Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Definitely been hacked, please help


  • This topic is locked This topic is locked
12 replies to this topic

#1 beesus

beesus

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 12 June 2012 - 12:20 PM

Ok so my laptop's definitely has had a lot of viruses for a while now and Ive just been ignoring, but today someone opened some chat program on my computer and started talking to me, while I was typing this they started moving my mouse and typing things as well so apparently they have full access. Im having a few other weird problems like whenever i try to right click something my computer tries to install ad-aware instead of bringing up the right click menu. Im pretty freaked out right now about this so if anyone can help id be very appreciative.

Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 beesus

beesus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 12 June 2012 - 12:23 PM

whoops totally forgot the log file



Scan saved at 12:22:22 PM, on 6/12/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Jeff\AppData\Roaming\Microsoft\lsass.exe
C:\Users\Jeff\AppData\Roaming\windefender.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Jeff\AppData\Local\Temp\vbc.exe
C:\Program Files (x86)\SoulseekNS\slsk.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\syswow64\MsiExec.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Users\Jeff\AppData\Roaming\Microsoft\lsass.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSWUpdate] C:\Users\Jeff\AppData\Roaming\Microsoft\lsass.exe
O4 - HKLM\..\Run: [Windows Update] C:\Users\Jeff\AppData\Roaming\Update.exe
O4 - HKLM\..\Run: [dvdfc] C:\Users\Jeff\AppData\Roaming\local.exe
O4 - HKLM\..\Run: [WINSCP] C:\Users\Jeff\AppData\Roaming\bot.exe
O4 - HKLM\..\Run: [WindowsDefender] C:\Users\Jeff\AppData\Roaming\windefender.exe
O4 - HKLM\..\Run: [Microsoft Windows] C:\Users\Jeff\AppData\Roaming\services.exe
O4 - HKCU\..\Run: [Windows Update] C:\Users\Jeff\AppData\Roaming\Update.exe
O4 - HKCU\..\Run: [WindowsDefender] C:\Users\Jeff\AppData\Roaming\windefender.exe
O4 - HKCU\..\Run: [MSWUpdate] C:\Users\Jeff\AppData\Roaming\Microsoft\lsass.exe
O4 - HKCU\..\Run: [Microsoft Essentials] C:\Users\Jeff\AppData\Local\Temp\MsMpEng.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [JavaUpdtr] C:\Users\Jeff\AppData\Roaming\JavaUpdtr\90801.exe
O4 - HKLM\..\Policies\Explorer\Run: [MSWUpdate] C:\Users\Jeff\AppData\Roaming\Microsoft\lsass.exe
O4 - HKLM\..\Policies\Explorer\Run: [Windows Update] C:\Users\Jeff\AppData\Roaming\Update.exe
O4 - HKLM\..\Policies\Explorer\Run: [dvdfc] C:\Users\Jeff\AppData\Roaming\local.exe
O4 - HKLM\..\Policies\Explorer\Run: [WINSCP] C:\Users\Jeff\AppData\Roaming\bot.exe
O4 - HKLM\..\Policies\Explorer\Run: [microsoft] C:\Users\Jeff\AppData\Roaming\services.exe
O4 - HKLM\..\Policies\Explorer\Run: [WindowsDefender] C:\Users\Jeff\AppData\Roaming\windefender.exe
O4 - HKCU\..\Policies\Explorer\Run: [MSWUpdate] C:\Users\Jeff\AppData\Roaming\Microsoft\lsass.exe
O4 - HKCU\..\Policies\Explorer\Run: [RFR5CMFGU7VZ] C:\Users\Jeff\AppData\Roaming\W3XGII4W.exe
O4 - HKCU\..\Policies\Explorer\Run: [WindowsDefender] C:\Users\Jeff\AppData\Roaming\windefender.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jeff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - Unknown owner - C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13676 bytes

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:28 PM

Posted 12 June 2012 - 04:27 PM

Greetings beesus and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you!


