\RS_Service.exe [2009-8-20 253952]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer

Updater\UpdaterService.exe [2009-8-20 240160]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:

\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows

\system32\drivers\IntcHdmi.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E

Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys

--> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows

\system32\drivers\mbam.sys --> C:\Windows\system32\drivers

\mbam.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter

Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS

\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows

\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows

\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files

\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27

288272]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys

[2011-6-17 154752]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows

\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS

\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework

NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework

NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files

(x86)\Google\Update\GoogleUpdate.exe [2010-6-5 136176]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers

\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files

(x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-15 183560]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager

5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop

Search\GoogleDesktop.exe [2009-11-4 30192]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files

(x86)\Google\Update\GoogleUpdate.exe [2010-6-5 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:

\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows

\system32\DRIVERS\MpNWMon.sys [?]
S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter

Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS

\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter

Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS

\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows

\system32\drivers\nmwcdx64.sys --> C:\Windows

\system32\drivers\nmwcdx64.sys [?]
S3 RDPDISPM;RDPDISPM;C:\Windows\system32\DRIVERS\rdpdispm.sys

--> C:\Windows\system32\DRIVERS\rdpdispm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys

--> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:

\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows

\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows

\system32\DRIVERS\wdcsam64.sys --> C:\Windows

\system32\DRIVERS\wdcsam64.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:

\Program Files (x86)\WMZuneComm.exe [2011-8-5 306400]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows

\system32\DRIVERS\WSDPrint.sys --> C:\Windows

\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows

\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS

\WSDScan.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:

\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22

57184]
.
=============== Created Last 30 ================
.
2012-01-06 05:09:21 69000 ----a-w- C:

\ProgramData\Microsoft\Microsoft Antimalware\Definition

Updates\{542339A2-9E18-4F34-8B01-98AC64912260}\offreg.dll
2012-01-05 20:36:21 -------- d-----w- C:

\Users\arnie\AppData\Roaming\Malwarebytes
2012-01-05 20:36:08 -------- d-----w- C:

\ProgramData\Malwarebytes
2012-01-05 20:36:03 23152 ----a-w- C:\Windows

\System32\drivers\mbam.sys
2012-01-05 20:36:03 -------- d-----w- C:

\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-05 20:23:08 8822856 ----a-w- C:

\ProgramData\Microsoft\Microsoft Antimalware\Definition

Updates\{542339A2-9E18-4F34-8B01-98AC64912260}\mpengine.dll
2012-01-03 13:26:32 -------- d-----w- C:

\Program Files (x86)\LP
2012-01-03 05:01:26 -------- d-----w- C:

\Users\arnie\AppData\Roaming\5EC1C
2012-01-03 05:01:16 -------- d-----w- C:

\Users\arnie\AppData\Roaming\F475E
2011-12-21 05:55:29 -------- d-----w- C:

\Users\arnie\AppData\Local\HerraizSoto
2011-12-21 05:50:45 -------- d-----w- C:

\Program Files (x86)\HerraizSoto
.
==================== Find3M ====================
.
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows

\System32\win32k.sys
2011-11-23 00:25:06 414368 ----a-w- C:\Windows

\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows

\System32\wininet.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows

\System32\tzres.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows

\SysWow64\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows

\SysWow64\tzres.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows

\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows

\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\Windows

\System32\csrsrv.dll
2011-10-24 22:29:02 94208 ----a-w- C:\Windows

\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29:02 69632 ----a-w- C:\Windows

\SysWow64\QuickTime.qts
2011-10-15 06:31:56 723456 ----a-w- C:\Windows

\System32\EncDec.dll
2011-10-15 05:38:59 534528 ----a-w- C:\Windows

\SysWow64\EncDec.dll
2011-08-05 20:56:34 645856 ----a-w- C:\Program

Files (x86)\UIX.renderapi.dll
2011-08-05 20:56:34 1530592 ----a-w- C:\Program

Files (x86)\UIX.dll
2011-08-05 20:56:34 1288928 ----a-w- C:\Program

Files (x86)\UIXcontrols.dll
2011-08-05 20:56:34 1272544 ----a-w- C:\Program

Files (x86)\ZuneShell.dll
2011-08-05 20:56:34 1175264 ----a-w- C:\Program

Files (x86)\ZuneDBApi.dll
2011-08-05 20:31:32 182784 ----a-w- C:\Program

Files (x86)\l3codecp.acm
2011-06-06 21:48:50 856576 ----a-w- C:\Program

Files (x86)\msvcp90.dll
2011-06-06 21:48:50 626688 ----a-w- C:\Program

Files (x86)\msvcr90.dll
2011-06-06 21:48:50 245760 ----a-w- C:\Program

Files (x86)\msvcm90.dll
2007-10-02 22:12:44 1642568 ----a-w- C:\Program

Files (x86)\msidcrl40.dll
.
============= FINISH: 21:16:40.02 ===============

I also saw this thread, and since my problem looks similar, I've followed Nasdaq's suggestions as far as they go (unfortunately the thread is unresolved).

