Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32:DNS Changer-VJ [Trj]/ZAccess rootkit/Google redirect


  • This topic is locked This topic is locked
7 replies to this topic

#1 kumokuraudo

kumokuraudo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 03 June 2012 - 07:06 PM

I keep getting redirected when I search for things on google when I click urls.

I tried running GMER and it opened, but I could not select or deselect some of the boxes.
The only boxes I could select or deselect were Services, Registry, Files, C:, D:, and ADS.

Here is the other topic I made if it helps any: http://www.bleepingcomputer.com/forums/topic455172.html

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Owner at 18:11:23 on 2012-06-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1138 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\Launcher_Main.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\msdtc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\notepad.exe
C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe
C:\Windows\system32\notepad.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp64&d=1006&m=aspire_x1700
uStart Page = hxxp://search.babylon.com/?affID=112477&tt=100512_1_&babsrc=HP_ss&mntrId=d842ac720000000000000021976b9079
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Codecv Class: {e5a28d35-44eb-3aa3-ef60-f75740909514} - C:\ProgramData\Codecv\bhoclass.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [EPSON NX110 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBA.EXE /FU "C:\Windows\TEMP\E_S415.tmp" /EF "HKCU"
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [AdobeBridge]
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [emsisoftantimalwaresetup] "C:\Users\Owner\AppData\Local\Temp\EmsisoftAntiMalwareSetup.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AQUARI~1.LNK - C:\Program Files (x86)\Aquarius Soft\PC Alarm Clock Pro\alarm.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
uPolicies-explorer: link = 00000000
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{5AF4F6FB-79E9-4410-9E03-1DEA0456932E} : NameServer = 8.8.8.8,4.2.2.1
TCP: Interfaces\{5AF4F6FB-79E9-4410-9E03-1DEA0456932E} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Codecv Class: {E5A28D35-44EB-3AA3-EF60-F75740909514} - C:\ProgramData\Codecv\bhoclass.dll
BHO-X64: Codecv - No File
TB-X64: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun-x64: [emsisoftantimalwaresetup] "C:\Users\Owner\AppData\Local\Temp\EmsisoftAntiMalwareSetup.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fink8o8m.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fink8o8m.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-5-23 41728]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2012-5-23 14720]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-5-23 3045688]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-11-29 269448]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-11-29 24576]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-29 654408]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-4-26 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-4-26 131072]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-24 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-6-2 24652]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-5-23 63880]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 257696]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe --> C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-1-1 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-1-1 79360]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-22 129976]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 XENfiltv;XENfiltv;C:\Windows\system32\drivers\XENfiltv.sys --> C:\Windows\system32\drivers\XENfiltv.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-02 21:33:56 -------- d-----w- C:\ProgramData\Creative Labs
2012-06-02 20:39:03 -------- d-----w- C:\Users\Owner\dwhelper
2012-06-02 18:30:03 -------- d-----w- C:\Users\Owner\AppData\Local\{15E070B1-4663-4863-8FCB-49C142BF1AFE}
2012-06-02 18:29:50 -------- d-----w- C:\Users\Owner\AppData\Local\{A06EE87D-2A72-480F-9770-7D7295D26097}
2012-06-02 06:37:44 -------- d-----w- C:\Program Files (x86)\OpenAL
