Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Random audio ads playing in the background (no browser open)


(!)

decidedlyanxious's Avatar
decidedlyanxious decidedlyanxious is offline
Computer Specs
Member with 11 posts.
THREAD STARTER
 
Join Date: Jul 2012
Location: Australia
Experience: Intermediate
03-Jul-2012, 05:50 AM #1
Random audio ads playing in the background (no browser open)
Yesterday and the day before I opened my computer and all of a sudden random audio ads started to play even though I hadn't opened a browser or started any programs. Browsing through all the other techguy forum posts of people with the same computer symptoms (random audio ads playing in the background with no browser running) the problem has turned out to be a Zeroaccess Rootkit. If that turns out to be the case I'm prepared to do a hard drive reformat but would like to make certain before doing so (am extremely concerned about identity theft and banking detail implications).

There are no other symptoms of any viruses or malware - my computer is running fine and my Nod Eset antivirus scanner has turned up with 0 infections.

System specs:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz, Intel64 Family 6 Model 30 Stepping 5
Processor Count: 4
RAM: 8151 Mb
Graphics Card: NVIDIA GeForce GT 230, 1536 Mb
Hard Drives: C: Total - 942573 MB, Free - 613544 MB; D: Total - 11192 MB, Free - 1627 MB;
Motherboard: MSI, IONA
Antivirus: ESET NOD32 Antivirus 4.2, Updated and Enabled


Below is the HijackThis logfile


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:41:01 PM, on 3/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files (x86)\MultiScreen\MultiScreen.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuSchd2.exe
C:\Windows\OEM03Mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Users\Shirley\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
O4 - HKLM\..\Run: [F5D8055v2] C:\Program Files (x86)\Belkin\F5D8055\v2\BelkinDetectUI.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-440003043-1088803470-648843409-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-440003043-1088803470-648843409-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WNDA3100v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/soft...01/CTSUEng.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/soft...3/CTPIDPDE.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/soft...15/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...5118/CTPID.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNDA3100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe

--
End of file - 12981 bytes
decidedlyanxious's Avatar
decidedlyanxious decidedlyanxious is offline
Computer Specs
Member with 11 posts.
THREAD STARTER
 