Just ran a new MSE full scan before doing Defogger, restarting, and running the DDS log you see in the previous post. However, earlier today I ran a MBAM quick scan (MBAM log 1 below), and I just ran it again (log 2 below; it seems reassuring! yes?). I've kept MSE running real-time protection this whole time.

Thanks in advance for your help!


MBAM log 1 (earlier today)

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.05.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
arnie :: ARNIEFUL [administrator]

Protection: Enabled

1/5/2012 12:47:16 PM
mbam-log-2012-01-05 (12-47-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 178216
Time elapsed: 7 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\arnie\AppData\Local\Temp\ICReinstall\cnet_PangoBright_exe.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.

(end)





MBAM log 2 (just did now)

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.05.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
arnie :: ARNIEFUL [administrator]

Protection: Enabled

1/5/2012 9:37:08 PM
mbam-log-2012-01-05 (21-37-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 178745
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I'm realizing this may be silly, but I just want to make sure the timeline is clear in case it has any bearing on the issue. Since I began worrying about these infections this morning, I have done:

-MSE full scan (picked up additional cycbots and clearned suspicious .exe files from running processes)
-DDS
-MBAM quick scan running concurrently with new MSE full scan (I aborted the MSE b/c it was taking too long, but MSE picked up a new cycbot.G while MBAM quick scan was still running). MBAM picked up this:
C:\Users\arnie\AppData\Local\Temp\ICReinstall\cnet_PangoBright_exe.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.
-new MSE full scan (clean! yay!...?)
-defogger + restart
-DDS
-MBAM

hope running multiple scans doesn't mess things up...

Edited by boopme, 06 January 2012 - 01:57 PM.
Merged 4 posts..


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 AM

Posted 12 January 2012 - 12:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/436548 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 OhCrud

OhCrud
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 12 January 2012 - 08:44 PM

I still need help - I'm ready if necessary to reformat. None of my information has been compromised as far as I can tell, and I've changed all my passwords. I have my factory-reset CDs and a recovery CD, but I do not have my original Windows 7 cd/dvd (came pre-installed).

Also, I noticed that when I tried to use uTorrent in the last few days, MSE picked up a cycbot, but didn't before or since.