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:28 PM

Posted 13 June 2012 - 01:43 PM

Greetings beesus,

Just wanted to let you know I have not forgotten you. I have reviewed the information you provided but I must wait for my mentor to approve the steps I would like you to take before I can post them.

Thank you for your patience and understanding.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 beesus

beesus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 13 June 2012 - 01:47 PM

No problem im just glad youre helping, the guy definitely still has access as of a few minutes ago.

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:28 PM

Posted 13 June 2012 - 02:45 PM

Greetings beesus,


I would like you to perform an additional scan so we can take a deeper look into the state of your computer. Please complete the following.


===================================================


DDS by sUBs

--------------------

  • Please download DDS by sUBs from one of the following links. Save it to your desktop.

    * DDS.scr
    * DDS.pif

  • Double click on the Posted Image icon
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Two Notepad documents will open - DDS.txt and Attach.txt. Please copy and paste the results in your reply
  • Close the program window, and delete the program from your desktop
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • DDS.txt
  • Attach.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 beesus

beesus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 14 June 2012 - 04:59 PM

cant seem to download it from either source :\

#8 beesus

beesus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 14 June 2012 - 05:03 PM

ok here we go, couldnt get it to download for a while


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Jeff at 17:00:00 on 2012-06-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4092.1477 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Users\Jeff\AppData\Roaming\Microsoft\lsass.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Users\Jeff\AppData\Roaming\windefender.exe
C:\Users\Jeff\AppData\Roaming\Update.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe
C:\Windows\explorer.exe
C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = <local>;*.local
mURLSearchHooks: H - No File
mWinlogon: Userinit=C:\Windows\system32\userinit.exe,C:\Users\Jeff\AppData\Roaming\Microsoft\lsass.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Windows Update] C:\Users\Jeff\AppData\Roaming\Update.exe
uRun: [WindowsDefender] C:\Users\Jeff\AppData\Roaming\windefender.exe
uRun: [MSWUpdate] C:\Users\Jeff\AppData\Roaming\Microsoft\lsass.exe
uRun: [Microsoft Essentials] C:\Users\Jeff\AppData\Local\Temp\MsMpEng.exe
uRun: [JavaUpdtr] C:\Users\Jeff\AppData\Roaming\JavaUpdtr\90801.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [C:\Program Files (x86)\Free Video Zilla\FVZilla.exe]
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [MSWUpdate] C:\Users\Jeff\AppData\Roaming\Microsoft\lsass.exe
mRun: [Windows Update] C:\Users\Jeff\AppData\Roaming\Update.exe
mRun: [dvdfc] C:\Users\Jeff\AppData\Roaming\local.exe
mRun: [WINSCP] C:\Users\Jeff\AppData\Roaming\bot.exe