Join Date: Jul 2012
Location: Australia
Experience: Intermediate
03-Jul-2012, 05:56 AM #2
DDS text file:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Shirley at 17:55:40 on 2012-07-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8151.6035 [GMT 8:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\MultiScreen\MultiScreen.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuSchd2.exe
C:\Windows\OEM03Mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Shirley\AppData\Local\Apps\2.0\AWLQ1Y62.RZ8\82EMCA2G.3MW\curs..tio n_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\CurseClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
mRun: [F5D8055v2] C:\Program Files (x86)\Belkin\F5D8055\v2\BelkinDetectUI.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Shirley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{84B3FB17-2CF6-4D8D-BC90-65B8F10F11A5} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{84B3FB17-2CF6-4D8D-BC90-65B8F10F11A5}\3547574656E647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{84B3FB17-2CF6-4D8D-BC90-65B8F10F11A5}\E4544574541425D223E243D274 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9E981298-052A-450F-9770-E1FA7783F507} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D7956ABC-BA6F-40DB-B167-BF28A6E841FB} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D7956ABC-BA6F-40DB-B167-BF28A6E841FB}\3547574656E647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EACC12C1-B2E0-4245-A9CC-8EBBBC6EF48D} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EACC12C1-B2E0-4245-A9CC-8EBBBC6EF48D}\3547574656E647 : DhcpNameServer = 192.168.0.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
mRun-x64: [F5D8055v2] C:\Program Files (x86)\Belkin\F5D8055\v2\BelkinDetectUI.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/12/19 11:41:51];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-12-19 146928]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-3-24 810120]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-19 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-2-23 103440]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-15 1262400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-10-30 278528]
R3 AVER_H193;AVerMedia H193 Video Capture;C:\Windows\system32\drivers\AVer888RC_64.sys --> C:\Windows\system32\drivers\AVer888RC_64.sys [?]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
R3 CXCIR;AVerMedia Consumer Infrared Receiver;C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys --> C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TotRec8;Total Recorder WDM audio filter driver;\??\C:\Windows\system32\drivers\TotRec8.sys --> C:\Windows\system32\drivers\TotRec8.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netr28ux;Belkin N+ Wireless USB Adapter Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;\??\C:\Windows\system32\Drivers\OEM03Afx.sys --> C:\Windows\system32\Drivers\OEM03Afx.sys [?]
S3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM03Vfx.sys --> C:\Windows\system32\DRIVERS\OEM03Vfx.sys [?]
S3 OEM03Vid;Creative Camera OEM003 Driver;C:\Windows\system32\DRIVERS\OEM03Vid.sys --> C:\Windows\system32\DRIVERS\OEM03Vid.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WRfiltv;WRfiltv;C:\Windows\system32\drivers\WRfiltv.sys --> C:\Windows\system32\drivers\WRfiltv.sys [?]
.
=============== Created Last 30 ================
.
2012-07-03 09:32:05 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78332675-CB20-40DC-ACF1-A21C387F2585}\offreg.dll
2012-06-29 06:51:38 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78332675-CB20-40DC-ACF1-A21C387F2585}\mpengine.dll
2012-06-19 06:18:19 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 06:17:59 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 06:17:39 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 06:17:38 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-15 14:28:02 -------- d-----w- C:\Users\Shirley\.config
2012-06-13 12:50:54 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 07:13:31 -------- d-----w- C:\Program Files\iTunes
2012-06-13 07:13:31 -------- d-----w- C:\Program Files\iPod
2012-06-13 07:13:31 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-14 18:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-18 12:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-18 12:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
.
============= FINISH: 17:55:55.08 ===============
decidedlyanxious's Avatar
decidedlyanxious decidedlyanxious is offline
Computer Specs
Member with 11 posts.
THREAD STARTER
 
Join Date: Jul 2012
Location: Australia
Experience: Intermediate
03-Jul-2012, 06:00 AM #3
DDS file Attach.txt
as attached.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
03-Jul-2012, 09:31 AM #4
Hi and welcome....

Please download aswMBR to your desktop.
  • Right click and Run as Administrator the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If asked whether you would like to update the Avast virus database please do.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.


Click the image to enlarge it
----------
decidedlyanxious's Avatar
decidedlyanxious decidedlyanxious is offline
Computer Specs
Member with 11 posts.
THREAD STARTER
 
Join Date: Jul 2012
Location: Australia
Experience: Intermediate
03-Jul-2012, 09:56 AM #5
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-03 21:46:29
-----------------------------
21:46:29.672 OS Version: Windows x64 6.1.7601 Service Pack 1
21:46:29.672 Number of processors: 4 586 0x1E05
21:46:29.672 ComputerName: SHIRLEY-PC UserName: Shirley
21:46:31.809 Initialize success
21:49:52.860 AVAST engine defs: 12070300
21:50:55.290 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:50:55.290 Disk 0 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 8
21:50:55.290 Disk 0 MBR read successfully
21:50:55.306 Disk 0 MBR scan
21:50:55.306 Disk 0 unknown MBR code
21:50:55.322 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:50:55.337 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942574 MB offset 206848
21:50:55.384 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11193 MB offset 1930598400
21:50:55.431 Disk 0 scanning C:\Windows\system32\drivers
21:51:06.070 Service scanning
21:51:28.066 Modules scanning
21:51:28.082 Disk 0 trace - called modules:
21:51:28.097 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:51:28.612 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007add060]
21:51:28.612 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80077e5050]
21:51:30.671 AVAST engine scan C:\Windows
21:51:34.384 AVAST engine scan C:\Windows\system32
21:54:05.503 AVAST engine scan C:\Windows\system32\drivers
21:54:19.543 AVAST engine scan C:\Users\Shirley
21:55:03.545 Disk 0 MBR has been saved successfully to "C:\Users\Shirley\Desktop\MBR.dat"
21:55:03.545 The log file has been saved successfully to "C:\Users\Shirley\Desktop\aswMBR.txt"
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
03-Jul-2012, 10:49 AM #6
Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
----------

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.