2012-06-02 06:34:07 -------- d-----w- C:\Program Files (x86)\MarmosetToolbag
2012-06-02 06:29:19 -------- d-----w- C:\Users\Owner\AppData\Local\{9FA210B9-F128-49A4-B898-81A9AB65511D}
2012-06-02 06:29:05 -------- d-----w- C:\Users\Owner\AppData\Local\{E1CB914C-10B6-4784-BC6B-2305B543F649}
2012-06-01 18:28:49 -------- d-----w- C:\Users\Owner\AppData\Local\{40AC1E93-49A5-4EC2-935C-57B05176E271}
2012-06-01 18:28:37 -------- d-----w- C:\Users\Owner\AppData\Local\{43075596-251A-474B-B358-4DF5126A4FAE}
2012-05-30 07:06:53 -------- d-----w- C:\Program Files (x86)\ESET
2012-05-29 21:01:22 -------- d-----w- C:\Users\Owner\AppData\Local\{07ED6551-7543-4802-8F68-8AECCB36DF5B}
2012-05-29 21:01:09 -------- d-----w- C:\Users\Owner\AppData\Local\{045F9AB2-DDF7-4E43-9325-A1EB742A18A4}
2012-05-29 20:22:06 -------- d-----w- C:\Program Files (x86)\Lame For Audacity
2012-05-29 19:04:08 -------- d-----w- C:\Program Files (x86)\Audacity
2012-05-29 05:24:05 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-29 05:24:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-26 19:14:25 -------- d-----w- C:\Users\Owner\AppData\Local\{F7AF2754-514B-4D9F-A7F1-AF3AFDA1D1AD}
2012-05-26 19:14:10 -------- d-----w- C:\Users\Owner\AppData\Local\{3A1C6245-3AB2-491D-802F-C1A13C0ABD61}
2012-05-25 21:11:13 -------- d-----w- C:\Users\Owner\AppData\Local\{30831FA4-7D54-4C97-97D3-CD20891961F2}
2012-05-25 21:10:47 -------- d-----w- C:\Users\Owner\AppData\Local\{B150215F-37AA-4044-9826-1BA33EE43114}
2012-05-25 19:05:53 81920 ----a-w- C:\Windows\eSellerateControl350.dll
2012-05-25 19:05:53 356352 ----a-w- C:\Windows\eSellerateEngine.dll
2012-05-25 19:05:51 -------- d-----w- C:\Program Files (x86)\DNSChanger Trojan Removal Tool
2012-05-25 19:05:30 -------- d-----w- C:\Program Files (x86)\hpmonitor
2012-05-25 03:43:57 -------- d-----w- C:\_OTM
2012-05-24 06:24:44 -------- d-----w- C:\Users\Owner\AppData\Roaming\Screaming Bee
2012-05-24 06:21:30 -------- d-----w- C:\Program Files (x86)\Screaming Bee
2012-05-24 05:57:35 -------- d-----w- C:\ProgramData\AVAST Software
2012-05-24 05:57:35 -------- d-----w- C:\Program Files\AVAST Software
2012-05-23 20:17:54 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2012-05-23 15:22:04 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-05-23 15:21:58 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-22 20:57:56 51496 ----a-w- C:\Windows\System32\drivers\stflt.sys
2012-05-22 18:07:36 -------- d-----w- C:\ProgramData\Tarma Installer
2012-05-21 05:51:47 -------- d-----w- C:\ProgramData\Graboid Inc
2012-05-21 05:51:40 -------- d-----w- C:\Users\Owner\AppData\Local\Geckofx
2012-05-21 05:50:49 -------- d-----w- C:\Program Files (x86)\Graboid
2012-05-21 02:13:11 -------- d-----w- C:\Users\Owner\AppData\Local\Opera
2012-05-20 23:07:39 -------- d-----w- C:\Windows\SysWow64\C2MP
2012-05-20 23:03:10 48128 ----a-w- C:\Windows\SysWow64\ff_acm.acm
2012-05-20 22:52:33 -------- d-----w- C:\ProgramData\xml_param
2012-05-20 22:51:10 155136 ----a-w- C:\Windows\SysWow64\AI_ContextMenu.dll
2012-05-20 22:43:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\Aimersoft Video Converter Ultimate
2012-05-20 22:43:45 -------- d-----w- C:\Users\Owner\AppData\Local\Aimersoft
2012-05-20 22:43:44 -------- d-----w- C:\Program Files (x86)\Common Files\Aimersoft
2012-05-20 22:41:17 496640 ----a-w- C:\Windows\SysWow64\xvid.ax
2012-05-20 22:41:14 -------- d-----w- C:\Program Files (x86)\Aimersoft
2012-05-20 21:12:14 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-05-19 22:18:05 -------- d-----w- C:\ProgramData\Premium
2012-05-19 22:18:02 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2012-05-19 22:17:46 -------- d-----w- C:\Users\Owner\AppData\Local\Babylon
2012-05-19 22:17:45 -------- d-----w- C:\ProgramData\Babylon
2012-05-19 22:17:44 -------- d-----w- C:\Users\Owner\AppData\Roaming\Babylon
2012-05-19 22:15:51 -------- d-----w- C:\ProgramData\Codecv
2012-05-19 22:15:30 -------- d-----w- C:\ProgramData\InstallMate