mRun: [WindowsDefender] C:\Users\Jeff\AppData\Roaming\windefender.exe
mRun: [Microsoft Windows] C:\Users\Jeff\AppData\Roaming\services.exe
uExplorerRun: [MSWUpdate] C:\Users\Jeff\AppData\Roaming\Microsoft\lsass.exe
uExplorerRun: [RFR5CMFGU7VZ] C:\Users\Jeff\AppData\Roaming\W3XGII4W.exe
uExplorerRun: [WindowsDefender] C:\Users\Jeff\AppData\Roaming\windefender.exe
mExplorerRun: [MSWUpdate] C:\Users\Jeff\AppData\Roaming\Microsoft\lsass.exe
mExplorerRun: [Windows Update] C:\Users\Jeff\AppData\Roaming\Update.exe
mExplorerRun: [dvdfc] C:\Users\Jeff\AppData\Roaming\local.exe
mExplorerRun: [WINSCP] C:\Users\Jeff\AppData\Roaming\bot.exe
mExplorerRun: [microsoft] C:\Users\Jeff\AppData\Roaming\services.exe
mExplorerRun: [WindowsDefender] C:\Users\Jeff\AppData\Roaming\windefender.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to Mp3 Converter - C:\Users\Jeff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 172.16.0.1
TCP: Interfaces\{36C595CD-F7A5-45F0-BCCD-FBE75E3E1F72} : DhcpNameServer = 172.16.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {A653304D-DE3F-FE4A-D5EB-ADA32CBC8BDA} - C:\Users\Jeff\AppData\Roaming\bot.exe
mASetup: {ABFB9CED-CF6C-ADDC-0ACD-FF22FFBDFFB8} - C:\Users\Jeff\AppData\Roaming\Update.exe
mASetup: {C8AF6FCB-834D-AF5C-0DDD-5C9C6A0D3E9D} - C:\Users\Jeff\AppData\Roaming\local.exe
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [C:\Program Files (x86)\Free Video Zilla\FVZilla.exe]
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [MSWUpdate] C:\Users\Jeff\AppData\Roaming\Microsoft\lsass.exe
mRun-x64: [Windows Update] C:\Users\Jeff\AppData\Roaming\Update.exe
mRun-x64: [dvdfc] C:\Users\Jeff\AppData\Roaming\local.exe
mRun-x64: [WINSCP] C:\Users\Jeff\AppData\Roaming\bot.exe
mRun-x64: [WindowsDefender] C:\Users\Jeff\AppData\Roaming\windefender.exe
mRun-x64: [Microsoft Windows] C:\Users\Jeff\AppData\Roaming\services.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\duah186h.default\
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jeff\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\WINDOWS\System32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 npf;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys --> C:\Windows\system32\drivers\npf.sys [?]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\WINDOWS\SMINST\BLService.exe [2008-6-10 341328]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\system32\DRIVERS\AmdLLD64.sys --> C:\Windows\system32\DRIVERS\AmdLLD64.sys [?]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-21 136176]
S2 SBAMSvc;Ad-Aware;"C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe" --> C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe" --> C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [?]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-6-10 193840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-21 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 129976]
S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-3-29 1161072]
S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-22 89920]
S4 WDDMService;WDDMService;"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe" --> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [?]