My DDS log is below.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by arnie at 17:36:47 on 2012-01-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.1591 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\ZuneLauncher.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Launch Manager\LManager.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskhost.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.8.2.0_0\plugin\ClickClean.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files (x86)\ZuneWlanCfgSvc.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2656351-x64.exe
c:\71d0d66b4a32ae9603f9\Setup.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mail.google.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1410&r=273610093416l0363z1m5w47k1r87s
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1410&r=273610093416l0363z1m5w47k1r87s
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1410&r=273610093416l0363z1m5w47k1r87s
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:56182
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Google Update] "C:\Users\arnie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [8EA5DC038E5DF8EDCEF1038BDEFC4FB89F05D748._service_run] "C:\Users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\arnie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-2074BFCD5D60} : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-2074BFCD5D60}\2456C6B696E6F574F575962756C6563737F5 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-2074BFCD5D60}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-2074BFCD5D60}\44F62796F60275962756C656373702E4564777F627B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-2074BFCD5D60}\4556160234861696024556 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{68BDEB1C-49F1-4369-A2C8-2074BFCD5D60}\B4149514 : DhcpNameServer = 192.168.2.1 192.168.2.1 76.14.0.9 76.14.0.8
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\arnie\AppData\Roaming\Mozilla\Firefox\Profiles\uhlrqdqd.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox|https://www.google.com/finance/portfolio|http://www.google.com/calendar/render?pli=1|http://www.google.com/ig|facebook.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\arnie\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\arnie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\arnie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\arnie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-8-20 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-5 652872]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-6 311592]
R2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2009-8-20 253952]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-20 240160]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-6-17 154752]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-5 136176]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-15 183560]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-4 30192]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-5 136176]
S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\nmwcdx64.sys --> C:\Windows\system32\drivers\nmwcdx64.sys [?]
S3 RDPDISPM;RDPDISPM;C:\Windows\system32\DRIVERS\rdpdispm.sys --> C:\Windows\system32\DRIVERS\rdpdispm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files (x86)\WMZuneComm.exe [2011-8-5 306400]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-13 01:36:39 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{44F7A5B2-242D-407D-BF06-355D7579CD2B}\offreg.dll
2012-01-13 01:36:31 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{44F7A5B2-242D-407D-BF06-355D7579CD2B}\mpengine.dll
2012-01-13 01:34:28 -------- d-----w- C:\71d0d66b4a32ae9603f9
2012-01-11 06:20:30 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 06:20:29 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-10 05:32:18 -------- d-----w- C:\Program Files (x86)\Magical Jelly Bean
2012-01-05 20:36:21 -------- d-----w- C:\Users\arnie\AppData\Roaming\Malwarebytes
2012-01-05 20:36:08 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-05 20:36:03 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-05 20:36:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-03 13:26:32 -------- d-----w- C:\Program Files (x86)\LP
2012-01-03 05:01:26 -------- d-----w- C:\Users\arnie\AppData\Roaming\5EC1C
2012-01-03 05:01:16 -------- d-----w- C:\Users\arnie\AppData\Roaming\F475E
2011-12-21 05:55:29 -------- d-----w- C:\Users\arnie\AppData\Local\HerraizSoto
2011-12-21 05:50:45 -------- d-----w- C:\Program Files (x86)\HerraizSoto
.
==================== Find3M ====================
.
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-23 00:25:06 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-24 22:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-15 06:31:56 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-08-05 20:56:34 645856 ----a-w- C:\Program Files (x86)\UIX.renderapi.dll
2011-08-05 20:56:34 1530592 ----a-w- C:\Program Files (x86)\UIX.dll
2011-08-05 20:56:34 1288928 ----a-w- C:\Program Files (x86)\UIXcontrols.dll
2011-08-05 20:56:34 1272544 ----a-w- C:\Program Files (x86)\ZuneShell.dll
2011-08-05 20:56:34 1175264 ----a-w- C:\Program Files (x86)\ZuneDBApi.dll
2011-08-05 20:31:32 182784 ----a-w- C:\Program Files (x86)\l3codecp.acm
2011-06-06 21:48:50 856576 ----a-w- C:\Program Files (x86)\msvcp90.dll
2011-06-06 21:48:50 626688 ----a-w- C:\Program Files (x86)\msvcr90.dll
2011-06-06 21:48:50 245760 ----a-w- C:\Program Files (x86)\msvcm90.dll
2007-10-02 22:12:44 1642568 ----a-w- C:\Program Files (x86)\msidcrl40.dll
.
============= FINISH: 17:40:02.31 ===============

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 AM

Posted 13 January 2012 - 09:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

This proxy setting looks suspicious.

uInternet Settings,ProxyServer = http=127.0.0.1:56182

Did you set this up?
Ask your internet Provider is you need it.

If not needed remove it.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:56182 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#5 OhCrud

OhCrud
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 13 January 2012 - 09:50 PM

Hi Nasdaq,

Thanks for your help - I really appreciate it. I followed the instructions you gave me, and turned off my wireless connection, MBAM, MSE real-time protection, and even windows firewall. However, combofix kept saying that MSE was still active (even though MSE itself was red and said real-time protection was off). I went ahead and let combofix run anyway, and it took a while, and then restarted the computer, but then I couldn't run any programs or use any of my desktop shortcuts (kept saying something about missing/unavailable registry keys). I couldn't even turn MSE back on, IE explorer, firefox, securitycheck, whatever wouldn't execute when I 2x clicked their icons.

I decided to do a system restore, and try combofix over again. I did, and same thing happened, so I did a system restore again. I've pasted the combofix log from the first time here, and attached the second time's log.

Please let me know what you think I should do. at this point I'm ready to just reset to factory. On the bright side, the proxy settings didn't come back.\

As to security check, I'm not sure this is what you intended, but I've posted it's results at the end (I ran security check after after running combofix and system restore-ing twice).