In your next reply please post the logs made by TDSSKiller and MBRCheck.
decidedlyanxious's Avatar
decidedlyanxious decidedlyanxious is offline
Computer Specs
Member with 11 posts.
THREAD STARTER
 
Join Date: Jul 2012
Location: Australia
Experience: Intermediate
03-Jul-2012, 11:44 AM #7
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: VT564AA-ABG HPE-180a
Logical Drives Mask: 0x000005fc

Kernel Drivers (total 196):
0x02E05000 \SystemRoot\system32\ntoskrnl.exe
0x033ED000 \SystemRoot\system32\hal.dll
0x00BAE000 \SystemRoot\system32\kdcom.dll
0x00CC8000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D17000 \SystemRoot\system32\PSHED.dll
0x00D2B000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E4E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EF2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F01000 \SystemRoot\system32\drivers\ACPI.sys
0x00F58000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F61000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F6B000 \SystemRoot\system32\drivers\pci.sys
0x00F9E000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FAB000 \SystemRoot\System32\drivers\partmgr.sys
0x00FC0000 \SystemRoot\system32\drivers\volmgr.sys
0x00D89000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FD5000 \SystemRoot\System32\drivers\mountmgr.sys
0x01058000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01260000 \SystemRoot\system32\drivers\amdxata.sys
0x0126B000 \SystemRoot\system32\drivers\fltmgr.sys
0x012B7000 \SystemRoot\system32\drivers\fileinfo.sys
0x01432000 \SystemRoot\System32\Drivers\Ntfs.sys
0x012CB000 \SystemRoot\System32\Drivers\msrpc.sys
0x015D5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01329000 \SystemRoot\System32\Drivers\cng.sys
0x01400000 \SystemRoot\System32\drivers\pcw.sys
0x01411000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016DC000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018DF000 \SystemRoot\System32\drivers\tcpip.sys
0x01AE2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B2C000 \SystemRoot\system32\DRIVERS\scmndisp.sys
0x01B36000 \SystemRoot\system32\drivers\volsnap.sys
0x01B82000 \SystemRoot\System32\Drivers\spldr.sys
0x01B8A000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BC4000 \SystemRoot\System32\Drivers\mup.sys
0x01BD6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0183A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01850000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x044B3000 \SystemRoot\system32\drivers\cdrom.sys
0x044DD000 \SystemRoot\System32\Drivers\Null.SYS
0x044E6000 \SystemRoot\System32\Drivers\Beep.SYS
0x044ED000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x04512000 \SystemRoot\System32\drivers\vga.sys
0x04520000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04545000 \SystemRoot\System32\drivers\watchdog.sys
0x04555000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0455E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04567000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04570000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0457B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0458C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x045AE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04200000 \SystemRoot\system32\drivers\afd.sys
0x045BB000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04289000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0188E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x018B4000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x018CA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01BDF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0168B000 \SystemRoot\system32\drivers\termdd.sys
0x0139B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0169F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x016AB000 \SystemRoot\system32\drivers\mssmbios.sys
0x016B6000 \SystemRoot\System32\drivers\discache.sys
0x017CF000 \SystemRoot\System32\Drivers\dfsc.sys
0x017ED000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x01000000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x016C5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0F22C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FFEE000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x04674000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04768000 \SystemRoot\System32\drivers\dxgmms1.sys
0x047AE000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x047BF000 \SystemRoot\system32\drivers\usbehci.sys
0x04600000 \SystemRoot\system32\drivers\USBPORT.SYS
0x047D0000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04AA5000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04AFB000 \SystemRoot\system32\drivers\1394ohci.sys
0x04B39000 \SystemRoot\system32\drivers\AVer888RC_64.sys
0x04A00000 \SystemRoot\system32\drivers\ks.sys
0x04A43000 \SystemRoot\system32\drivers\BdaSup.SYS
0x04A47000 \??\C:\Windows\system32\drivers\TotRec8.sys
0x04A70000 \SystemRoot\system32\drivers\ksthunk.sys