S4 WDFME;WD File Management Engine;"C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe" --> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [?]
S4 WDSC;WD File Management Shadow Engine;"C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe" --> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-06-12 19:01:22 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-12 19:01:21 2767360 ----a-w- C:\Windows\System32\win32k.sys
2012-06-09 10:20:00 -------- d-----w- C:\Users\Jeff\dwhelper
2012-06-09 09:41:07 388096 ----a-r- C:\Users\Jeff\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-09 09:41:07 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-06-08 22:12:29 -------- d-----w- C:\Users\Jeff\AppData\Roaming\.minecraft
2012-06-08 21:22:43 -------- d-----w- C:\Users\Jeff\AppData\Roaming\JavaUpdtr
2012-06-08 21:22:43 -------- d-----w- C:\Users\Jeff\AppData\Roaming\dclogs
2012-06-06 21:49:14 -------- d-----w- C:\Users\Jeff\AppData\Roaming\ManyCam
2012-06-05 09:56:00 -------- d-----w- C:\Users\Jeff\AppData\Roaming\BitTorrent
2012-06-04 20:36:45 46616 ----a-w- C:\Users\Jeff\AppData\Roaming\data.bin
2012-06-02 11:53:44 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-31 05:27:03 931840 ----a-w- C:\Users\Jeff\AppData\Roaming\Microsoft\veCUWVGWJwpBXebHiN.exe
2012-05-31 01:46:14 931840 ----a-w- C:\Users\Jeff\AppData\Roaming\Microsoft\DfIUkINJH.exe
2012-05-30 01:49:39 931840 ----a-w- C:\Users\Jeff\AppData\Roaming\Microsoft\bfPjh.exe
2012-05-30 01:43:02 212992 ----a-w- C:\Users\Jeff\AppData\Roaming\Microsoft\GwJUhRGVPSIvoiTFwKPwH.exe
2012-05-26 01:52:04 -------- d-----w- C:\ProgramData\ElectricSheep
2012-05-26 01:52:03 -------- d-----w- C:\Program Files (x86)\Electric Sheep
2012-05-23 00:56:47 960512 ----a-w- C:\Users\Jeff\AppData\Roaming\Microsoft\hNXivxSFqhsp.exe
2012-05-22 11:12:41 960512 ----a-w- C:\Users\Jeff\AppData\Roaming\Microsoft\nRcotVQ.exe
2012-05-22 06:19:33 960512 ----a-w- C:\Users\Jeff\AppData\Roaming\Microsoft\lFkKQlFWXrBBMtjBRaHaATCed.exe
2012-05-22 03:38:49 212992 --sh--r- C:\Users\Jeff\AppData\Roaming\Microsoft\lsass.exe
2012-05-20 03:20:36 -------- d-----w- C:\Users\Jeff\New Folder (9)
2012-05-20 02:24:20 -------- d-----w- C:\ProgramData\Battle.net
.
==================== Find3M ====================
.
2012-06-02 11:53:44 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-21 21:38:27 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2012-05-21 21:38:26 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2012-05-21 21:38:26 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2012-05-21 21:22:23 2829 ----a-w- C:\Windows\DIIUnin.pif
2012-05-21 21:22:22 94208 ----a-w- C:\Windows\DIIUnin.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-13 16:04:41 49664 ----a-w- C:\Users\Jeff\AppData\Roaming\windefender.exe
2012-04-09 00:46:17 303710 ---h--w- C:\Users\Jeff\AppData\Roaming\Update.exe
2012-04-06 18:15:10 38632 ----a-w- C:\Windows\System32\drivers\taphss.sys
2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-01 22:43:06 8767136 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-20 23:34:30 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 17:00:57.89 ===============