ComboFix 12-01-13.05 - arnie 01/13/2012 16:44:57.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2648 [GMT -8:00]
Running from: c:\users\arnie\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\background.jpg
c:\program files (x86)\LP
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Files Created from 2011-12-14 to 2012-01-14 )))))))))))))))))))))))))))))))
.
.
2012-01-14 01:06 . 2012-01-14 01:06 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FCE958B-CA5C-40B5-B6BA-BE48BFCD885C}\offreg.dll
2012-01-14 01:04 . 2012-01-14 01:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-14 00:37 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FCE958B-CA5C-40B5-B6BA-BE48BFCD885C}\mpengine.dll
2012-01-13 07:05 . 2012-01-13 07:05 -------- d-----w- c:\program files (x86)\Black Market
2012-01-10 05:32 . 2012-01-10 05:32 -------- d-----w- c:\program files (x86)\Magical Jelly Bean
2012-01-05 20:36 . 2012-01-05 20:36 -------- d-----w- c:\users\arnie\AppData\Roaming\Malwarebytes
2012-01-05 20:36 . 2012-01-05 20:36 -------- d-----w- c:\programdata\Malwarebytes
2012-01-05 20:36 . 2012-01-05 20:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-05 20:36 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-03 05:01 . 2012-01-05 17:19 -------- d-----w- c:\users\arnie\AppData\Roaming\5EC1C
2012-01-03 05:01 . 2012-01-05 17:19 -------- d-----w- c:\users\arnie\AppData\Roaming\F475E
2011-12-21 05:55 . 2011-12-21 05:55 -------- d-----w- c:\users\arnie\AppData\Local\HerraizSoto
2011-12-21 05:50 . 2011-12-21 05:50 -------- d-----w- c:\program files (x86)\HerraizSoto
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 04:52 . 2011-12-14 21:21 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 00:25 . 2011-07-15 12:48 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-21 11:40 . 2009-12-22 05:41 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-05 05:41 . 2011-12-14 21:21 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-14 21:21 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 21:21 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-14 21:21 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-14 21:21 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-14 21:21 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-14 21:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-08-05 20:56 . 2011-08-05 20:56 645856 ----a-w- c:\program files (x86)\UIX.renderapi.dll
2011-08-05 20:56 . 2011-08-05 20:56 1530592 ----a-w- c:\program files (x86)\UIX.dll
2011-08-05 20:56 . 2011-08-05 20:56 1288928 ----a-w- c:\program files (x86)\UIXcontrols.dll
2011-08-05 20:56 . 2011-08-05 20:56 1272544 ----a-w- c:\program files (x86)\ZuneShell.dll
2011-08-05 20:56 . 2011-08-05 20:56 1175264 ----a-w- c:\program files (x86)\ZuneDBApi.dll
2011-08-05 20:53 . 2011-08-05 20:53 74464 ----a-w- c:\program files (x86)\ZuneShellExt.dll
2011-08-05 20:53 . 2011-08-05 20:53 507104 ----a-w- c:\program files (x86)\ZuneSP.dll
2011-08-05 20:53 . 2011-08-05 20:53 467680 ----a-w- c:\program files (x86)\ZuneWlanCfgSvc.exe
2011-08-05 20:53 . 2011-08-05 20:53 4020448 ----a-w- c:\program files (x86)\ZuneSetup.exe
2011-08-05 20:53 . 2011-08-05 20:53 366816 ----a-w- c:\program files (x86)\ZuneSrcWrp.dll
2011-08-05 20:53 . 2011-08-05 20:53 306400 ----a-w- c:\program files (x86)\WMZuneComm.exe
2011-08-05 20:53 . 2011-08-05 20:53 27872 ----a-w- c:\program files (x86)\WMZuneTCP2UDP.dll
2011-08-05 20:53 . 2011-08-05 20:53 21216 ----a-w- c:\program files (x86)\WMZuneDTPTDNS.dll
2011-08-05 20:53 . 2011-08-05 20:53 196832 ----a-w- c:\program files (x86)\ZuneZMDB.Mobile.dll
2011-08-05 20:53 . 2011-08-05 20:53 18656 ----a-w- c:\program files (x86)\WMZuneCommProxyStub.dll
2011-08-05 20:53 . 2011-08-05 20:53 17632 ----a-w- c:\program files (x86)\ZuneShare.exe
2011-08-05 20:53 . 2011-08-05 20:53 16921312 ----a-w- c:\program files (x86)\ZuneShellResources.dll
2011-08-05 20:53 . 2011-08-05 20:53 157920 ----a-w- c:\program files (x86)\ZuneZMDB.Library.dll
2011-08-05 20:53 . 2011-08-05 20:53 157408 ----a-w- c:\program files (x86)\ZuneZMDB.ZuneHD.dll
2011-08-05 20:53 . 2011-08-05 20:53 152288 ----a-w- c:\program files (x86)\ZuneZMDB.Classic.dll
2011-08-05 20:53 . 2011-08-05 20:53 100064 ----a-w- c:\program files (x86)\ZuneTaskbar.dll
2011-08-05 20:53 . 2011-08-05 20:53 916704 ----a-w- c:\program files (x86)\ZuneQP.dll
2011-08-05 20:53 . 2011-08-05 20:53 683744 ----a-w- c:\program files (x86)\ZuneSH.dll
2011-08-05 20:53 . 2011-08-05 20:53 514272 ----a-w- c:\program files (x86)\ZuneSE.dll
2011-08-05 20:53 . 2011-08-05 20:53 3889376 ----a-w- c:\program files (x86)\ZuneResources.dll
2011-08-05 20:53 . 2011-08-05 20:53 155872 ----a-w- c:\program files (x86)\ZuneSA.dll
2011-08-05 20:53 . 2011-08-05 20:53 1257184 ----a-w- c:\program files (x86)\ZuneService.dll
2011-08-05 20:53 . 2011-08-05 20:53 879328 ----a-w- c:\program files (x86)\ZuneMBR.dll
2011-08-05 20:53 . 2011-08-05 20:53 8277728 ----a-w- c:\program files (x86)\ZuneNss.exe
2011-08-05 20:53 . 2011-08-05 20:53 72928 ----a-w- c:\program files (x86)\ZuneDXVA2.dll
2011-08-05 20:53 . 2011-08-05 20:53 707808 ----a-w- c:\program files (x86)\ZUNEMP4SDECD.dll