0x04A76000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04A83000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04BBE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04BD4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04A93000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x01026000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04656000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0F200000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00E00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0FFF0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0141B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04A9F000 \SystemRoot\system32\drivers\swenum.sys
0x013EC000 \SystemRoot\system32\DRIVERS\circlass.sys
0x00E1A000 \SystemRoot\system32\drivers\umbus.sys
0x04E83000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04EDD000 \SystemRoot\system32\DRIVERS\AVer888RCIR_64.sys
0x04EEE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06018000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x06275000 \SystemRoot\system32\drivers\portcls.sys
0x062B2000 \SystemRoot\system32\drivers\drmk.sys
0x062D4000 \SystemRoot\system32\DRIVERS\hidir.sys
0x062E5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x062FE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06307000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x06315000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x06322000 \SystemRoot\System32\drivers\Dxapi.sys
0x0632E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04292000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x0633C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0634F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x0284F000 \SystemRoot\system32\DRIVERS\bcmwlhigh664.sys
0x02986000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x02993000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x029A1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x029A3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x029C0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x029DB000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x029EC000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x02800000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x02810000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x02838000 \SystemRoot\system32\drivers\Dot4Prt.sys
0x005E0000 \SystemRoot\System32\TSDDD.dll
0x00610000 \SystemRoot\System32\cdd.dll
0x008B0000 \SystemRoot\System32\ATMFD.DLL
0x0635D000 \SystemRoot\system32\drivers\luafv.sys
0x04F03000 \SystemRoot\system32\DRIVERS\eamonm.sys
0x06380000 \SystemRoot\system32\drivers\WudfPf.sys
0x063A1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04E00000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x063B6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x063C9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x048A9000 \SystemRoot\system32\drivers\HTTP.sys
0x04972000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04990000 \SystemRoot\System32\drivers\mpsdrv.sys
0x049A8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0484E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x04872000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x0487C000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x078E4000 \SystemRoot\system32\drivers\peauth.sys
0x0798A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07995000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x079C6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07800000 \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
0x0782B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07E34000 \SystemRoot\System32\DRIVERS\srv.sys
0x07ECC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x07F6E000 \??\C:\Users\Shirley\AppData\Local\Temp\aswMBR.sys
0x76E40000 \Windows\System32\ntdll.dll
0x47970000 \Windows\System32\smss.exe
0xFF160000 \Windows\System32\apisetschema.dll
0xFF480000 \Windows\System32\autochk.exe
0xFF0D0000 \Windows\System32\difxapi.dll
0x76C30000 \Windows\System32\iertutil.dll
0xFF030000 \Windows\System32\comdlg32.dll
0xFEFD0000 \Windows\System32\Wldap32.dll
0xFEF30000 \Windows\System32\msvcrt.dll
0x76AD0000 \Windows\System32\wininet.dll
0xFEEC0000 \Windows\System32\gdi32.dll
0xFEDE0000 \Windows\System32\oleaut32.dll
0xFED90000 \Windows\System32\ws2_32.dll
0xFEC80000 \Windows\System32\msctf.dll
0xFEA70000 \Windows\System32\ole32.dll
0xFEA50000 \Windows\System32\sechost.dll
0xFEA30000 \Windows\System32\imagehlp.dll
0xFEA20000 \Windows\System32\lpk.dll
0xFE9F0000 \Windows\System32\imm32.dll
0xFDC60000 \Windows\System32\shell32.dll
0x76980000 \Windows\System32\urlmon.dll
0xFDB80000 \Windows\System32\advapi32.dll
0x77010000 \Windows\System32\psapi.dll
0xFDAB0000 \Windows\System32\usp10.dll
0xFDA30000 \Windows\System32\shlwapi.dll
0xFD850000 \Windows\System32\setupapi.dll
0x77000000 \Windows\System32\normaliz.dll
0xFD7B0000 \Windows\System32\clbcatq.dll
0x76880000 \Windows\System32\user32.dll
0x76760000 \Windows\System32\kernel32.dll
0xFD680000 \Windows\System32\rpcrt4.dll
0xFD670000 \Windows\System32\nsi.dll
0xFD5D0000 \Windows\System32\comctl32.dll
0xFD590000 \Windows\System32\wintrust.dll
0xFD570000 \Windows\System32\devobj.dll
0xFD400000 \Windows\System32\crypt32.dll
0xFD3C0000 \Windows\System32\cfgmgr32.dll
0xFD350000 \Windows\System32\KernelBase.dll
0xFD340000 \Windows\System32\msasn1.dll
0x76FF0000 \Windows\SysWOW64\normaliz.dll