and

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/17/2009 5:17:57 AM
System Uptime: 6/14/2012 2:52:17 PM (3 hours ago)
.
Motherboard: Compal | | 30F4
Processor: Intel® Core™2 Duo CPU P8400 @ 2.26GHz | CPU | 2267/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 0.368 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.863 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP932: 6/14/2012 3:36:43 AM - Windows Update
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe Photoshop Elements 6.0
Adobe Reader 8.3.1
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Alien Swarm
ANNO 2070
Apple Application Support
Apple Software Update
Ask Toolbar
Assassin's Creed II
Audiosurf
AVS Update Manager 1.0
Batman: Arkham Asylum
Bing Bar
BitTorrent
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
Command & Conquer 3
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
CyberLink DVD Suite
CyberLink YouCam
D3DX10
Dawn of War - Soulstorm
Dead Rising 2
Dead Space™
Debut Video Capture Software
Destinations
DeviceManagementQFolder
Diablo II
DivX Setup
DocProc
DocProcQFolder
Download Updater (AOL LLC)
Driver Detective
Dual-Core Optimizer
EasyBits GO
Electric Sheep 2.7b34
eSupportQFolder
Fax
Free Audio CD Burner version 1.4.7
Free Video to Flash Converter version 4.7.24.426
Free Video to MP3 Converter version 4.3.1.718
Free YouTube to MP3 Converter version 3.10.8.815
Freecorder Toolbar
GameSpy Arcade
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP MULTIPLE MODEM INSTALLER for VISTA
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 D3
HP QuickPlay 3.7
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0103
HP Wireless Assistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
HPTCSSetup
IDT Audio
Java Auto Updater
Java™ 6 Update 29
JMicron JMB38X Flash Media Controller
LabelPrint
League of Legends
LightScribe System Software 1.12.33.2
Lounge Lizard Session v3.1.4
Malwarebytes' Anti-Malware
ManyCam 2.6.65 (remove only)
MarketResearch
Mass Effect 2
Messenger Companion
Metal Gear Solid
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft XNA Framework Redistributable 4.0
MixMeister BPM Analyzer 1.0
Moonbase Alpha
MorphVOX Junior
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
NVIDIA PhysX
Oblivion
Opera 10.62
Pando Media Booster
Pcsx2 0.9.6
PhotoNow!
PoiZone
Portal 2
Power2Go
PowerDirector
PowerISO
Prism Video File Converter
PSSWCORE
QuickPlay SlingPlayer 0.4.6
QuickTime
R.U.S.E. Beta
Realtek 8169 8168 8101E 8102E Ethernet Driver
Replay Video Capture
Resolume Avenue 3.3.2
Revo Uninstaller 1.92
Rise Of Legends
SanDiskSecureAccess_Manager.exe
Sawer
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Segoe UI
Skype Click to Call
Skype™ 5.9
Slingbox Flash Tour
SlingPlayer
SolutionCenter
SoulSeek 157 NS 13e
SPORE™
Spybot - Search & Destroy
Star Wars Battlefront II
Starcraft
StarCraft II
StarCraft II Beta
Status
Steam
Swiff Player 1.7.1
Terraria
Toolbox
Toxic Biohazard
TrayApp
Ubisoft Game Launcher
Ulead GIF Animator 5 TBYB
Ultra Analog Session v1.1.4
Uninstall 1.0.0.1
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
VC80CRTRedist - 8.0.50727.6195
VideoToolkit01
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vizzed Retro Game Room
VLC media player 1.0.3
WD Software Upgrader
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinPcap 4.1.2
Yahoo! Messenger
Yahoo! Toolbar
ZillaTube 4.2
.
==== Event Viewer Messages From Past Week ========
.
6/9/2012 7:35:25 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.81 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/9/2012 7:33:37 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.81 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/9/2012 5:10:44 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.78 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/8/2012 9:57:54 PM, Error: Service Control Manager [7034] - The Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
6/8/2012 9:37:05 PM, Error: EventLog [6008] - The previous system shutdown at 7:37:32 PM on 6/8/2012 was unexpected.
6/8/2012 8:39:02 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.69 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/8/2012 8:37:15 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.68 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/8/2012 8:36:10 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.67 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/8/2012 7:43:51 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.62 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/8/2012 6:52:12 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.77 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/8/2012 5:17:26 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
6/8/2012 4:20:20 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.76 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/8/2012 4:19:17 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.75 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/8/2012 4:18:31 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.74 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/8/2012 3:41:33 AM, Error: EventLog [6008] - The previous system shutdown at 11:47:32 PM on 6/7/2012 was unexpected.
6/8/2012 11:13:28 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.71 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/8/2012 11:10:10 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.70 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/8/2012 10:21:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "2" attempting to start the service SBAMSvc with arguments "" in order to run the server: {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43}