2011-08-05 20:53 . 2011-08-05 20:53 61664 ----a-w- c:\program files (x86)\ZuneCfg.dll
2011-08-05 20:53 . 2011-08-05 20:53 56544 ----a-w- c:\program files (x86)\ZuneConfig.exe
2011-08-05 20:53 . 2011-08-05 20:53 38624 ----a-w- c:\program files (x86)\ZuneEnc.exe
2011-08-05 20:53 . 2011-08-05 20:53 376544 ----a-w- c:\program files (x86)\ZuneEvr.dll
2011-08-05 20:53 . 2011-08-05 20:53 35552 ----a-w- c:\program files (x86)\UIXsup.dll
2011-08-05 20:53 . 2011-08-05 20:53 347872 ----a-w- c:\program files (x86)\ZuneNssci.dll
2011-08-05 20:53 . 2011-08-05 20:53 223968 ----a-w- c:\program files (x86)\Zune.exe
2011-08-05 20:53 . 2011-08-05 20:53 218848 ----a-w- c:\program files (x86)\ZuneHost.exe
2011-08-05 20:53 . 2011-08-05 20:53 212192 ----a-w- c:\program files (x86)\ZuneDB.dll
2011-08-05 20:53 . 2011-08-05 20:53 2110176 ----a-w- c:\program files (x86)\ZuneEncEng.dll
2011-08-05 20:53 . 2011-08-05 20:53 20704 ----a-w- c:\program files (x86)\ZunePS.dll
2011-08-05 20:53 . 2011-08-05 20:53 1752288 ----a-w- c:\program files (x86)\UIXrender.dll
2011-08-05 20:53 . 2011-08-05 20:53 163552 ----a-w- c:\program files (x86)\ZuneLauncher.exe
2011-08-05 20:53 . 2011-08-05 20:53 1481440 ----a-w- c:\program files (x86)\ZuneCore.dll
2011-08-05 20:53 . 2011-08-05 20:53 131296 ----a-w- c:\program files (x86)\ZunePresenter.dll
2011-08-05 20:53 . 2011-08-05 20:53 129248 ----a-w- c:\program files (x86)\ZuneEffects.dll
2011-08-05 20:53 . 2011-08-05 20:53 121056 ----a-w- c:\program files (x86)\ZuneAACDec.dll
2011-08-05 20:53 . 2011-08-05 20:53 1184480 ----a-w- c:\program files (x86)\ZuneH264Dec.dll
2011-08-05 20:53 . 2011-08-05 20:53 1161440 ----a-w- c:\program files (x86)\ZuneMde.dll
2011-08-05 20:53 . 2011-08-05 20:53 1096928 ----a-w- c:\program files (x86)\ZuneMarketplaceResources.dll
2011-08-05 20:53 . 2011-08-05 20:53 10061536 ----a-w- c:\program files (x86)\ZuneNativeLib.dll
2011-08-05 20:31 . 2011-08-05 20:31 182784 ----a-w- c:\program files (x86)\l3codecp.acm
2011-06-06 21:48 . 2011-06-06 21:48 856576 ----a-w- c:\program files (x86)\msvcp90.dll
2011-06-06 21:48 . 2011-06-06 21:48 626688 ----a-w- c:\program files (x86)\msvcr90.dll
2011-06-06 21:48 . 2011-06-06 21:48 245760 ----a-w- c:\program files (x86)\msvcm90.dll
2007-10-02 22:12 . 2007-10-02 22:12 1642568 ----a-w- c:\program files (x86)\msidcrl40.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\arnie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\arnie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\arnie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-06-17 604432]
"8EA5DC038E5DF8EDCEF1038BDEFC4FB89F05D748._service_run"="c:\users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-01-05 1047024]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-17 825864]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-20 30192]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-01-06 210216]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-29 140640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
.
c:\users\arnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-8-20 708608]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-1 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-05 136176]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-15 183560]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-20 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-05 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys [x]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files (x86)\WMZuneComm.exe [2011-08-05 306400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-05 08:50]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-05 08:50]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-228029637-333984442-100353009-1001Core.job
- c:\users\arnie\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 17:44]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-228029637-333984442-100353009-1001UA.job
- c:\users\arnie\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 17:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\arnie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\arnie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\arnie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\arnie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-08-31 200704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-12 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-12 365592]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"Zune Launcher"="c:\program files (x86)\ZuneLauncher.exe" [2011-08-05 163552]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1410&r=273610093416l0363z1m5w47k1r87s
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\users\arnie\AppData\Roaming\Mozilla\Firefox\Profiles\uhlrqdqd.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox|https://www.google.com/finance/portfolio|http://www.google.com/calendar/render?pli=1|http://www.google.com/ig|facebook.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-01-13 17:13:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-14 01:13
.
Pre-Run: 9,759,809,536 bytes free
Post-Run: 10,045,116,416 bytes free
.
- - End Of File - - 89C21A40F11F85A0361C87BD87C141AC