2012-05-19 00:33:24 -------- d-----w- C:\Users\Owner\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-05-18 22:59:27 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-05-18 21:59:22 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-18 21:59:22 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-18 21:59:22 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-18 21:59:22 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-18 21:59:22 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-18 21:59:22 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-18 21:59:22 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-18 21:49:44 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-18 21:49:43 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-18 21:49:40 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-18 21:49:39 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-18 21:49:37 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-05-18 21:49:37 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-05-18 21:49:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-05-18 21:49:34 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-18 21:49:34 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-18 21:48:55 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-05-18 21:48:55 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-05-18 21:48:55 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-05-18 21:48:54 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-05-18 21:48:33 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-18 21:46:36 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-18 21:46:34 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-18 21:46:34 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-18 21:46:34 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-18 21:46:34 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-18 21:46:33 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-18 02:04:09 -------- d-----w- C:\Program Files (x86)\ChronoTriggerTextEditor
2012-05-09 05:11:18 -------- d-----w- C:\Users\Owner\AppData\Local\{7F575BAB-843A-4251-96BA-F844527F9255}
2012-05-09 05:11:07 -------- d-----w- C:\Users\Owner\AppData\Local\{488255FC-7630-4C55-988D-E9119AC2A4C1}
2012-05-08 12:13:49 -------- d-----w- C:\Users\Owner\AppData\Local\{C8762ED1-CEE7-41AC-B68B-DD118D65845A}
2012-05-08 12:13:37 -------- d-----w- C:\Users\Owner\AppData\Local\{D2EEA7C9-C5D8-4AA2-B5B6-1ABEF27EEA7E}
2012-05-08 00:13:09 -------- d-----w- C:\Users\Owner\AppData\Local\{673669B8-B988-4974-83A8-5D76AF9CFD65}
2012-05-08 00:12:58 -------- d-----w- C:\Users\Owner\AppData\Local\{07816403-66D6-4632-972B-2F55DDCA49A6}
2012-05-07 01:05:00 -------- d-----w- C:\Users\Owner\AppData\Local\SplitMediaLabs
2012-05-07 01:04:12 -------- d-----w- C:\ProgramData\SplitMediaLabs
2012-05-07 01:04:12 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs
2012-05-07 01:03:01 -------- d-----w- C:\Users\Owner\AppData\Roaming\SplitMediaLabs
2012-05-07 00:22:40 -------- d-----w- C:\Users\Owner\AppData\Local\{ED055D07-8397-444B-A23C-C342841C3F69}
2012-05-07 00:22:28 -------- d-----w- C:\Users\Owner\AppData\Local\{21885052-B5C2-4EAC-AB79-3C62AF21BF32}
2012-05-06 12:21:53 -------- d-----w- C:\Users\Owner\AppData\Local\{A975336B-4F9B-41DC-B0DF-AF7D17AA4ADA}
2012-05-06 12:21:41 -------- d-----w- C:\Users\Owner\AppData\Local\{EEB40737-3C8E-47AC-9528-2D86B775DBAB}
2012-05-06 12:21:27 -------- d-----w- C:\Users\Owner\AppData\Roaming\Windows Live Writer
2012-05-06 12:21:27 -------- d-----w- C:\Users\Owner\AppData\Local\Windows Live Writer
2012-05-06 03:38:29 -------- d-----w- C:\Users\Owner\AppData\Local\Unity
2012-05-05 23:03:14 -------- d-----w- C:\Users\Owner\AppData\Local\{E4177ED2-8071-4BF6-A469-144C799C9D42}
2012-05-05 23:03:02 -------- d-----w- C:\Users\Owner\AppData\Local\{EF4B1D0D-8501-4BD2-9A3F-703308D5041F}
2012-05-05 21:31:58 -------- d-----w- C:\Users\Owner\AppData\Local\{78E595DC-6AA2-43A9-8DAB-FB0CB6B33E6E}
2012-05-05 21:31:46 -------- d-----w- C:\Users\Owner\AppData\Local\{D5237876-C20D-4B90-B2A6-9CEEFD5F101F}
2012-05-05 21:30:55 -------- d-----w- C:\Windows\en
2012-05-05 21:27:57 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-05-05 21:25:25 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-05-05 21:21:25 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3ea5c701cd2b0504\bingbarsetup.exe
2012-05-05 21:21:03 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f98ab8b01cd2b0403\MeshBetaRemover.exe
