1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer invaded possibly to steal banking info, Russian server

Discussion in 'Virus & Other Malware Removal' started by RipnDip, Jan 29, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. RipnDip

    RipnDip Thread Starter

    Joined:
    Mar 14, 2009
    Messages:
    67
    Thanks for your time.

    A very nasty program on site hxxp://translateclient.com claimed to be Google Translator, I downloaded from filefactory, which I thought scanned their files. It has invaded my computer changed my homepage, default search the whole 9.

    “Client for Google Translate” referred to a toolbar (VisualBee) also installed (even though I denied it) and changed all my settings, numerous programs keep popping up. I want to make sure no trackers and malware were leftover and restore it to how it was a few days ago but keep the updates I’ve made to documents etc.


    https://www.virustotal.com/file/cf5465c9a8fad8f3648b044d61dfc5ed3f7bb07b7b137a40474e6368f9eb241a/analysis/


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:33:21 AM, on 1/29/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Users\FBI Surveillance Van\Local Settings\Apps\F.lux\flux.exe
    C:\Users\FBI Surveillance Van\AppData\Roaming\SearchProtect\bin\cltmng.exe
    C:\Users\FBI Surveillance Van\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Evernote\EvernoteClipper.exe
    C:\Program Files (x86)\Evernote\EvernoteTray.exe
    C:\Users\FBI Surveillance Van\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Evernote\Evernote.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
    C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    Q:\140066.enu\Office14\WINWORDC.EXE
    Q:\140066.enu\Office14\OffSpon.EXE
    C:\Users\FBI Surveillance Van\Pictures\Health-Fitness\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?

    SearchSource=10&CUI=UN69903720112430242&ctid=CT3268494
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee

    \SITEAD~1\mcieplg.dll
    R3 - URLSearchHook: VisualBee V.1 Toolbar - {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files

    (x86)\VisualBee_V.1\prxtbVisu.dll (file missing)
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

    \ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:

    \ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint

    EX\ewpexbho.dll
    O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files (x86)\Desktop

    Sidebar\sbhelp.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search &

    Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin

    \ssv.dll
    O2 - BHO: VisualBee V.1 - {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVisu.dll (file

    missing)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files

    \Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\EvernoteIE.dll
    O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
    O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet

    Explorer\skypeieplugin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin

    \jp2ssv.dll
    O2 - BHO: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - mscoree.dll (file missing)
    O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint

    EX\ewpexhlp.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
    O3 - Toolbar: VisualBee V.1 Toolbar - {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files

    (x86)\VisualBee_V.1\prxtbVisu.dll (file missing)
    O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files (x86)\Evernote\\EvernoteIERes\Clip.html
    O8 - Extra context menu item: LastPass - file://C:\Users\FBI Surveillance Van\AppData\LocalLow\LastPass\context.html?

    cmd=lastpass
    O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\FBI Surveillance Van\AppData\LocalLow\LastPass

    \context.html?cmd=fillforms
    O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\\EvernoteIERes\NewNote.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files (x86)\Desktop

    Sidebar\sbhelp.dll
    O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files

    (x86)\Desktop Sidebar\sbhelp.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-

    A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-

    8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
    O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass

    \LPToolbar.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars

    \Internet Explorer\skypeieplugin.dll
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program

    Files (x86)\Evernote\\EvernoteIERes\AddNote.html
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} -

    C:\Program Files (x86)\Evernote\\EvernoteIERes\AddNote.html
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy

    \SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program

    Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: @C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll,-4 -

    {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE

    \IEPluginDownloader.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Freemake Video Downloader - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files

    (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) -

    http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

    http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars

    \Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

    \AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    O23 - Service: Panda Security CloudCLeaner Service (PCloudCleanerService) - Unknown owner - C:\Windows

    \system32\PCloudCleanerService.EXE
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file

    missing)