Results of screen317's Security Check version 0.99.30
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 15
Java™ 6 Update 26
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox 8.0. Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

ah, also, I didn't set up that proxy server, but I deleted the settings and it hasn't come back. Thanks again Nasdaq, I really appreciate your help.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 AM

Posted 14 January 2012 - 09:48 AM

Open notepad and copy/paste the text in the quote box below into it:

DDS::
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File

ClearJavaCache::

DirLook::
c:\users\arnie\AppData\Roaming\5EC1C
c:\users\arnie\AppData\Roaming\F475E



Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.



Java™ 6 Update 15
Java™ 6 Update 26


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Please read this article and decide if you want to keep the Coupon plugins.
http://www.mydigitallife.info/remove-and-uninstall-coupons-couponbar-and-coupon-printer-plugin/
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll


Please post the ComboFix log and let me know what problem persists.

#7 OhCrud

OhCrud
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 15 January 2012 - 01:52 PM

Hi Nasdaq,

I ran combofix again by dragging the script .txt onto it, but again when it rebooted no programs would start when I double-clicked on them, so I did another system restore. Here's the combofix log.

Do you think I should use the recovery CDs to reset to factory settings?

*a


ComboFix 12-01-13.05 - arnie 01/15/2012 9:18.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2480 [GMT -8:00]
Running from: c:\users\arnie\Desktop\ComboFix.exe
Command switches used :: c:\users\arnie\Desktop\cfscript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Files Created from 2011-12-15 to 2012-01-15 )))))))))))))))))))))))))))))))
.
.
2012-01-15 17:36 . 2012-01-15 17:36 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7F819B0-40DA-40FF-A3FA-544AAAEF5D31}\offreg.dll
2012-01-15 17:35 . 2012-01-15 17:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-13 07:05 . 2012-01-13 07:05 -------- d-----w- c:\program files (x86)\Black Market
2012-01-10 05:32 . 2012-01-10 05:32 -------- d-----w- c:\program files (x86)\Magical Jelly Bean
2012-01-05 20:36 . 2012-01-05 20:36 -------- d-----w- c:\users\arnie\AppData\Roaming\Malwarebytes
2012-01-05 20:36 . 2012-01-05 20:36 -------- d-----w- c:\programdata\Malwarebytes
2012-01-05 20:36 . 2012-01-05 20:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-05 20:36 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-03 05:01 . 2012-01-05 17:19 -------- d-----w- c:\users\arnie\AppData\Roaming\5EC1C
2012-01-03 05:01 . 2012-01-05 17:19 -------- d-----w- c:\users\arnie\AppData\Roaming\F475E
2011-12-21 05:55 . 2011-12-21 05:55 -------- d-----w- c:\users\arnie\AppData\Local\HerraizSoto
2011-12-21 05:50 . 2011-12-21 05:50 -------- d-----w- c:\program files (x86)\HerraizSoto
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 04:52 . 2011-12-14 21:21 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 00:25 . 2011-07-15 12:48 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-21 11:40 . 2009-12-22 05:41 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-05 05:41 . 2011-12-14 21:21 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-14 21:21 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 21:21 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-14 21:21 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-14 21:21 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-14 21:21 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-14 21:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-08-05 20:56 . 2011-08-05 20:56 645856 ----a-w- c:\program files (x86)\UIX.renderapi.dll
2011-08-05 20:56 . 2011-08-05 20:56 1530592 ----a-w- c:\program files (x86)\UIX.dll
2011-08-05 20:56 . 2011-08-05 20:56 1288928 ----a-w- c:\program files (x86)\UIXcontrols.dll
2011-08-05 20:56 . 2011-08-05 20:56 1272544 ----a-w- c:\program files (x86)\ZuneShell.dll
2011-08-05 20:56 . 2011-08-05 20:56 1175264 ----a-w- c:\program files (x86)\ZuneDBApi.dll