2012-05-05 21:20:57 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f5a679a01cd2b0402\DSETUP.dll
2012-05-05 21:20:57 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f5a679a01cd2b0402\DXSETUP.exe
2012-05-05 21:20:57 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f5a679a01cd2b0402\dsetup32.dll
2012-05-05 21:20:49 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f0c871401cd2b0401\DSETUP.dll
2012-05-05 21:20:49 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f0c871401cd2b0401\DXSETUP.exe
2012-05-05 21:20:49 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f0c871401cd2b0401\dsetup32.dll
.
==================== Find3M ====================
.
2012-05-18 21:53:43 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-18 21:53:43 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 09:03:13 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-22 20:14:52 4376576 ----a-w- C:\Windows\System32\ffdshow.ax
2012-04-22 20:14:18 3515392 ----a-w- C:\Windows\SysWow64\ffdshow.ax
2012-04-22 20:14:14 4489728 ----a-w- C:\Windows\System32\ffmpeg.dll
2012-04-22 20:12:22 4424704 ----a-w- C:\Windows\SysWow64\ffmpeg.dll
2012-04-08 23:47:28 474624 ----a-w- C:\Windows\System32\ff_kernelDeint.dll
2012-04-08 23:47:14 92160 ----a-w- C:\Windows\System32\ff_vfw.dll
2012-04-08 23:46:24 631296 ----a-w- C:\Windows\System32\TomsMoComp_ff.dll
2012-04-08 23:45:58 183808 ----a-w- C:\Windows\System32\ff_unrar.dll
2012-04-08 23:45:58 156672 ----a-w- C:\Windows\System32\ff_libmad.dll
2012-04-08 23:45:58 114688 ----a-w- C:\Windows\System32\ff_wmv9.dll
2012-04-08 23:45:56 359424 ----a-w- C:\Windows\System32\ff_libfaad2.dll
2012-04-08 23:45:56 222720 ----a-w- C:\Windows\System32\ff_libdts.dll
2012-04-08 23:45:56 1532928 ----a-w- C:\Windows\System32\ff_samplerate.dll
2012-04-08 23:45:54 116224 ----a-w- C:\Windows\System32\ff_liba52.dll
2012-04-08 23:40:36 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-04-08 23:39:46 260608 ----a-w- C:\Windows\SysWow64\TomsMoComp_ff.dll
2012-04-08 23:39:32 99840 ----a-w- C:\Windows\SysWow64\ff_wmv9.dll
2012-04-08 23:39:32 158720 ----a-w- C:\Windows\SysWow64\ff_unrar.dll
2012-04-08 23:39:30 1525248 ----a-w- C:\Windows\SysWow64\ff_samplerate.dll
2012-04-08 23:39:30 146944 ----a-w- C:\Windows\SysWow64\ff_libmad.dll
2012-04-08 23:39:28 212480 ----a-w- C:\Windows\SysWow64\ff_libdts.dll
2012-04-08 23:39:28 115200 ----a-w- C:\Windows\SysWow64\ff_liba52.dll
2012-04-08 23:39:26 328704 ----a-w- C:\Windows\SysWow64\ff_libfaad2.dll
2012-03-29 14:23:54 775168 ----a-w- C:\Windows\System32\LAVVideo.ax
2012-03-29 14:23:54 555520 ----a-w- C:\Windows\System32\LAVSplitter.ax
2012-03-29 14:23:50 248832 ----a-w- C:\Windows\System32\LAVAudio.ax
2012-03-29 14:23:46 202240 ----a-w- C:\Windows\System32\libbluray.dll
2012-03-29 14:23:40 6757091 ----a-w- C:\Windows\System32\avcodec-lav-54.dll
2012-03-29 14:23:40 399620 ----a-w- C:\Windows\System32\swscale-lav-2.dll
2012-03-29 14:23:40 214711 ----a-w- C:\Windows\System32\avutil-lav-51.dll
2012-03-29 14:23:40 133299 ----a-w- C:\Windows\System32\avfilter-lav-2.dll
2012-03-29 14:23:40 1167294 ----a-w- C:\Windows\System32\avformat-lav-54.dll
2012-03-29 14:21:32 606720 ----a-w- C:\Windows\SysWow64\LAVVideo.ax
2012-03-29 14:21:32 462848 ----a-w- C:\Windows\SysWow64\LAVSplitter.ax
2012-03-29 14:21:28 217600 ----a-w- C:\Windows\SysWow64\LAVAudio.ax
2012-03-29 14:21:26 172032 ----a-w- C:\Windows\SysWow64\libbluray.dll
2012-03-29 14:21:18 6582226 ----a-w- C:\Windows\SysWow64\avcodec-lav-54.dll
2012-03-29 14:21:18 374152 ----a-w- C:\Windows\SysWow64\swscale-lav-2.dll
2012-03-29 14:21:18 207872 ----a-w- C:\Windows\SysWow64\avutil-lav-51.dll
2012-03-29 14:21:18 144523 ----a-w- C:\Windows\SysWow64\avfilter-lav-2.dll
2012-03-29 14:21:18 1152365 ----a-w- C:\Windows\SysWow64\avformat-lav-54.dll
2012-03-27 15:08:52 267264 ----a-w- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
2012-03-27 15:08:24 348160 ----a-w- C:\Windows\System32\IntelQuickSyncDecoder.dll
2012-03-13 01:56:40 947472 ----a-w- C:\Windows\SysWow64\msjava.dll
2012-03-08 23:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 23:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
.
============= FINISH: 18:14:25.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:43 PM