    --
    End of file - 9940 bytes


    2. DDS

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
    Run by FBI Surveillance Van at 0:42:38 on 2013-01-29
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.5100 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Users\FBI Surveillance Van\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
    C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\x86\novacomd.exe
    C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files (x86)\Secunia\PSI\sua.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Users\FBI Surveillance Van\Local Settings\Apps\F.lux\flux.exe
    C:\Windows\System32\StikyNot.exe
    C:\Users\FBI Surveillance Van\AppData\Roaming\SearchProtect\bin\cltmng.exe
    C:\Users\FBI Surveillance Van\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Evernote\EvernoteClipper.exe
    C:\Program Files (x86)\Evernote\EvernoteTray.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\FBI Surveillance Van\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Users\FBI Surveillance Van\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\LastPass\lastapp_x64.exe
    C:\Program Files (x86)\Evernote\Evernote.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Sandboxie\SbieCtrl.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
    C:\Windows\explorer.exe
    C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\program files (x86)\mozilla firefox\firefox.exe
    C:\program files (x86)\mozilla firefox\plugin-container.exe
    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
    Q:\140066.enu\Office14\WINWORDC.EXE
    C:\Windows\splwow64.exe
    Q:\140066.enu\Office14\OffSpon.EXE
    C:\Users\FBI Surveillance Van\Pictures\Health-Fitness\HijackThis.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN69903720112430242&ctid=CT3268494
    uDefault_Page_URL = www.dell.com
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    uURLSearchHooks: VisualBee V.1 Toolbar: {7aeae561-714b-45f6-ace3-4a8aed6e227b} -
    mURLSearchHooks: VisualBee V.1 Toolbar: {7aeae561-714b-45f6-ace3-4a8aed6e227b} -
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO: Idea2 SidebarBrowserMonitor Class: {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files (x86)\Desktop Sidebar\sbhelp.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: VisualBee V.1 Toolbar: {7aeae561-714b-45f6-ace3-4a8aed6e227b} -
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\EvernoteIE.dll
    BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
    BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: Freemake.YoutubeButton: {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
    TB: VisualBee V.1 Toolbar: {7aeae561-714b-45f6-ace3-4a8aed6e227b} -
    EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Add to Evernote 4 - C:\Program Files (x86)\Evernote\\EvernoteIERes\Clip.html
    IE: LastPass - C:\Users\FBI Surveillance Van\AppData\LocalLow\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - C:\Users\FBI Surveillance Van\AppData\LocalLow\LastPass\context.html?cmd=fillforms
    IE: New Note - C:\Program Files (x86)\Evernote\\EvernoteIERes\NewNote.html
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00109-0002-0009-ABCDEFFEDCBC} - <orphaned>
    IE: {09FE188B-6E85-479e-9411-51FB2220DF80} - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files (x86)\Desktop Sidebar\sbhelp.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\\EvernoteIERes\AddNote.html
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{B07EE655-DD4B-496D-980F-16E4BC111277} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{F83136A4-724D-48DB-BB21-4896D94745FB} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{F83136A4-724D-48DB-BB21-4896D94745FB}\23E4440264C4F4F4250223037302241434B4 : DHCPNameServer = 202.56.230.5 202.56.230.6
    TCP: Interfaces\{F83136A4-724D-48DB-BB21-4896D94745FB}\3325440264C4F4F4250224230373 : DHCPNameServer = 202.56.230.5 202.56.230.6
    TCP: Interfaces\{F83136A4-724D-48DB-BB21-4896D94745FB}\B45495353314 : DHCPNameServer = 203.67.222.222 8.8.8.8
    TCP: Interfaces\{F83136A4-724D-48DB-BB21-4896D94745FB}\B45495358505 : DHCPNameServer = 203.67.222.222 8.8.8.8
    TCP: Interfaces\{F83136A4-724D-48DB-BB21-4896D94745FB}\C4F46554253502E4543545 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{F83136A4-724D-48DB-BB21-4896D94745FB}\E495343445 : DHCPNameServer = 10.10.200.10 10.10.200.230 10.10.200.11 128.228.1.10
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - <orphaned>
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - <orphaned>
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q3pmf.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494&SearchSource=3&q={searchTerms}&CUI=UN33858214542508132
    FF - prefs.js: browser.startup.homepage - hxxp://www.avg.com.au/resources/web-page-scanner/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q=
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npdf.dll
    FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitroie.dll
    FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    FF - plugin: C:\Users\FBI Surveillance Van\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-12-20 23:52; {34712C68-7391-4c47-94F3-8F88D49AD632}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF - ExtSQL: 2013-01-29 00:21; {BD4B37E6-7AE7-48d7-A2D7-6FF5775924AB}; C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q3pmf.default\extensions\{BD4B37E6-7AE7-48d7-A2D7-6FF5775924AB}.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-1-26 30648]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-2-7 55856]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-2-7 21616]
    R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2013-1-26 284600]