6/8/2012 10:15:37 PM, Error: EventLog [6008] - The previous system shutdown at 10:13:02 PM on 6/8/2012 was unexpected.
6/8/2012 1:46:55 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.73 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/8/2012 1:45:58 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.72 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/14/2012 9:40:45 AM, Error: VDS Dynamic Provider [10] - The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505
6/14/2012 3:31:28 AM, Error: EventLog [6008] - The previous system shutdown at 10:08:37 PM on 6/13/2012 was unexpected.
6/14/2012 2:56:29 PM, Error: Service Control Manager [7000] - The Ad-Aware service failed to start due to the following error: The system cannot find the file specified.
6/14/2012 2:54:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
6/14/2012 2:54:20 PM, Error: Service Control Manager [7022] - The QuickPlay Task Scheduler (QTS) service hung on starting.
6/14/2012 2:54:17 PM, Error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The system cannot find the path specified.
6/14/2012 2:52:39 PM, Error: EventLog [6008] - The previous system shutdown at 2:50:55 PM on 6/14/2012 was unexpected.
6/14/2012 2:52:34 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
6/13/2012 5:44:19 AM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
6/13/2012 5:30:48 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.35 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/13/2012 5:07:38 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.31 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/13/2012 4:25:34 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.40 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/13/2012 3:49:08 AM, Error: EventLog [6008] - The previous system shutdown at 3:44:01 AM on 6/13/2012 was unexpected.
6/13/2012 3:27:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656368).
6/13/2012 3:12:32 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2686827).
6/13/2012 2:36:36 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.38 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/13/2012 12:54:34 PM, Error: EventLog [6008] - The previous system shutdown at 12:50:54 PM on 6/13/2012 was unexpected.
6/13/2012 1:45:45 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.36 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/13/2012 1:41:28 PM, Error: EventLog [6008] - The previous system shutdown at 1:39:11 PM on 6/13/2012 was unexpected.
6/13/2012 1:39:07 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
6/12/2012 8:52:05 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer BILLSG5-511 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{36C595CD-F7A5-45F0-BCCD-FBE75E3E1F72}. The master browser is stopping or an election is being forced.
6/12/2012 12:50:34 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.30 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/12/2012 12:27:49 PM, Error: EventLog [6008] - The previous system shutdown at 12:25:59 PM on 6/12/2012 was unexpected.
6/12/2012 12:23:03 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.29 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/12/2012 12:20:26 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.28 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/12/2012 11:49:04 AM, Error: EventLog [6008] - The previous system shutdown at 11:46:11 AM on 6/12/2012 was unexpected.
6/12/2012 10:40:39 AM, Error: Service Control Manager [7000] - The WDDMService service failed to start due to the following error: The system cannot find the path specified.
6/12/2012 10:39:01 AM, Error: EventLog [6008] - The previous system shutdown at 10:37:05 AM on 6/12/2012 was unexpected.
6/12/2012 10:02:03 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.22 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/11/2012 8:24:24 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.19 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/11/2012 7:01:29 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.12 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/11/2012 12:44:12 PM, Error: EventLog [6008] - The previous system shutdown at 12:42:09 PM on 6/11/2012 was unexpected.
6/11/2012 12:42:09 PM, Error: EventLog [6008] - The previous system shutdown at 12:40:38 PM on 6/11/2012 was unexpected.
6/11/2012 12:40:55 PM, Error: DCOM [10005] -
6/11/2012 12:40:38 PM, Error: EventLog [6008] - The previous system shutdown at 12:33:29 PM on 6/11/2012 was unexpected.
6/11/2012 11:12:48 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
6/10/2012 6:58:36 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.8 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/10/2012 4:14:05 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.16.0.6 for the Network Card with network address 0016EA9DE86C has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
6/10/2012 2:29:47 PM, Error: EventLog [6008] - The previous system shutdown at 2:18:52 PM on 6/10/2012 was unexpected.
6/10/2012 2:18:52 PM, Error: EventLog [6008] - The previous system shutdown at 2:16:05 PM on 6/10/2012 was unexpected.
6/10/2012 12:57:31 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer IMAC-CE692F that believes that it is the master browser for the domain on transport NetBT_Tcpip_{36C595CD-F7A5-45F0-BCCD-FBE75E3E1F72}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:28 PM

