Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer won't reboot after using Malwarebytes


  • This topic is locked This topic is locked
2 replies to this topic

#1 leaird

leaird

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 10 February 2012 - 11:25 PM

I originally asked for help because my computer will no longer go to Google.com. Instead, it is redirected to Yahoo Search. I have discovered a bigger problem as I have been running scans on my computer. Malwarebytes found 3 viruses but I can't seem to get rid of them. When Malwarebytes restarts my computer, it gets stuck at startup. It is stuck at the screen with the hp symbol (In the bottom corner it says press esc for startup menu but pressing esc doesn't do anything). Since it gets stuck at the very beginning of the startup, I can't enter safe mode or anything. However, I can press the power button to restart the computer on my own and it will go through startup fine. Unfortunately, the viruses are still there every time. For some reason it just won't restart when Malwarebytes tells it to. The viruses are Trojan.agent (two of them listed) and RiskWare.Tool.CK.

Link to previous topic: http://www.bleepingcomputer.com/forums/topic442069.html/page__pid__2592748#entry2592748

I have run scans with Malwarebytes, Avast, Super Antispyware, and Windows Defender. Avast & Windows Defender came back clean. Super Antispyware found 52 items. I was instructed to follow steps 6 and up on the "Preparation Guide for Use Before Using Malware Removal Tools and Requesting Help". I ran DDS and have included the logs below. The GMER scan did not allow me to check all of the boxes that appeared in the picture on the preparation guide. Everything was greyed out and unclickable except Services, Registry, Files (I only selected C:\), and ADS. Once the GMER scan finished, I got the message "GMER hasn't found any system modification." There was no log to save.

I have an external harddrive that I can back all of my files up to. Is that safe to do or will the external also become infected? Assuming I can back all of my files up to the external, I would not be opposed to reformatting my computer if it would solve my problem. Thanks for your help!