    R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-2-7 27760]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-2-7 172704]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-2-7 317440]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-3-25 24176]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-2-7 82432]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-2-7 181760]
    R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2012-2-7 29288]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-7 412264]
    R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-11-23 158336]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-2-7 98208]
    R4 BackupService;BackupService;C:\Users\FBI Surveillance Van\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2013-1-24 83512]
    R4 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R4 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-10-28 8704]
    R4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-13 398184]
    R4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-13 682344]
    R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-12-30 103472]
    R4 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-9-13 229392]
    R4 NovacomD;Palm Novacom;C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\x86\novacomd.exe [2011-9-19 61440]
    R4 Palm_TCP_Relay;Palm TCP Relay;C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe [2011-12-21 11776]
    R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
    R4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-7 1153368]
    R4 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-9-24 656480]
    R4 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R4 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
    R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
    S2 PCloudCleanerService;Panda Security CloudCLeaner Service;C:\Windows\System32\PCloudCleanerService.EXE --> C:\Windows\System32\PCloudCleanerService.EXE [?]
    S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-2-7 158976]
    S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2012-2-7 174168]
    S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S4 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-10-28 101376]
    S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S4 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-9-24 1328736]
    S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S4 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-19 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-01-28 00:09:07 -------- d-----w- C:\Users\FBI Surveillance Van\AppData\Local\{02C5B2EA-5DBB-4401-BCE7-FB46F8B09288}
    2013-01-27 20:03:42 53616 ----a-w- C:\Windows\SysWow64\PCloudCleanerService.EXE
    2013-01-27 08:16:51 -------- d-----w- C:\Program Files (x86)\SearchProtect
    2013-01-27 08:16:47 -------- d-----w- C:\Users\FBI Surveillance Van\AppData\Roaming\SearchProtect
    2013-01-27 08:11:29 -------- d-----w- C:\ProgramData\Tarma Installer
    2013-01-27 08:11:03 813976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\sqlite3.dll
    2013-01-27 08:09:25 -------- d-----w- C:\Program Files (x86)\DealPly
    2013-01-27 07:55:11 -------- d-----w- C:\Users\FBI Surveillance Van\AppData\Local\CRE
    2013-01-27 07:54:35 -------- d-----w- C:\Users\FBI Surveillance Van\AppData\Local\VisualBeeExe
    2013-01-27 07:54:32 -------- d-----w- C:\Program Files (x86)\Conduit
    2013-01-27 07:54:27 -------- d-----w- C:\Users\FBI Surveillance Van\AppData\Local\Conduit
    2013-01-27 07:54:21 -------- d-----w- C:\ProgramData\VisualBee
    2013-01-26 23:16:43 -------- d-----w- C:\NVIDIA
    2013-01-26 22:40:55 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
    2013-01-25 19:25:06 -------- d-----w- C:\Users\FBI Surveillance Van\AppData\Local\Programs
    2013-01-25 19:23:12 -------- d-----w- C:\Program Files (x86)\Evernote
    2013-01-25 04:17:37 -------- d-----w- C:\ProgramData\HPSS
    2013-01-25 04:17:23 -------- d-----w- C:\Users\FBI Surveillance Van\AppData\Roaming\HP SimpleSave Application
    2013-01-25 04:17:22 -------- d-----w- C:\Users\FBI Surveillance Van\AppData\Roaming\HPSS
    2013-01-24 09:56:04 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E6E326B-6289-43D3-9259-332200FF0F01}\offreg.dll
    2013-01-24 09:53:15 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E6E326B-6289-43D3-9259-332200FF0F01}\mpengine.dll
    2013-01-05 02:57:50 -------- d-sh--w- C:\found.000
    2012-12-30 18:29:17 -------- d-----w- C:\Program Files\McAfee
    .
    ==================== Find3M ====================
    .
    2013-01-09 17:01:24 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 17:01:24 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-29 08:40:27 6382008 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-12-29 08:40:27 3455416 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-12-29 08:40:11 2923201 ----a-w- C:\Windows\System32\nvcoproc.bin
    2012-12-29 08:40:09 997816 ----a-w- C:\Windows\System32\nv3dappshext.dll
    2012-12-29 08:40:09 884152 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-12-29 08:40:09 63928 ----a-w- C:\Windows\System32\nvshext.dll
    2012-12-29 08:40:09 55736 ----a-w- C:\Windows\System32\nv3dappshextr.dll
    2012-12-29 08:40:09 2558392 ----a-w- C:\Windows\System32\nvsvcr.dll
    2012-12-29 08:40:09 118712 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-12-29 07:54:24 550328 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-12-21 04:51:42 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2012-12-21 04:51:42 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-06-23 22:16:14 6221896 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
    .
    ============= FINISH: 0:43:48.80 ===============