Posted 15 June 2012 - 09:18 AM

Greetings beesus,

Thank you for allowing me the time to review the information you provided. I have a step for you to take which is listed below but I must first advise you of the following:


===================================================


BACKDOOR WARNING!

--------------------

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


===================================================


Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

  • Please download ComboFix from one of these locations:

    BleepingComputer

    ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.

    Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If ComboFix has stopped running please stop and advise me.

    • Check your computer clock. If it is still running then so is ComboFix
    • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
    • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
    Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue
  • When finished, it will produce a log. Please include the C:\Combofix.txt log in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 beesus

beesus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 18 June 2012 - 06:13 PM

Ok sorry I havent replied in a while, I downloaded and ran combofix which ended up removing the file sbtis.sys and made my computer bluescreen immediately during startup every time, so I spent a long time looking up things and trying to fix it in safe mode (which i finally just did). Apparently Ad-Aware downloaded some Sunbelt software onto my computer and didnt tell me, which was messing with a LOT of things. I managed to remove most of it i think, and at the very least got it where I can boot into windows again. Anyways after all that I ran combofix again, here's the logfile


ComboFix 12-06-15.06 - Jeff 06/18/2012 16:43:08.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4092.2300 [GMT -5:00]
Running from: c:\users\Jeff\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\es.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\server.log
c:\windows\wpe pro.INI
.
.
((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-18 21:53 . 2012-06-18 21:55 -------- d-----w- c:\users\Jeff\AppData\Local\temp
2012-06-18 21:53 . 2012-06-18 21:53 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-06-18 21:53 . 2012-06-18 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-12 19:01 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 19:01 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 10:20 . 2012-06-09 12:02 -------- d-----w- c:\users\Jeff\dwhelper
2012-06-09 09:41 . 2012-06-09 09:41 388096 ----a-r- c:\users\Jeff\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-09 09:41 . 2012-06-09 09:41 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-08 22:12 . 2012-06-13 20:53 -------- d-----w- c:\users\Jeff\AppData\Roaming\.minecraft
2012-06-08 21:22 . 2012-06-15 23:13 -------- d-----w- c:\users\Jeff\AppData\Roaming\dclogs
2012-06-06 21:49 . 2012-06-06 21:55 -------- d-----w- c:\users\Jeff\AppData\Roaming\ManyCam
2012-06-05 09:56 . 2012-06-18 21:53 -------- d-----w- c:\users\Jeff\AppData\Roaming\BitTorrent
2012-06-04 22:33 . 2012-06-18 21:41 -------- d-----w- c:\users\Jeff\AppData\Roaming\Skype
2012-06-04 20:40 . 2012-06-18 20:39 -------- d-----w- c:\users\Jeff\AppData\Roaming\vlc
2012-06-04 20:36 . 2012-06-16 02:25 52846 ----a-w- c:\users\Jeff\AppData\Roaming\data.bin
2012-06-04 20:35 . 2012-06-04 23:44 -------- d-----w- c:\users\Jeff\AppData\Roaming\Apple Computer
2012-06-02 11:53 . 2012-06-02 11:53 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-26 01:52 . 2012-05-27 00:35 -------- d-----w- c:\programdata\ElectricSheep
2012-05-26 01:52 . 2012-05-26 01:52 -------- d-----w- c:\program files (x86)\Electric Sheep
2012-05-20 03:20 . 2012-05-20 09:21 -------- d-----w- c:\users\Jeff\New Folder (9)
2012-05-20 02:24 . 2012-05-20 02:24 -------- d-----w- c:\programdata\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 11:53 . 2012-04-18 18:26 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-21 21:38 . 2011-01-19 07:27 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2012-05-21 21:38 . 2011-01-19 07:27 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2012-05-21 21:38 . 2011-01-19 07:27 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2012-05-21 21:22 . 2011-01-19 08:15 2829 ----a-w- c:\windows\DIIUnin.pif
2012-05-21 21:22 . 2011-01-19 08:15 94208 ----a-w- c:\windows\DIIUnin.exe
2012-04-06 18:15 . 2012-04-06 18:15 38632 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-04-03 08:22 . 2012-05-09 03:18 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-01 22:43 . 2012-04-01 22:43 8767136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 12:45 . 2012-05-09 03:55 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:34 . 2012-05-09 03:24 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-16_11.13.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-06-18 21:58 75774 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-12-18 00:18 . 2012-06-18 21:58 21748 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-39995744-208259271-1892916730-1000_UserData.bin
- 2006-11-02 12:40 . 2012-05-07 19:28 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 12:40 . 2012-06-16 18:58 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 12:40 . 2012-06-16 18:58 51200 c:\windows\inf\infpub.dat
- 2006-11-02 12:40 . 2012-06-06 21:49 51200 c:\windows\inf\infpub.dat