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Prentiss at 22:00:16 on 2012-02-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7990.5419 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Rosetta Stone\SMS v3.0hs\Service\JavaSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Windows\system32\wbem\unsecapp.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Prentiss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RFYHKIJI\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.mg1.mail.yahoo.com/neo/launch
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
uWindow Title = Windows Internet Explorer provided by Yahoo!
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: PDFLite Toolbar Helper: {7413f9fc-8e54-4c93-beb7-1225eb0970ca} - C:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: PDFLite Toolbar: {7c8aceeb-b1d8-43cc-a387-da838515368d} - C:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\Users\Prentiss\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: intuit.com\ttlc
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8D32C87A-8576-4741-9B0E-67BF9980C427} - hxxp://tc.support.plato.com/WebUI/ConnectivityChecker.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{04DDE38C-9CCF-4A97-BFB5-DC461DA6353D} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{04DDE38C-9CCF-4A97-BFB5-DC461DA6353D}\052434D213 : DhcpNameServer = 192.168.73.10
TCP: Interfaces\{04DDE38C-9CCF-4A97-BFB5-DC461DA6353D}\052434D233 : DhcpNameServer = 192.168.73.10
TCP: Interfaces\{04DDE38C-9CCF-4A97-BFB5-DC461DA6353D}\25D455D434 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{04DDE38C-9CCF-4A97-BFB5-DC461DA6353D}\C456169627460223 : DhcpNameServer = 172.27.35.1
TCP: Interfaces\{04DDE38C-9CCF-4A97-BFB5-DC461DA6353D}\C65616962746 : DhcpNameServer = 192.168.254.254
TCP: Interfaces\{DD81F125-3041-4814-9089-B143D9E7CB5F} : NameServer = 192.168.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
LSA: Notification Packages = DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: PDFLite Toolbar Helper: {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - C:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll
BHO-X64: PDFLite Toolbar Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: PDFLite Toolbar: {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - C:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun-x64: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
Hosts: 94.63.240.132 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot64.sys --> C:\Windows\system32\drivers\pavboot64.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/10/19 19:20:09];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-9-2 148976]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-5 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-9 40384]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-10-19 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-10-19 75048]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-10-19 292136]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-10 652360]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-5-4 25824]
R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-10-19 75248]
R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 SMSv3hs;SMSv3hs;C:\Program Files (x86)\Rosetta Stone\SMS v3.0hs\service\JavaSrvc.exe [2006-4-21 65536]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2011-8-3 828944]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-16 2533400]
R2 Updater Service for PDFLite Toolbar;Updater Service for PDFLite Toolbar;C:\Program Files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe [2011-8-2 267488]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]
R2 WysePocketCloud;Wyse PocketCloud;C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2011-12-20 155552]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2010/09/16 02:15:42;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-9-16 245232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-16 136176]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [?]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-9 40384]
S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-9 40384]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-16 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-11 02:26:01 20480 ----a-w- C:\Windows\svchost.exe
2012-02-11 02:25:37 78848 ----a-w- C:\Windows\KMSEmulator.exe
2012-02-10 23:28:27 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{27B43203-E295-4C2A-A128-0DE3E7CD0747}\mpengine.dll
2012-02-10 02:28:33 -------- d-----w- C:\Users\Prentiss\AppData\Roaming\SUPERAntiSpyware.com
2012-02-10 02:27:52 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-10 02:27:52 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-09 04:17:22 -------- d-----w- C:\Users\Prentiss\AppData\Roaming\Intuit
2012-02-09 04:14:08 -------- d-----w- C:\ProgramData\Intuit
2012-02-09 04:14:06 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2012-02-09 04:13:55 -------- d-----w- C:\Program Files (x86)\TurboTax
2012-02-09 00:42:49 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-08 16:17:35 -------- d-----w- C:\Users\Prentiss\AppData\Roaming\dBpoweramp
2012-02-08 14:00:47 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\65E2.tmp
2012-02-08 14:00:47 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\65E1.tmp
2012-01-27 04:46:27 27648 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\sugo3pc.dll
2012-01-25 05:24:19 -------- d-----w- C:\Users\Prentiss\AppData\Local\{5FD21E40-BEEF-4CA9-9909-40B0149F5F00}
2012-01-25 05:24:09 -------- d-----w- C:\Users\Prentiss\AppData\Local\{BAB513CD-32DF-4B3F-827A-8A745EC1CB64}
2012-01-24 15:35:57 -------- d-----w- C:\Users\Prentiss\AppData\Local\{B4464585-E9B5-4E3B-9646-25443FB70932}
2012-01-24 15:35:34 -------- d-----w- C:\Users\Prentiss\AppData\Local\{672879B6-CCA2-4534-8A46-74CB06251E28}
2012-01-22 00:34:58 -------- d-----w- C:\Program Files (x86)\History Education
2012-01-17 04:30:36 -------- d-----w- C:\Users\Prentiss\AppData\Local\{35A2EC26-C307-4D5F-87DF-E07DFC04820F}
2012-01-17 04:29:46 -------- d-----w- C:\Users\Prentiss\AppData\Local\{49B9DA76-F845-4326-901A-B64DBD20AE36}
2012-01-15 21:08:23 -------- d-----w- C:\Users\Prentiss\AppData\Local\{CCF84C68-E590-4B1E-836D-676E4DF9CA47}
2012-01-15 21:07:32 -------- d-----w- C:\Users\Prentiss\AppData\Local\{D1A8BFEE-EF0E-4EF2-BCE5-1EE598CC5C11}
.
==================== Find3M ====================
.
2012-01-27 05:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-22 01:13:18 3350 --sha-w- C:\ProgramData\KGyGaAvL.sys
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-25 03:23:32 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2011-11-25 03:23:28 98616 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-24 04:45:15 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-19 15:07:41 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:06:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:14:10 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:41:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-09-02 18:03:28 730192 ----a-w- C:\Program Files (x86)\Common Files\ZugoInstaller.exe
.
============= FINISH: 22:02:14.26 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/13/2010 3:35:39 PM
System Uptime: 2/10/2012 9:24:39 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 144B
Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz | CPU | 2534/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 574 GiB total, 357.359 GiB free.
D: is FIXED (NTFS) - 22 GiB total, 3.214 GiB free.
E: is CDROM (UDF)
F: is FIXED (FAT32) - 0 GiB total, 0.082 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP256: 1/31/2012 7:08:52 PM - Windows Update