    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/15/2012 12:23:56 AM
    System Uptime: 1/27/2013 3:04:41 PM (33 hours ago)
    .
    Motherboard: Dell Inc. | | 0YR8NN
    Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz | CPU | 990/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 685 GiB total, 135.586 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 6.56 GiB free.
    E: is CDROM ()
    R: is CDROM (CDFS)
    S: is FIXED (NTFS) - 1862 GiB total, 145.996 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    7-Zip 4.65 (x64 edition)
    Adobe Digital Editions
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.5)
    Adobe Shockwave Player 11.6
    Advanced Audio FX Engine
    Amazon Kindle
    Android SDK Tools
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Canon Easy-WebPrint EX
    Canon MP Navigator EX 3.0
    Canon MP560 series MP Drivers
    Canon MP560 series User Registration
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    CCleaner
    CyberLink PowerDVD 9.5
    D3DX10
    DealPly
    Dell Webcam Central
    Desktop Sidebar
    DirectX 9 Runtime
    Dropbox
    DVDFab Ghosthunter release 5.3.0.5 Beta
    Evernote v. 4.6.1
    F.lux
    Flixster
    Freemake Video Downloader
    Funambol Windows Sync Client 10.0.1
    GnuWin32: Wget-1.11.4-1
    Google Chrome
    Google Drive
    Google Talk Plugin
    Google Update Helper
    HP webOS SDK
    Intel(R) Processor Graphics
    Internet TV for Windows Media Center
    iTunes
    Java 7 Update 9
    Java Auto Updater
    Junk Mail filter update
    K-Lite Codec Pack 5.9.0 (64-bit)
    K-Lite Mega Codec Pack 8.4.0
    LastPass (uninstall only)
    LastPass for Applications
    Live! Cam Avatar Creator
    LockHunter 2.0 beta 2, 64 bit
    Malwarebytes Anti-Malware version 1.70.0.1100
    McAfee SiteAdvisor
    MediaMonkey 4.0
    MediaMonkey AAC Plug-in 1.0
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft PowerPoint Viewer
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox 18.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MusicBrainz Picard
    Nitro Reader 2
    NVIDIA 3D Vision Driver 310.90
    NVIDIA Control Panel 310.90
    NVIDIA Graphics Driver 310.90
    NVIDIA HD Audio Driver 1.3.18.0
    NVIDIA Install Application
    NVIDIA Optimus 1.11.3
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.1031
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.11.3
    NVIDIA Update Components
    Panda Cloud Cleaner
    PhotoShowExpress
    PowerISO
    PrimoPDF -- brought to you by Nitro PDF Software
    Quickset64
    RBVirtualFolder64Inst
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Roxio File Backup
    Sandboxie 3.62 (64-bit)
    Search Protect by conduit
    Secunia PSI (3.0.0.4001)
    Secure Download Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Skype Click to Call
    Skype&#8482; 5.10
    Sonic CinePlayer Decoder Pack
    Spybot - Search & Destroy
    SugarSync Manager
    swMSM
    Synaptics Pointing Device Driver
    System Requirements Lab for Intel
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    VisualBee V.1 Toolbar
    WebM Media Foundation Components
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Center Add-in for Flash
    WinPcap 4.1.2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/28/2013 11:23:09 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    1/28/2013 11:09:18 PM, Error: Service Control Manager [7034] - The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).
    1/27/2013 3:05:45 PM, Error: Service Control Manager [7000] - The Panda Security CloudCLeaner Service service failed to start due to the following error: The system cannot find the file specified.
    1/26/2013 2:38:56 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR12.
    1/26/2013 1:43:23 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR10.
    1/26/2013 1:42:18 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR11.
    1/25/2013 5:12:12 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    1/25/2013 2:23:54 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.
    1/25/2013 1:39:14 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.
    1/24/2013 8:24:33 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7.
    1/24/2013 6:33:55 PM, Error: Microsoft-Windows-Diagnostics-Networking [5300] - An error occurred. The Network Diagnostics Framework failed to complete the repair phase of operation. A Windows Error Report was generated. [2147942487]
    .
    ==== End Of File ===========================

