Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SMART HDD and Backdoor.Multi.Zaccess.Gen


  • This topic is locked This topic is locked
6 replies to this topic

#1 pokerchris

pokerchris

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 16 April 2012 - 05:12 PM

I was infected with the SMART HDD and followed all steps in several different posts to remove it. It seemed as though I was cured and then noticed that I was having Slow and Redirection when using Google. I ran TDSSKILLER again and noticed that it was still detecting backdoor.multi.zaccess.gen. It did not give me an option to "CURE" so I followed the directions and just skipped. I have tried several things and am still unable to fix this issue. I am running Windows 7 64 BIT. Please find my DDS logs below. I did not run GMER since it stated that it was only for 32 Bit systems.


Thank you for any and all assistance.

Chris


DDS LOG:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jennifer at 18:00:16 on 2012-04-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.1053 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.exe
C:\Users\Jennifer\Downloads\tdsskiller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B5013C32-FE5D-4B74-B63C-35DB2FD92EE9} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B5013C32-FE5D-4B74-B63C-35DB2FD92EE9}\2656C6B696E653437623 : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE-X64: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-6-16 1143416]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110624.050\IDSviA64.sys [2011-6-25 488056]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-20 13592]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-14 654408]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-1-18 995744]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-20 2320920]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\system32\DRIVERS\btwdpan.sys --> C:\Windows\system32\DRIVERS\btwdpan.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-12 136824]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/02/20 01:47:37;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-12-6 240112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-2 136176]
S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-1-12 2425960]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 253088]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-2 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-9-2 227232]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-16 21:34:02 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-16 20:28:24 110080 ----a-r- C:\Users\Jennifer\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\IconF7A21AF7.exe
2012-04-16 20:28:24 110080 ----a-r- C:\Users\Jennifer\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\IconD7F16134.exe
2012-04-16 20:28:24 110080 ----a-r- C:\Users\Jennifer\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\Icon1226A4C5.exe
2012-04-16 20:28:23 -------- d-----w- C:\sh4ldr
2012-04-16 20:28:23 -------- d-----w- C:\Program Files\Enigma Software Group
2012-04-16 20:27:39 -------- d-----w- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-16 20:27:38 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-04-14 20:19:39 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\Malwarebytes
2012-04-14 20:19:35 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-14 20:19:34 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-14 20:19:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-14 19:48:25 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\SUPERAntiSpyware.com
2012-04-14 19:48:03 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-04-14 19:48:03 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-04-14 19:47:03 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\Tific
2012-04-14 19:47:02 -------- d-----w- C:\Users\Jennifer\AppData\Local\Symantec
2012-04-14 19:44:49 879714 ----a-w- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Network Shortcuts\SecurityCheck.exe
2012-04-14 19:18:57 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-14 19:17:50 -------- d-----we C:\Windows\system64
2012-04-13 23:39:25 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 20:21:05 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-12 19:43:46 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 19:43:45 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 19:43:45 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 19:43:42 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 19:43:41 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 19:43:40 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 19:43:40 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-04-03 21:35:05 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\symefa64.sys
2012-04-03 21:35:05 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\srtsp64.sys
2012-04-03 21:35:05 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\symds64.sys
2012-04-03 21:35:05 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\srtspx64.sys