2011-08-05 20:53 . 2011-08-05 20:53 74464 ----a-w- c:\program files (x86)\ZuneShellExt.dll
2011-08-05 20:53 . 2011-08-05 20:53 507104 ----a-w- c:\program files (x86)\ZuneSP.dll
2011-08-05 20:53 . 2011-08-05 20:53 467680 ----a-w- c:\program files (x86)\ZuneWlanCfgSvc.exe
2011-08-05 20:53 . 2011-08-05 20:53 4020448 ----a-w- c:\program files (x86)\ZuneSetup.exe
2011-08-05 20:53 . 2011-08-05 20:53 366816 ----a-w- c:\program files (x86)\ZuneSrcWrp.dll
2011-08-05 20:53 . 2011-08-05 20:53 306400 ----a-w- c:\program files (x86)\WMZuneComm.exe
2011-08-05 20:53 . 2011-08-05 20:53 27872 ----a-w- c:\program files (x86)\WMZuneTCP2UDP.dll
2011-08-05 20:53 . 2011-08-05 20:53 21216 ----a-w- c:\program files (x86)\WMZuneDTPTDNS.dll
2011-08-05 20:53 . 2011-08-05 20:53 196832 ----a-w- c:\program files (x86)\ZuneZMDB.Mobile.dll
2011-08-05 20:53 . 2011-08-05 20:53 18656 ----a-w- c:\program files (x86)\WMZuneCommProxyStub.dll
2011-08-05 20:53 . 2011-08-05 20:53 17632 ----a-w- c:\program files (x86)\ZuneShare.exe
2011-08-05 20:53 . 2011-08-05 20:53 16921312 ----a-w- c:\program files (x86)\ZuneShellResources.dll
2011-08-05 20:53 . 2011-08-05 20:53 157920 ----a-w- c:\program files (x86)\ZuneZMDB.Library.dll
2011-08-05 20:53 . 2011-08-05 20:53 157408 ----a-w- c:\program files (x86)\ZuneZMDB.ZuneHD.dll
2011-08-05 20:53 . 2011-08-05 20:53 152288 ----a-w- c:\program files (x86)\ZuneZMDB.Classic.dll
2011-08-05 20:53 . 2011-08-05 20:53 100064 ----a-w- c:\program files (x86)\ZuneTaskbar.dll
2011-08-05 20:53 . 2011-08-05 20:53 916704 ----a-w- c:\program files (x86)\ZuneQP.dll
2011-08-05 20:53 . 2011-08-05 20:53 683744 ----a-w- c:\program files (x86)\ZuneSH.dll
2011-08-05 20:53 . 2011-08-05 20:53 514272 ----a-w- c:\program files (x86)\ZuneSE.dll
2011-08-05 20:53 . 2011-08-05 20:53 3889376 ----a-w- c:\program files (x86)\ZuneResources.dll
2011-08-05 20:53 . 2011-08-05 20:53 155872 ----a-w- c:\program files (x86)\ZuneSA.dll
2011-08-05 20:53 . 2011-08-05 20:53 1257184 ----a-w- c:\program files (x86)\ZuneService.dll
2011-08-05 20:53 . 2011-08-05 20:53 879328 ----a-w- c:\program files (x86)\ZuneMBR.dll
2011-08-05 20:53 . 2011-08-05 20:53 8277728 ----a-w- c:\program files (x86)\ZuneNss.exe
2011-08-05 20:53 . 2011-08-05 20:53 72928 ----a-w- c:\program files (x86)\ZuneDXVA2.dll
2011-08-05 20:53 . 2011-08-05 20:53 707808 ----a-w- c:\program files (x86)\ZUNEMP4SDECD.dll
2011-08-05 20:53 . 2011-08-05 20:53 61664 ----a-w- c:\program files (x86)\ZuneCfg.dll
2011-08-05 20:53 . 2011-08-05 20:53 56544 ----a-w- c:\program files (x86)\ZuneConfig.exe
2011-08-05 20:53 . 2011-08-05 20:53 38624 ----a-w- c:\program files (x86)\ZuneEnc.exe
2011-08-05 20:53 . 2011-08-05 20:53 376544 ----a-w- c:\program files (x86)\ZuneEvr.dll
2011-08-05 20:53 . 2011-08-05 20:53 35552 ----a-w- c:\program files (x86)\UIXsup.dll
2011-08-05 20:53 . 2011-08-05 20:53 347872 ----a-w- c:\program files (x86)\ZuneNssci.dll
2011-08-05 20:53 . 2011-08-05 20:53 223968 ----a-w- c:\program files (x86)\Zune.exe
2011-08-05 20:53 . 2011-08-05 20:53 218848 ----a-w- c:\program files (x86)\ZuneHost.exe
2011-08-05 20:53 . 2011-08-05 20:53 212192 ----a-w- c:\program files (x86)\ZuneDB.dll
2011-08-05 20:53 . 2011-08-05 20:53 2110176 ----a-w- c:\program files (x86)\ZuneEncEng.dll
2011-08-05 20:53 . 2011-08-05 20:53 20704 ----a-w- c:\program files (x86)\ZunePS.dll
2011-08-05 20:53 . 2011-08-05 20:53 1752288 ----a-w- c:\program files (x86)\UIXrender.dll
2011-08-05 20:53 . 2011-08-05 20:53 163552 ----a-w- c:\program files (x86)\ZuneLauncher.exe
2011-08-05 20:53 . 2011-08-05 20:53 1481440 ----a-w- c:\program files (x86)\ZuneCore.dll
2011-08-05 20:53 . 2011-08-05 20:53 131296 ----a-w- c:\program files (x86)\ZunePresenter.dll
2011-08-05 20:53 . 2011-08-05 20:53 129248 ----a-w- c:\program files (x86)\ZuneEffects.dll
2011-08-05 20:53 . 2011-08-05 20:53 121056 ----a-w- c:\program files (x86)\ZuneAACDec.dll
2011-08-05 20:53 . 2011-08-05 20:53 1184480 ----a-w- c:\program files (x86)\ZuneH264Dec.dll
2011-08-05 20:53 . 2011-08-05 20:53 1161440 ----a-w- c:\program files (x86)\ZuneMde.dll
2011-08-05 20:53 . 2011-08-05 20:53 1096928 ----a-w- c:\program files (x86)\ZuneMarketplaceResources.dll