    1. GMER
    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-27 16:32:19
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST975042 rev.0002 698.64GB
    Running: h12ws6mk.exe; Driver: C:\Users\FBISUR~1\AppData\Local\Temp\axeyyuog.sys


    ---- Threads - GMER 2.0 ----

    Thread C:\Program Files (x86)\LastPass\lastapp_x64.exe [1144:5104] 000007fefbe62a7c
    Thread C:\Program Files (x86)\LastPass\lastapp_x64.exe [1144:5604] 000007fefbb61ebc
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5668] 0000000065fa6314
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6600] 0000000065fa539b
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:3652] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:3216] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5196] 0000000072c162ee
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5676] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5264] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5620] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6604] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:4068] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:2552] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:1532] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6608] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6632] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6628] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6624] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6644] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6640] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6668] 0000000077732e25
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6500] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:1544] 000000006cee32fb
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:1484] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:3600] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5408] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5488] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:2876] 000000006b7427e1
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:1236] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:2872] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:7092] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5664] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:2040] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:4576] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:3644] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:896] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6568] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:7104] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:7152] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:7164] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:2520] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6276] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6420] 0000000077733e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5772] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:3692] 000000006585aa40
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:1440] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:4896] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5500] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5720] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5000] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:2472] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:4668] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:4748] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5856] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:528] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:4360] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:2416] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6736] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:2236] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:2456] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5584] 0000000072f427c1
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:8588] 00000000761ed864
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:9872] 0000000075f742ed
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:12124] 000000006658775e
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6772] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:16436] 0000000077733e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:16948] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:18056] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:19136] 0000000077733e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:19224] 00000000761ed864
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:19956] 0000000077733e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:19976] 0000000077733e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:19992] 0000000077733e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:20048] 0000000077733e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:21328] 0000000074abc724
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6428:6692] 0000000065fa539b
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6428:3340] 000000006b7427e1
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6428:6904] 0000000065453304
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6428:1052] 0000000065453304
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6428:6908] 0000000077732e25
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6428:16044] 00000000761ed864
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6428:4636] 0000000077733e45
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6760:1696] 0000000065fa539b
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6760:2548] 000000006b7427e1
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6760:6924] 0000000077733e45
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5808:5996] 0000000065fa539b
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5808:6800] 000000006374eb50
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5808:5944] 000000006374eb50
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5808:4408] 0000000077732e25
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5808:5204] 0000000077733e45
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5808:5340] 000000006374eb50
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5808:1680] 000000006374eb50
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5808:6164] 000000006b7427e1
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5808:4760] 0000000077733e45
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2064] 000007fefe770000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [3816] 000000006f880000
    Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [3616] 000007fef4b00000
    Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [3804] 000007fefcae0000
    Library ? (*** suspicious ***) @ C:\Windows\system32\wbem\unsecapp.exe [1392] 000007fef8130000
    Library Q:\140066.enu\Office14\WINWORDC.EXE (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000002fda0000
    Library Q:\140066.enu\Office14\wwlibc.dll (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005bdd0000
    Library Q:\140066.enu\Office14\gfx.dll (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 0000000060110000
    Library Q:\140066.enu\Office14\oart.dll (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005aa30000
    Library Q:\140066.ENU\VFS\CSIDL_PROGRAM_FILES_COMMON\MICROSOFT (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005d060000
    Library Q:\140066.ENU\VFS\CSIDL_PROGRAM_FILES_COMMON\MICROSOFT (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005fcf0000
    Library Q:\140066.ENU\OFFICE14\1033\WWINTLC.DLL (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 00000000603a0000
    Library Q:\140066.ENU\VFS\CSIDL_PROGRAM_FILES_COMMON\MICROSOFT (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005fa80000
    Library Q:\140066.ENU\VFS\CSIDL_PROGRAM_FILES_COMMON\MICROSOFT (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 00000000602e0000
    Library Q:\140066.ENU\VFS\CSIDL_PROGRAM_FILES_COMMON\MICROSOFT (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005f930000
    Library Q:\140066.ENU\VFS\CSIDL_PROGRAM_FILES_COMMON\MICROSOFT (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 0000000053950000
    Library Q:\140066.ENU\VFS\CSIDL_PROGRAM_FILES_COMMON\MICROSOFT (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005f890000
    Library Q:\140066.ENU\VFS\CSIDL_PROGRAM_FILES_COMMON\MICROSOFT (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005f5f0000
    Library Q:\140066.ENU\VFS\CSIDL_PROGRAM_FILES_COMMON\MICROSOFT (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 0000000065300000
    Library Q:\140066.enu\Office14\msproof7.dll (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 0000000069950000
    Library Q:\140066.enu\OFFICE14\PROOF\1033\MSGR3EN.DLL (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005a710000
    Library Q:\140066.enu\OFFICE14\PROOF\MSSP7EN.DLL (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005f460000
    Library Q:\140066.enu\Office14\mscss7en.dll (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005f410000
    Library Q:\140066.enu\Office14\css7Data0009.dll (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005f390000
    Library Q:\140066.enu\Office14\OffSpon.EXE (*** suspicious ***) @ Q:\140066.enu\Office14\OffSpon.EXE [11060] 000000002da10000
    Library Q:\140066.enu\Office14\msadctls.dll (*** suspicious ***) @ Q:\140066.enu\Office14\OffSpon.EXE [11060] 000000005a530000

    ---- EOF - GMER 2.0 ----


    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-29 02:04:51
    Windows 6.1.7601 Service Pack 1 x64
    Running: uj0lmf1u.exe


    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289fb55bc
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289fb55bc (not active ControlSet)

    ---- EOF - GMER 2.0 ----

     
  2. RipnDip

    RipnDip Thread Starter

    Joined:
    Mar 14, 2009
    Messages:
    67
    Having issues adding logs in the post, timeout and document expired errors
     

    Attached Files:

  3. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    The file you uploaded to Virustotal only shows 2 detections so it is not a serious infection and quite likely a false positive.

    Please run these two scans and post the logs:

    SCAN 1
    Click on this link to download : ADWCleaner and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.

    [​IMG]



    SCAN 2
    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page click on this: [​IMG]

    • Quit all running programs
    • Start RogueKiller.exe
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.

    [​IMG]
     
  4. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Also, you do not appear to have a resident Anti Virus program installed on your system.

    Please install this Microsoft Security Essentials run the program and let it update and then run a Full system scan with it and remove anything it finds and post the report.

    There is also signs of a problem with your hard drive.