2012-04-03 21:35:05 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\symnets.sys
2012-04-03 21:35:05 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\ironx64.sys
2012-04-03 21:34:56 -------- d-----w- C:\Windows\System32\drivers\NISx64\1207010.003
2012-03-29 12:18:07 -------- d-----w- C:\Users\Jennifer\AppData\Local\{9869D27A-D794-49CF-88BF-B5CFFCAF1BAA}
2012-03-29 00:17:55 -------- d-----w- C:\Users\Jennifer\AppData\Local\{5B43857B-984F-4342-B520-C199E421927B}
2012-03-28 11:47:14 -------- d-----w- C:\Users\Jennifer\AppData\Local\{65EB0E87-F860-46D6-927A-30763D0F9E5B}
2012-03-28 11:47:02 -------- d-----w- C:\Users\Jennifer\AppData\Local\{B120A078-2385-4CE4-974D-C20450FFE57E}
2012-03-27 13:09:48 -------- d-----w- C:\Users\Jennifer\AppData\Local\{6AFC94D9-1959-42D5-9E07-AD91FC116839}
2012-03-27 13:09:37 -------- d-----w- C:\Users\Jennifer\AppData\Local\{EE33C3F5-687B-4405-92D2-42157F703EA1}
2012-03-27 01:09:21 -------- d-----w- C:\Users\Jennifer\AppData\Local\{6AEB439A-4BAD-4A2D-816D-6BE5290C3A85}
2012-03-27 01:09:09 -------- d-----w- C:\Users\Jennifer\AppData\Local\{CFEEFA33-075F-4BE4-95E7-24E0D9ECE4DE}
2012-03-26 13:08:53 -------- d-----w- C:\Users\Jennifer\AppData\Local\{E656FA6C-4D70-4651-9E99-933D016E0A9E}
2012-03-26 13:08:41 -------- d-----w- C:\Users\Jennifer\AppData\Local\{567B2845-8A9F-4CE4-A517-67E48862C403}
2012-03-26 01:08:27 -------- d-----w- C:\Users\Jennifer\AppData\Local\{BF542F46-8DE0-4C50-A50A-D6067F5F3929}
2012-03-26 01:08:15 -------- d-----w- C:\Users\Jennifer\AppData\Local\{C164C796-BDA4-4CC8-946E-C13E12882292}
2012-03-25 13:08:01 -------- d-----w- C:\Users\Jennifer\AppData\Local\{0F278CD1-FFE0-460F-9697-AA5995154CE6}
2012-03-25 13:07:48 -------- d-----w- C:\Users\Jennifer\AppData\Local\{AE23F3AE-4B69-4767-B968-5C8C872F27E6}
2012-03-25 01:07:26 -------- d-----w- C:\Users\Jennifer\AppData\Local\{EE6E4D1C-1B76-4666-ABC2-AA0CCD8DB366}
2012-03-25 01:07:13 -------- d-----w- C:\Users\Jennifer\AppData\Local\{2C9E4A21-8FA3-4AD1-9C92-0D667635A4AF}
2012-03-24 13:06:57 -------- d-----w- C:\Users\Jennifer\AppData\Local\{4E9C4FB7-7B41-4A29-83F1-9FAAC764572B}
2012-03-24 13:06:44 -------- d-----w- C:\Users\Jennifer\AppData\Local\{C33765F0-B071-47D9-B5A2-3CA84E67B65C}
2012-03-24 01:06:30 -------- d-----w- C:\Users\Jennifer\AppData\Local\{24840F31-A2BC-4807-93BF-CB197B12792B}
2012-03-24 01:06:18 -------- d-----w- C:\Users\Jennifer\AppData\Local\{98B84CB6-9866-4E75-8B9A-DA246507D319}
2012-03-23 13:06:01 -------- d-----w- C:\Users\Jennifer\AppData\Local\{5189437F-BAE8-4790-9750-AD0964DEDE29}
2012-03-23 13:05:48 -------- d-----w- C:\Users\Jennifer\AppData\Local\{CDC569DC-F0B6-4817-8F8C-A753CCFEFE08}
2012-03-22 23:54:06 -------- d-----w- C:\Users\Jennifer\AppData\Local\{4945A32D-D4DA-45B4-B703-107125A8F74C}
2012-03-22 23:53:55 -------- d-----w- C:\Users\Jennifer\AppData\Local\{BA66862D-453C-44A0-B30C-2BC75758F30E}
2012-03-22 11:53:42 -------- d-----w- C:\Users\Jennifer\AppData\Local\{292E5E94-1E10-435D-9601-193291E8376C}
2012-03-22 11:53:31 -------- d-----w- C:\Users\Jennifer\AppData\Local\{7D809FDA-8601-49F8-A8BC-91A79E9A2D8D}
2012-03-21 16:14:16 -------- d-----w- C:\Users\Jennifer\AppData\Local\{A41B3F6D-4C22-43EE-996A-6527E5DF8FE7}
2012-03-21 16:14:03 -------- d-----w- C:\Users\Jennifer\AppData\Local\{B7E2E4E8-D82F-4024-B394-DF34016E245F}
2012-03-20 23:59:16 -------- d-----w- C:\Users\Jennifer\AppData\Local\{CC648D3E-6EFE-4307-8249-EE526B902131}
2012-03-20 23:58:59 -------- d-----w- C:\Users\Jennifer\AppData\Local\{3B90FB10-14E6-4B91-841C-20ACC69C3771}
2012-03-20 11:53:01 -------- d-----w- C:\Users\Jennifer\AppData\Local\{E46010DC-D3F0-4C60-934F-2CCD2C7D07D9}
2012-03-20 11:52:48 -------- d-----w- C:\Users\Jennifer\AppData\Local\{5D286C33-13EA-4CAC-81EA-6EC74DA16848}
2012-03-19 13:01:48 -------- d-----w- C:\Users\Jennifer\AppData\Local\{4F6364BE-0641-489E-9384-80D6CF85F43D}
2012-03-19 13:01:37 -------- d-----w- C:\Users\Jennifer\AppData\Local\{9CD9FA89-E64F-4300-8183-915966F2AEBC}
2012-03-19 01:01:20 -------- d-----w- C:\Users\Jennifer\AppData\Local\{F5478AAF-5462-4DCF-B3F1-85FB3A0A3C4E}
2012-03-19 01:01:08 -------- d-----w- C:\Users\Jennifer\AppData\Local\{162B7B7C-3E9E-44DB-9F5F-059E732EB1C5}
2012-03-18 13:00:54 -------- d-----w- C:\Users\Jennifer\AppData\Local\{99512D03-594D-4F90-AD5C-88937D5487ED}
2012-03-18 13:00:41 -------- d-----w- C:\Users\Jennifer\AppData\Local\{A83ADBED-94F9-4222-9ACA-D5DA006710C1}
2012-03-17 22:39:43 -------- d-----w- C:\Users\Jennifer\AppData\Local\{DD7A4456-CB04-45B9-9F3F-E929BB733FC5}
2012-03-17 22:39:32 -------- d-----w- C:\Users\Jennifer\AppData\Local\{132627D7-8E69-488B-8BBB-79EDF003EAC3}
.
==================== Find3M ====================
.
2012-04-13 23:39:34 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 06:43:21 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:41 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:27:11 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:27:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 18:01:58.60 ===============