2011-08-05 20:53 . 2011-08-05 20:53 10061536 ----a-w- c:\program files (x86)\ZuneNativeLib.dll
2011-08-05 20:31 . 2011-08-05 20:31 182784 ----a-w- c:\program files (x86)\l3codecp.acm
2011-06-06 21:48 . 2011-06-06 21:48 856576 ----a-w- c:\program files (x86)\msvcp90.dll
2011-06-06 21:48 . 2011-06-06 21:48 626688 ----a-w- c:\program files (x86)\msvcr90.dll
2011-06-06 21:48 . 2011-06-06 21:48 245760 ----a-w- c:\program files (x86)\msvcm90.dll
2007-10-02 22:12 . 2007-10-02 22:12 1642568 ----a-w- c:\program files (x86)\msidcrl40.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\arnie\AppData\Roaming\5EC1C ----
.
.
---- Directory of c:\users\arnie\AppData\Roaming\F475E ----
.
2012-01-03 05:01 . 2012-01-05 06:59 14160 ----a-w- c:\users\arnie\AppData\Roaming\F475E\EC1C.475
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\arnie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\arnie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\arnie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-06-17 604432]
"8EA5DC038E5DF8EDCEF1038BDEFC4FB89F05D748._service_run"="c:\users\arnie\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-01-05 1047024]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-17 825864]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-20 30192]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-01-06 210216]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-29 140640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
.
c:\users\arnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-8-20 708608]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-1 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-05 136176]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-15 183560]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-20 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-05 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys [x]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files (x86)\WMZuneComm.exe [2011-08-05 306400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-05 08:50]
.
2012-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-05 08:50]
.
2012-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-228029637-333984442-100353009-1001Core.job
- c:\users\arnie\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 17:44]
.
2012-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-228029637-333984442-100353009-1001UA.job
- c:\users\arnie\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 17:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\arnie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\arnie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\arnie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\arnie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-08-31 200704]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-12 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-12 365592]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"Zune Launcher"="c:\program files (x86)\ZuneLauncher.exe" [2011-08-05 163552]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_1410&r=273610093416l0363z1m5w47k1r87s
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\users\arnie\AppData\Roaming\Mozilla\Firefox\Profiles\uhlrqdqd.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox|https://www.google.com/finance/portfolio|http://www.google.com/calendar/render?pli=1|http://www.google.com/ig|facebook.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-01-15 09:45:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-15 17:45
ComboFix2.txt 2012-01-14 02:19
ComboFix3.txt 2012-01-14 01:13
.
Pre-Run: 10,028,875,776 bytes free
Post-Run: 10,008,981,504 bytes free
.
- - End Of File - - 1B38A693A9C9509D9F940DAA8F7673C8

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 AM

Posted 16 January 2012 - 08:36 AM

Do you think I should use the recovery CDs to reset to factory settings?


Yes I think you should.

You cannot continue to restore a good service point.

Keep me posted.

#9 OhCrud

OhCrud
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 16 January 2012 - 06:11 PM

OK - will do. I'll let you know how it goes!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users