Processes (total 88):
0 System Idle Process
4 System
332 C:\Windows\System32\smss.exe
480 csrss.exe
540 C:\Windows\System32\wininit.exe
564 csrss.exe
604 C:\Windows\System32\services.exe
620 C:\Windows\System32\lsass.exe
628 C:\Windows\System32\lsm.exe
744 C:\Windows\System32\winlogon.exe
752 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\nvvsvc.exe
852 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
896 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
300 C:\Windows\System32\svchost.exe
548 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\wlanext.exe
1164 C:\Windows\System32\conhost.exe
1216 C:\Windows\System32\spoolsv.exe
1300 C:\Windows\System32\svchost.exe
1432 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1480 C:\Program Files\Bonjour\mDNSResponder.exe
1524 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
1696 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1708 C:\Windows\System32\nvvsvc.exe
1828 C:\Windows\System32\svchost.exe
1852 C:\Windows\SysWOW64\svchost.exe
1876 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1912 C:\PROGRA~2\McAfee\SITEAD~1\mcsacore.exe
1936 C:\Windows\System32\svchost.exe
1992 C:\Windows\System32\rundll32.exe
2004 C:\Windows\System32\rundll32.exe
2012 C:\Windows\SysWOW64\rundll32.exe
1516 C:\Windows\System32\svchost.exe
1016 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2132 C:\Windows\System32\svchost.exe
2172 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2228 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2292 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
2304 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3000 C:\Windows\System32\svchost.exe
1812 WUDFHost.exe
3024 C:\Windows\System32\taskhost.exe
2704 C:\Windows\System32\taskeng.exe
2976 C:\Windows\System32\dwm.exe
2708 C:\Windows\explorer.exe
3132 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
3204 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
3228 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
3248 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
3264 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
3300 C:\Program Files (x86)\MultiScreen\MultiScreen.exe
3408 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
3444 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
3464 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
3480 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
3600 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
3612 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
3632 C:\Program Files (x86)\hp\HP Software Update\hpwuSchd2.exe
3648 C:\Users\Shirley\AppData\Local\Apps\2.0\AWLQ1Y62.RZ8\82EMCA2G.3MW\curs..tio n_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\CurseClient.exe
3660 C:\Windows\OEM03Mon.exe
3808 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3824 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3932 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
3244 C:\Program Files\iPod\bin\iPodService.exe
3556 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
3584 C:\Windows\System32\SearchIndexer.exe
3896 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
4764 C:\Program Files\Windows Media Player\wmpnetwk.exe
4992 C:\Windows\System32\svchost.exe
4384 C:\Windows\System32\taskeng.exe
4496 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
4548 C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
2792 C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
4440 C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
5396 dllhost.exe
4428 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
6104 C:\Windows\System32\svchost.exe
6380 C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
12960 C:\Windows\System32\audiodg.exe
12580 C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
13192 dllhost.exe
13140 dllhost.exe
468 C:\Users\Shirley\Desktop\MBRCheck.exe
13436 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000e6`25300000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDT721010SLA360, Rev: ST6OA39D

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 767BA62C9E78D8BC0F91B55FA0F4FADDFE463E62


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
03-Jul-2012, 11:53 AM #8
Hi,

Thanks for those.