ATTACH LOG:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/27/2011 11:31:24 AM
System Uptime: 4/16/2012 5:16:58 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 166A
Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz | CPU | 2533/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 377.112 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.83 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 0 GiB total, 0.083 GiB free.
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Prem C310 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Prem C310 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP95: 3/24/2012 1:12:55 AM - Scheduled Checkpoint
RP96: 3/30/2012 8:05:35 AM - HPSF Applying updates
RP97: 3/30/2012 8:08:11 AM - Removed HP Quick Launch
RP98: 3/30/2012 8:08:59 AM - Installed HP Quick Launch
RP99: 4/12/2012 3:42:06 PM - Windows Update
RP100: 4/16/2012 4:27:47 PM - Installed SpyHunter
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
AmericasCardroom.net
Apple Application Support
Apple Software Update
Ask Toolbar
Bejeweled
Bejeweled 2 Deluxe
Bejeweled 3
Bejeweled Twist
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Blio
BodogPoker
Borders Desktop
Bounce Symphony
BufferChm
Build-a-lot 2
C310
Cake Mania
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 2.1
Canon MX860 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Chuzzle Deluxe
Clue Classic (remove only)
Cook'n Deluxe
Coupon Printer for Windows
CyberLink DVD Suite
CyberLink PowerDVD 9
CyberLink YouCam
D3DX10
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Farm Frenzy
FATE
Final Drive Nitro
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MovieStore
HP On Screen Display
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
HP Update
HPAppStudio
HPPhotoGadget
HPProductAssistant
HPSSupply
IDT Audio
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 30
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
McAfee Security Scan Plus
Mesh Runtime
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Monopoly (remove only)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Muppet_SS_Av25 Screen Saver
Mystery P.I. - The London Caper
Norton Internet Security
Penguins!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
PokerStars.net
Polar Bowler
Polar Golfer
Power2Go
PS_AIO_07_C310_SW_Min
QuickTime
QuickTransfer
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
RoxioNow Player
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
SmartWebPrinting
SolutionCenter
Status
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Veetle TV
Virtual Families
Virtual Villagers 4 - The Tree of Life
WebReg
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
4/16/2012 5:19:08 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
4/16/2012 5:19:08 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
4/16/2012 5:18:15 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
4/16/2012 5:18:04 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
4/16/2012 5:17:46 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
4/16/2012 5:17:45 PM, Error: Service Control Manager [7023] - The Stltrk2k service terminated with the following error: The system cannot find the file specified.
4/16/2012 5:17:45 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
4/16/2012 5:17:44 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
4/16/2012 4:28:37 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 2 time(s).
4/16/2012 12:36:54 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
4/14/2012 4:04:06 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/14/2012 4:04:03 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
4/14/2012 4:04:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/14/2012 4:04:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/14/2012 4:04:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/14/2012 4:03:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/14/2012 4:03:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SymNetS Wanarpv6
4/14/2012 4:03:44 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
4/14/2012 4:03:43 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/14/2012 3:32:19 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
4/11/2012 6:43:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
4/11/2012 6:43:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
4/10/2012 2:15:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:14 PM

Posted 16 April 2012 - 05:22 PM

Hello pokerchris ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.





IMPORTANT NOTE: One or more of the identified infections is related to the rootkit ZeroAccess. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bepasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:If your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:




We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to continue please do this:


Please download ComboFix from the link below:

Combofix

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click it & follow the prompts.
  • If you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, it will produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.
  • If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.



-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.




Regards,
Georgi

cXfZ4wS.png


#3 pokerchris

pokerchris
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 16 April 2012 - 07:40 PM

I ran combofix and it completed everything. Once I rebooted I started receiving some error messages which I think may have been related to programs on startup. It locked up at the point that it stated it was preparing the log file. I don't believe it ever created the logfile. Should I try running combofix again?

#4 pokerchris

pokerchris
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 16 April 2012 - 07:46 PM

I did find this combofix.txt file not sure if this is the one it created or not.

ComboFix 12-04-16.02 - Jennifer 04/16/2012 18:32:23.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.1456 [GMT -4:00]
Running from: C:\Users\Jennifer\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:14 PM

Posted 17 April 2012 - 04:52 AM

Hi,



Let's try this:



Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]


Regards,
Georgi

cXfZ4wS.png


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:14 PM

Posted 18 April 2012 - 04:20 PM

Hello,


It's been several days. Do you still need help on this?
This thread will be closed if you don't respond within 72 hours.


Regards,
Georgi

cXfZ4wS.png


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:14 PM

Posted 22 April 2012 - 04:32 AM

Due to the lack of feedback, this topic is now closed.
In the event you still have problems, please send a Private Message to any Moderator or the Malware Helper who replied to you here and ask them to reopen this topic within the next 5 days.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users