Posted 04 June 2012 - 08:09 AM

Greetings kumokuraudo and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you!


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:43 PM

Posted 04 June 2012 - 09:51 PM

Greetings kumokuraudo,


Thank you for allowing me the time to review the information provided, including the investigation conducted by Boopme.

I have provided an initial step for you to perform but I must first advise you of the following:


===================================================


BACKDOOR WARNING!

--------------------

One or more of the identified infections [ZeroAccess] is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


===================================================


Farbar's Recovery Scan Tool

--------------------

I would like you to run Farbar's Recovery Scan Tool to check your Master Boot Record (MBR). For this you will need a USB flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC and we will enter the System Recovery Options one of the two following ways:

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Would you like to continue cleaning your computer?
  • FRST.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:43 PM

Posted 07 June 2012 - 09:41 PM

Greetings kumokuraudo,


===================================================

3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 kumokuraudo

kumokuraudo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 10 June 2012 - 02:46 AM

Yes, I would like to keep cleaning my PC. Give me a day to get the USB flash drive please. Sorry about the late post. Thank you so much for all the help. :)

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:43 PM

Posted 10 June 2012 - 08:05 AM

Greetings kumokuraudo,

No problem at all, thanks for letting me know. When you are all set to go we will still be here to help you. :thumbup2:
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:43 PM

Posted 15 June 2012 - 09:16 PM

Greetings kumokuraudo,

===================================================

3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:43 PM

Posted 19 June 2012 - 02:45 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users