RP257: 2/3/2012 11:48:04 AM - Windows Update
RP258: 2/7/2012 10:06:22 AM - Windows Update
RP259: 2/8/2012 8:32:34 AM - Windows Update
RP260: 2/8/2012 7:43:05 PM - Installed HP Support Assistant
RP261: 2/8/2012 7:46:59 PM - Windows Modules Installer
RP262: 2/8/2012 7:48:02 PM - Windows Modules Installer
RP263: 2/8/2012 11:14:09 PM - Installed TurboTax 2011 wrapper
RP264: 2/8/2012 11:32:23 PM - Installed TurboTax 2011 wnciper
RP265: 2/9/2012 3:57:34 PM - Installed Java™ 6 Update 30
RP267: 2/9/2012 7:03:15 PM - Windows Defender Checkpoint
RP268: 2/9/2012 11:42:26 PM - Installed HiJackThis
RP269: 2/9/2012 11:43:15 PM - Installed HiJackThis
RP270: 2/10/2012 2:03:21 AM - Windows Update
RP271: 2/10/2012 6:27:21 PM - Windows Update
.
==== Installed Programs ======================
.
.
µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
Adobe Shockwave Player 11.6
AI RoboForm (All Users)
American History Volume I The Great Depression
Apple Application Support
Apple Software Update
Ask Toolbar
Bejeweled 2 Deluxe
Blackhawk Striker 2
Build-a-lot 2
calibre
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
ClosetMaid v1.5.2
Contents
CoreFLAC Audio Decoder+Source Filter (remove only)
Corel PaintShop Photo Pro X3
Corel VideoStudio Pro X3
Corel WinDVD 2010
CyberLink DVD Suite
CyberLink PowerDVD 11
D3DX10
dBpoweramp CD Writer
dBpoweramp DSP Effects
dBpoweramp Music Converter
DeviceIO
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Dropbox
DVD Menu Pack for HP MediaSmart Video
DVD Rip Pack v3.1
DVDFab 8.1.2.6 (12/10/2011) Qt
Energy Star Digital Logo
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
Epson Print CD
EPSON Scan
EpsonNet Print
EpsonNet Setup
Escape Rosecliff Island
ESU for Microsoft Windows 7
Express Zip File Compression Software
FATE
Final Drive Nitro
Fishdom - Frosty Splash
Free YouTube Downloader 3.3.115
GigaTribe 3.01.007
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
H&R Block Deluxe + Efile + State 2010
H&R Block North Carolina 2010
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
Homeschool Tracker Plus
HP Advisor
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
ICA
IDT Audio
Intel PROSet Wireless
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Driver
IPM_PSP_Pro
IPM_VS_Pro
ISCOM
Java Auto Updater
Java™ 6 Update 30
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LightScribe System Software
Lizard Safeguard - PDF Viewer 2.5.152
Magic ISO Maker v5.4 (build 0239)
Malwarebytes Anti-Malware version 1.60.1.1000
Media Cope 3.2
Memeo Instant Backup
Microsoft .NET Framework 1.1
Microsoft Office 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
MPEG Video Wizard DVD 5.0.1.102 (06/2011)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Origin
Panda ActiveScan 2.0
Pdf995
PDFCreator
PdfEdit995
PDFlite 0.4
PDFLite Toolbar
PDFZilla V1.2.9
Penguins!
PhotoNow!
PhotoStage Slideshow Producer
Plants vs. Zombies
PocketCloud Windows Companion
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
Prism Video File Converter
PSPPContent
PSPPRO_DCRAW
PureHD
PX Profile Update
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recovery Manager
Rosetta Stone Version 3
Roxio CinemaNow 2.0
Safari
Seagate Dashboard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Setup
Share
Signature995
SmartMusic 2012
SpeedFan (remove only)
StartNow Toolbar
Student Management System v3.0hs
swMSM
Tapestry of Grace Go to Egypt
TightVNC 2.0.4
Times Reader
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnciper
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VIO
Virtual Families
Virtual Villagers - The Secret City
VirtualCloneDrive
VLC media player 1.1.11
VSClassic
VSPro
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR 4.10 (32-bit)
WinX DVD Ripper Platinum API 6.3.5
Writing Aids
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Year 4 Curriculum
Year 4 Evaluations
Year 4 Government
Year 4 Interface
Year 4 Lapbooks
Year 4 MapAids
Year 4 PopQuiz
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
2/9/2012 5:15:03 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
2/9/2012 5:10:14 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
2/9/2012 2:26:44 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 6 time(s).
2/9/2012 12:09:21 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 5 time(s).
2/8/2012 5:19:55 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 3 time(s).
2/8/2012 4:27:08 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 2 time(s).
2/8/2012 11:52:07 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 4 time(s).
2/7/2012 8:34:42 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
2/7/2012 1:42:04 AM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 10 time(s).
2/6/2012 9:22:35 AM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 7 time(s).
2/6/2012 4:58:00 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 9 time(s).
2/6/2012 1:55:33 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 8 time(s).
2/6/2012 1:14:31 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DAVID that believes that it is the master browser for the domain on transport NetBT_Tcpip_{04DDE38C-9CCF-4A97-BFB5-DC461DA6353D}. The master browser is stopping or an election is being forced.
2/6/2012 1:09:08 PM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "78ACC0435727" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
2/10/2012 9:22:57 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/10/2012 9:21:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
2/10/2012 9:15:38 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
2/10/2012 9:15:36 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
2/10/2012 9:15:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/10/2012 9:15:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/10/2012 9:15:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/10/2012 9:15:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/10/2012 9:15:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP aswTdi discache ElbyCDIO pavboot SASDIFSV SASKUTIL spldr Wanarpv6
2/10/2012 8:33:12 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
2/10/2012 7:59:00 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
2/10/2012 7:11:57 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 11.0 Service service terminated unexpectedly. It has done this 1 time(s).
2/10/2012 12:20:11 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Prentiss-HP\Prentiss SID (S-1-5-21-1570668562-2312987351-1966760199-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/10/2012 12:11:04 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Prentiss-HP\Prentiss SID (S-1-5-21-1570668562-2312987351-1966760199-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/10/2012 12:11:04 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Prentiss-HP\Prentiss SID (S-1-5-21-1570668562-2312987351-1966760199-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:20 PM

Posted 14 February 2012 - 10:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

The infection has changed you HOSTS file.
Restore the MS file now.

Go to: http://www.funkytoad.com/index.php?option=com_content&task=view&id=13&Itemid=
Download the program HostsXpert to restore the default hosts file back onto your machine.
Unzip the program and execute it.
Select
"Restore MS Hosts File".
Close the application.
=*=

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please run the aswMBR tool again and post the log for my review.

Wait for further instructions.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:20 PM

Posted 20 February 2012 - 11:09 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users