    Disk Check

    • Click on Start then type cmd in the search box. A menu will pop up with cmd at the top, right click on it and select Run as Administrator. Another box will open, at the prompt type chkdsk /r and hit Enter. Note: you must include a space between the k and the /
    • You will then see the following message:
      chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)
    • Type Y for yes, and hit Enter. Then reboot the computer.
    • chkdsk will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (The chkdsk process may take an hour or more to finish, if it appears to freeze this is normal so do not interrupt it. On drives above 500GB it can take several hours.)
    • When the Disk Check is done, it will finish loading Windows.


    Then follow this guide to find the chkdsk log. NOTE: You need to do the search for wininit not chkdsk.
    Windows 7 Disk Check log

    Once the log is in view then click on Copy in the right hand pane and select "Copy details as text".
    You can then right click on the message box on this forum and select Paste and the log will appear, add any further information asked for and then click on Submit/Post Quick Reply and your done.
     
  5. RipnDip

    RipnDip Thread Starter

    Joined:
    Mar 14, 2009
    Messages:
    67
    Hi Mark, thank you for responding. I will get to all of the steps. 1 major problem after step 1 ADW cleaner & Roguekiller, I can no longer access my wifi or drivers after reboot.

    I don't want to lose data and im following your instructions so I a will not try loading the last known good configuration just yet. Ok, thats my last resort unless I can figure out what Windows calls its service manager. I can't connect to the drivers (i.e. wireless) that are usually in the status bar, among so many others. The comp can boot into safe mode but when booting normally the drivers still don't start automatically, I need to remember what the service host is called. Tried safe mode + network still no internet.

    What now?
     
  6. RipnDip

    RipnDip Thread Starter

    Joined:
    Mar 14, 2009
    Messages:
    67
    Were there any issues with my other logs?
     
  7. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    There are a few comments in your last couple of posts that I need to question.

    In respect of your internet connection, RogueKiller will not have made any changes to the system if you followed the instructions correctly and ADWCleaner will only have removed known Adware from your browsers so I doubt very much that either could be responsible for breaking your internet connection.

    I am not sure what you mean about accessing your drivers.

    You are concerned about loosing data, you should always have back ups of your important data on an external hard drive or CD/DVD's. Hard drives have a limited life and will always fail at some point in time so keeping backups of anything you do not want to loose is essential. Using "Last Known Good Configuration" will not erase any data.

    I am not clear on what you mean by this "I need to remember what the service host is called."

    There was nothing of any significance in your logs. The biggest concern I have is that there does not appear to be any Anti Virus program installed which you have not commented on. With no Anti Virus your PC is extremely vulnerable to infection.

    Can you copy the logs from ADWCleaner and RogueKiller onto a flash drive and transfer them to a working PC so you can copy them into your next post.
     
  8. RipnDip

    RipnDip Thread Starter

    Joined:
    Mar 14, 2009
    Messages:
    67
    Last known good configuration has not helped at all. I can not click any files on my desktop now, sometimes it works other times not.

    I should have said "Services" not host. My services are now working, ms config fixed it. Sorry I am not familiar with the terms.

    My laptop is very new and I've never had these issues until after the installation of the prog in question, Translator. You say nothing suspicious in my logs but if you read the comments on virustotal, that description in my title is from the person who found the virus. I have done the disk check, but Event Viewer is not available. I can't view log through Event Viewer, is there another way? See attached.

    Is copying and pasting my personal data to a public forum the only option?

    RogueKiller V8.4.3 _x64_ [Jan 27 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : FBI Surveillance Van [Admin rights]
    Mode : Scan -- Date : 01/31/2013 00:33:58
    | ARK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [SCREENSV][SUSP PATH] HKCU\[...]\ServicesPanel\Desktop (C:\Windows\WLXPGSS.SCR) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    [...]

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 850a1e51ae28859b9c9df85587f60ee8
    [BSP] e7cdb280918e4775125d53b23c89a8af : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 701402 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1436473344 | Size: 14000 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1]_S_01312013_02d0033.txt >>
    RKreport[1]_S_01312013_02d0033.txt


    ----
     

    Attached Files:

  9. RipnDip

    RipnDip Thread Starter

    Joined:
    Mar 14, 2009
    Messages:
    67
    # AdwCleaner v2.109 - Logfile created 01/30/2013 at 13:38:35
    # Updated 26/01/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : FBI Surveillance Van - FBISURVEILLANCE
    # Boot Mode : Normal
    # Running from : C:\Users\FBI Surveillance Van\Downloads\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Deleted : C:\END
    File Deleted : C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q3pmf.default\searchplugins\Conduit.xml
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\DealPly
    Folder Deleted : C:\Program Files (x86)\SearchProtect
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\FBI Surveillance Van\AppData\Local\Conduit
    Folder Deleted : C:\Users\FBI Surveillance Van\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\FBI Surveillance Van\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\FBI Surveillance Van\AppData\LocalLow\VisualBee_V.1
    Folder Deleted : C:\Users\FBI Surveillance Van\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
    Folder Deleted : C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q3pmf.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841}
    Folder Deleted : C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q3pmf.default\extensions\staged
    Folder Deleted : C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q3pmf.default\Smartbar
    Folder Deleted : C:\Users\FBI Surveillance Van\AppData\Roaming\OpenCandy
    Folder Deleted : C:\Users\FBI Surveillance Van\AppData\Roaming\SearchProtect
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\VisualBee_V.1
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\DealPly
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
    Key Deleted : HKCU\Software\SearchProtect
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3268494
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0DD0FE23-7024-4FB8-AD4B-6C65D085618F}
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\VisualBee_V.1
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0DD0FE23-7024-4FB8-AD4B-6C65D085618F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CB5239C-3BD9-41CB-A22E-C13B73671E72}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38621E01-D161-4088-95D2-D79EAA810664}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee_V.1 Toolbar
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN69903720112430242&ctid=CT3268494 --> hxxp://www.google.com
    -\\ Mozilla Firefox v18.0.1 (en-US)
    File : C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q3pmf.default\prefs.js
    C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q3pmf.default\user.js ... Deleted !
    Deleted : user_pref("CT3268494.1000082.isPlayDisplay", "true");
    Deleted : user_pref("CT3268494.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
    Deleted : user_pref("CT3268494.CBOpenMAMSettings.enc", "MA==");
    Deleted : user_pref("CT3268494.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3268494.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT3268494.FirstTime", "true");
    Deleted : user_pref("CT3268494.FirstTimeFF3", "true");
    Deleted : user_pref("CT3268494.LoginRevertSettingsEnabled", true);
    Deleted : user_pref("CT3268494.PG_ENABLE", "dHJ1ZQ==");
    Deleted : user_pref("CT3268494.RevertSettingsEnabled", true);
    Deleted : user_pref("CT3268494.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT326[...]
    Deleted : user_pref("CT3268494.UserID", "UN33858214542508132");
    Deleted : user_pref("CT3268494.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT3268494.addressUrlXPETakeover", "true");
    Deleted : user_pref("CT3268494.autoDisableScopes", -1);
    Deleted : user_pref("CT3268494.browser.search.defaultthis.engineName", "true");
    Deleted : user_pref("CT3268494.cbcountry_001.enc", "VVM=");
    Deleted : user_pref("CT3268494.cbfirsttime.enc", "U3VuIEphbiAyNyAyMDEzIDAyOjU5OjE0IEdNVC0wNTAwIChFYXN0ZXJuIFN0[...]
    Deleted : user_pref("CT3268494.defaultSearch", "true");
    Deleted : user_pref("CT3268494.defaultSearchXPETakeover", "true");
    Deleted : user_pref("CT3268494.enableAlerts", "always");
    Deleted : user_pref("CT3268494.enableFix404ByUser", "TRUE");
    Deleted : user_pref("CT3268494.enableSearchFromAddressBar", "true");
    Deleted : user_pref("CT3268494.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT3268494.fixPageNotFoundError", "true");
    Deleted : user_pref("CT3268494.fixPageNotFoundErrorByUser", "true");
    Deleted : user_pref("CT3268494.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT3268494.fixUrls", true);
    Deleted : user_pref("CT3268494.homepageuserchanged", true);
    Deleted : user_pref("CT3268494.installDate", "27/1/2013 2:54:44");
    Deleted : user_pref("CT3268494.installId", "116303");
    Deleted : user_pref("CT3268494.installType", "conduitnsisintegration");
    Deleted : user_pref("CT3268494.isCheckedStartAsHidden", true);
    Deleted : user_pref("CT3268494.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3268494.isFirstTimeToolbarLoading", "false");
    Deleted : user_pref("CT3268494.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT3268494.keyword", "true");
    Deleted : user_pref("CT3268494.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
    Deleted : user_pref("CT3268494.lastVersion", "10.14.42.7");
    Deleted : user_pref("CT3268494.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
    Deleted : user_pref("CT3268494.migrateAppsAndComponents", true);
    Deleted : user_pref("CT3268494.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
    Deleted : user_pref("CT3268494.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Deleted : user_pref("CT3268494.openThankYouPage", "false");
    Deleted : user_pref("CT3268494.openUninstallPage", "true");
    Deleted : user_pref("CT3268494.revertSettingsEnabled", "TRUE");
    Deleted : user_pref("CT3268494.search.searchAppId", "129989109966145536");
    Deleted : user_pref("CT3268494.search.searchCount", "0");
    Deleted : user_pref("CT3268494.searchInNewTabEnabledByUser", "true");
    Deleted : user_pref("CT3268494.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT3268494.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3268494.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT3268494.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
    Deleted : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT3268494.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1359273541808");
    Deleted : user_pref("CT3268494.serviceLayer_services_appsMetadata_lastUpdate", "1359273541780");
    Deleted : user_pref("CT3268494.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1359273541667");
    Deleted : user_pref("CT3268494.serviceLayer_services_login_10.14.42.7_lastUpdate", "1359332526949");
    Deleted : user_pref("CT3268494.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1359273541713");
    Deleted : user_pref("CT3268494.serviceLayer_services_searchAPI_lastUpdate", "1359273541015");
    Deleted : user_pref("CT3268494.serviceLayer_services_serviceMap_lastUpdate", "1359273539818");
    Deleted : user_pref("CT3268494.serviceLayer_services_toolbarContextMenu_lastUpdate", "1359273541630");
    Deleted : user_pref("CT3268494.serviceLayer_services_toolbarSettings_lastUpdate", "1359332526895");
    Deleted : user_pref("CT3268494.serviceLayer_services_translation_lastUpdate", "1359273541788");
    Deleted : user_pref("CT3268494.settingsINI", true);
    Deleted : user_pref("CT3268494.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT3268494.smartbar.CTID", "CT3268494");
    Deleted : user_pref("CT3268494.smartbar.Uninstall", "1");
    Deleted : user_pref("CT3268494.smartbar.homepage", true);
    Deleted : user_pref("CT3268494.smartbar.isHidden", true);
    Deleted : user_pref("CT3268494.smartbar.toolbarName", "VisualBee V.1 ");
    Deleted : user_pref("CT3268494.startPage", "true");
    Deleted : user_pref("CT3268494.toolbarBornServerTime", "27-1-2013");
    Deleted : user_pref("CT3268494.toolbarCurrentServerTime", "28-1-2013");
    Deleted : user_pref("CT3268494.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
    Deleted : user_pref("CT3268494.url_history0001.enc", "aHR0cDovL3RyYW5zbGF0ZWNsaWVudC5jb20vZG93bmxvYWRfZGljdGlv[...]
    Deleted : user_pref("CT3268494.webServerUrl", "");
    Deleted : user_pref("CT3268494_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3268494&octid=CT326849[...]
    Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
    Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
    Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?q=");
    Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3268494");
    Deleted : user_pref("browser.search.defaultthis.engineName", "VisualBee V.1 Customized Web Search");
    Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494&Sea[...]
    Deleted : user_pref("ct3268494.UserID", "UN33858214542508132");
    Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3268494&octid=CT3268494[...]
    Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
    Deleted : user_pref("smartbar.machineId", "PXHXQ3O18TXKH7KKJVSOWGHM0MUL/BDE601OXZMEEHA4+YRPS/QHH7AW435IAD7XNOR[...]
    Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3268494&octid=CT3268494&Se[...]
    Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://www.bing.com/search?q=");
    Deleted : user_pref("smartbar.originalSearchEngine", "qrobe.it");
    -\\ Google Chrome v24.0.1312.56
    File : C:\Users\FBI Surveillance Van\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Deleted [l.1] : icon_url ={"t_search_provider"":{"enabled":true,"encodings":"UTF-8","hxxp://www.google.com/favicon.[...]
    *************************
    AdwCleaner[R1].txt - [142152 octets] - [30/01/2013 13:31:24]
    AdwCleaner[S1].txt - [357 octets] - [30/01/2013 13:31:07]
    AdwCleaner[S2].txt - [13730 octets] - [30/01/2013 13:38:35]
    ########## EOF - C:\AdwCleaner[S2].txt - [13791 octets] ##########
     