- 2012-06-16 11:13 . 2012-06-16 11:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-18 21:55 . 2012-06-18 21:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-16 11:13 . 2012-06-16 11:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-18 21:55 . 2012-06-18 21:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-17 18:02 . 2012-06-17 01:32 314260 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 15:45 . 2012-06-18 21:58 122776 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-27 09:16 . 2012-06-18 21:53 299880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-11-27 09:16 . 2012-05-11 10:51 299880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2006-11-02 12:40 . 2012-06-06 21:49 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 12:40 . 2012-06-16 18:58 143360 c:\windows\inf\infstrng.dat
- 2010-11-27 09:16 . 2012-05-11 10:51 9592972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-39995744-208259271-1892916730-1000-12288.dat
+ 2010-11-27 09:16 . 2012-06-18 21:53 9592972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-39995744-208259271-1892916730-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-18 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 17:44]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-22 02:27]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-22 02:27]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-39995744-208259271-1892916730-1000Core.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-17 18:41]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-39995744-208259271-1892916730-1000UA.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-17 18:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Free YouTube to Mp3 Converter - c:\users\Jeff\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 172.16.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\duah186h.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-SBAMSvc
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-freecordertoolbar - c:\program files (x86)\freecordertoolbar\uninstall.exe
AddRemove-GameSpy Arcade - c:\progra~2\GAMESP~1\UNWISE.EXE
AddRemove-Lounge Lizard Session - c:\program files (x86)\AAS\Lounge Lizard Session\Uninstall.exe
AddRemove-Metal Gear Solid - c:\program files (x86)\Metal Gear Solid\Uninstal.exe
AddRemove-MSNINST - c:\program files (x86)\MSN\MsnInstaller\msniadm.exe
AddRemove-Postal 2_is1 - c:\program files (x86)\Valve\Portal 2\unins000.exe
AddRemove-SoftwareUpdUtility - c:\program files (x86)\Common Files\Software Update Utility\uninstall.exe
AddRemove-Ultra Analog Session - c:\program files (x86)\AAS\Ultra Analog Session\Uninstall.exe
AddRemove-Yahoo! Toolbar - c:\progra~2\Yahoo!\Common\unyt.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-39995744-208259271-1892916730-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:26,c1,90,d8,63,8f,27,00,2d,2c,05,77,b9,da,00,5a,d4,56,79,2f,95,a2,bc,
14,16,84,95,bd,aa,33,c6,7f,95,00,46,4e,5a,78,39,20,2d,bd,60,09,78,a1,e5,17,\
"??"=hex:2a,09,97,9d,ea,97,c6,c6,8e,8d,7d,13,8e,12,98,02
.
[HKEY_USERS\S-1-5-21-39995744-208259271-1892916730-1000\Software\SecuROM\License information*]
"datasecu"=hex:27,51,0f,3b,bf,ec,2f,e7,a7,d3,f8,f7,56,9d,96,a7,8f,ec,fd,f7,4f,
a7,3b,9b,bc,0b,8b,e2,2b,44,50,cf,bb,6a,34,ef,f5,ec,11,2b,41,bd,ab,c3,32,24,\
"rkeysecu"=hex:84,4f,67,66,80,1d,f9,00,0a,bd,9d,c8,d9,1c,5d,2e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2012-06-18 17:04:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-18 22:04
ComboFix2.txt 2012-06-16 11:20
.
Pre-Run: 1,393,336,320 bytes free
Post-Run: 2,099,798,016 bytes free
.
- - End Of File - - DC7886B320D01692411E29DD89759426

And thanks again, sorry for the slow response.

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:28 PM

Posted 19 June 2012 - 02:22 PM

Greetings beesus,


Please see and consider the following.


===================================================


Posting Previous ComboFix Log

--------------------

I would like to evaluate the Combofix log that was created during the first run.

Please copy and paste the listed file in your reply

  • c:\qoobox\combofix2.txt

===================================================


P2P Warning

--------------------

Going over your logs I noticed that you have SoulseekNS and µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall SoulseekNS and µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.


===================================================


Viewpoint Manager Caution

--------------------

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

"To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously."

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware. I recommend that you remove the Viewpoint products; however, decide for yourself. If you decided to uninstall it you may do so through Add/Remove Programs.


===================================================


In addition to the evidence presented in the logs, it is important for me to understand what symptoms you may be experiencing. Please let me know how your computer is behaving and any issues you are noticing.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix2.txt
  • How is your computer behaving?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:28 PM

Posted 23 June 2012 - 05:17 PM

Greetings beesus,


===================================================

3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:28 AM

Posted 27 June 2012 - 03:12 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users