Download Combofix from the link below, and save it to your desktop.
Link

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
decidedlyanxious's Avatar
decidedlyanxious decidedlyanxious is offline
Computer Specs
Member with 11 posts.
THREAD STARTER
 
Join Date: Jul 2012
Location: Australia
Experience: Intermediate
03-Jul-2012, 12:21 PM #9
Combofix txt file log
as attached. Many thanks for your assistance thus far .
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.

Last edited by decidedlyanxious; 03-Jul-2012 at 12:22 PM.. Reason: spelling
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
03-Jul-2012, 03:44 PM #10
Hi,

You are more than welcome.
---------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


**If you are using a 64bit system please use either of the following links for your download instead:
Link 1
Link 2
  • Right-click and Run as Administrator SystemLook.exe to run it.
  • Copy the content within the following codebox into the main textfield:
    Code:
    :dir
    c:\users\Shirley\.config /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
decidedlyanxious's Avatar
decidedlyanxious decidedlyanxious is offline
Computer Specs
Member with 11 posts.
THREAD STARTER
 
Join Date: Jul 2012
Location: Australia
Experience: Intermediate
03-Jul-2012, 11:04 PM #11
I'll be leaving for a family trip in 15 mins so won't be able to reply back until tomorrow.

SystemLook 30.07.11 by jpshortstuff
Log created at 11:01 on 04/07/2012 by Shirley
Administrator - Elevation successful

========== dir ==========

c:\users\Shirley\.config - Parameters: "/s"

---Files---
None found.

c:\users\Shirley\.config\qtcurve d------ [14:28 15/06/2012]

-= EOF =-
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
04-Jul-2012, 02:34 PM #12
Hi,

I see that you have had McAfee on your system before, but now seem to use ESET? If you are no longer using McAfee please uninstall that through Control Panel >> Programs and Features. Then run the following tool to remove anything left of McAfee >> http://download.mcafee.com/products/...tches/MCPR.exe Once that tool is run reboot your system.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code:
    ClearJavaCache::
    
    DDS::
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
decidedlyanxious's Avatar
decidedlyanxious decidedlyanxious is offline
Computer Specs
Member with 11 posts.
THREAD STARTER
 
Join Date: Jul 2012
Location: Australia
Experience: Intermediate
05-Jul-2012, 05:24 AM #13
ComboFix scan Take 2
as attached .
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
05-Jul-2012, 08:20 AM #14
Hi,

Please download Malwarebytes' Anti-Malware to your desktop.
  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.


  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


The log can also be found here:
C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
  • Click Scan (This scan can take several hours, so please be patient)
  • If there are threats that are found, please press List of found threats and then in the next window that opens press Export to text file...
  • Copy and paste/or attach that log as a reply to this topic
**Note** If not threats are found there will not be a log created.
----------

In your next reply please post the logs created by Malwarebytes and ESET.
decidedlyanxious's Avatar
decidedlyanxious decidedlyanxious is offline
Computer Specs
Member with 11 posts.
THREAD STARTER
 
Join Date: Jul 2012
Location: Australia
Experience: Intermediate
06-Jul-2012, 12:16 AM #15
Apologies for the late reply - below is log for the malwarebytes scan. The Eset online scan found no threats.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.05.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Shirley :: SHIRLEY-PC [administrator]

5/07/2012 9:33:47 PM
mbam-log-2012-07-05 (21-33-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231646
Time elapsed: 2 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