  10. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    I have not asked and would never ask for personal information to be posted so I have no idea what you are referring to.

    ADWCleaner has removed Visualbee along with several other Adware related items. RogueKiller found nothing suspicious.

    As you have been running the system without any Anti Virus protection it is important that you install and run MSE as requested in post 4 to check your system for any infections, you will have to transfer it with a Flash Drive from a working PC if you still have no internet connection. Please select and remove any detections it finds and post all the details.

    What services are you referring to. Clearly not all your services are working as the Event Viewer is not available and your desktop is in an inconsistent state, this scan may show us what the problem is.

    Please download Farbar Service Scanner and run it on the computer with the issue.

    • Put a check mark in all the boxes.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  11. RipnDip

    RipnDip Thread Starter

    Joined:
    Mar 14, 2009
    Messages:
    67
    MSE found no malware.

    Farbar Service Scanner Version: 10-02-2013
    Ran by FBI Surveillance Van (administrator) on 12-02-2013 at 21:59:37
    Running from "C:\Users\FBI Surveillance Van\Downloads"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  12. RipnDip

    RipnDip Thread Starter

    Joined:
    Mar 14, 2009
    Messages:
    67
    Thank you for your help Mark, I deeply appreciate it. When I said personal info I meant system info.
     
  13. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You're most welcome, I appreciate the offer of a donation, but this site needs it more than I do, there is a Donate button at the top of the page.

    The last scan isn't showing any issues, how is the system running now?
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    opened by request
     
  15. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi RipnDip, how can I help you.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1087342

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice