Computer invaded possibly to steal banking info, Russian server

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

RipnDip

Thread Starter
Joined
Mar 14, 2009
Messages
67
Thanks for your time.

A very nasty program on site hxxp://translateclient.com claimed to be Google Translator, I downloaded from filefactory, which I thought scanned their files. It has invaded my computer changed my homepage, default search the whole 9.

“Client for Google Translate” referred to a toolbar (VisualBee) also installed (even though I denied it) and changed all my settings, numerous programs keep popping up. I want to make sure no trackers and malware were leftover and restore it to how it was a few days ago but keep the updates I’ve made to documents etc.


[FONT=&quot]https://www.virustotal.com/file/cf5465c9a8fad8f3648b044d61dfc5ed3f7bb07b7b137a40474e6368f9eb241a/analysis/[/FONT]


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:33:21 AM, on 1/29/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\FBI Surveillance Van\Local Settings\Apps\F.lux\flux.exe
C:\Users\FBI Surveillance Van\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Users\FBI Surveillance Van\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Evernote\EvernoteTray.exe
C:\Users\FBI Surveillance Van\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Evernote\Evernote.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
Q:\140066.enu\Office14\WINWORDC.EXE
Q:\140066.enu\Office14\OffSpon.EXE
C:\Users\FBI Surveillance Van\Pictures\Health-Fitness\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?

SearchSource=10&CUI=UN69903720112430242&ctid=CT3268494
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee

\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: VisualBee V.1 Toolbar - {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files

(x86)\VisualBee_V.1\prxtbVisu.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:

\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint

EX\ewpexbho.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files (x86)\Desktop

Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search &

Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin

\ssv.dll
O2 - BHO: VisualBee V.1 - {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVisu.dll (file

missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\EvernoteIE.dll
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin

\jp2ssv.dll
O2 - BHO: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - mscoree.dll (file missing)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint

EX\ewpexhlp.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O3 - Toolbar: VisualBee V.1 Toolbar - {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files

(x86)\VisualBee_V.1\prxtbVisu.dll (file missing)
O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files (x86)\Evernote\\EvernoteIERes\Clip.html
O8 - Extra context menu item: LastPass - file://C:\Users\FBI Surveillance Van\AppData\LocalLow\LastPass\context.html?

cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\FBI Surveillance Van\AppData\LocalLow\LastPass

\context.html?cmd=fillforms
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\\EvernoteIERes\NewNote.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files (x86)\Desktop

Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files

(x86)\Desktop Sidebar\sbhelp.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-

A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-

8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass

\LPToolbar.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars

\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program

Files (x86)\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} -

C:\Program Files (x86)\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy

\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program

Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: @C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll,-4 -

{FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE

\IEPluginDownloader.dll (HKCU)
O9 - Extra 'Tools' menuitem: Freemake Video Downloader - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files

(x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) -

http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars

\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Panda Security CloudCLeaner Service (PCloudCleanerService) - Unknown owner - C:\Windows

\system32\PCloudCleanerService.EXE
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file

missing)

--
End of file - 9940 bytes


2. DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by FBI Surveillance Van at 0:42:38 on 2013-01-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.5100 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Users\FBI Surveillance Van\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\x86\novacomd.exe
C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Users\FBI Surveillance Van\Local Settings\Apps\F.lux\flux.exe
C:\Windows\System32\StikyNot.exe
C:\Users\FBI Surveillance Van\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Users\FBI Surveillance Van\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Evernote\EvernoteTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\FBI Surveillance Van\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\FBI Surveillance Van\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\LastPass\lastapp_x64.exe
C:\Program Files (x86)\Evernote\Evernote.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\program files (x86)\mozilla firefox\firefox.exe
C:\program files (x86)\mozilla firefox\plugin-container.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
Q:\140066.enu\Office14\WINWORDC.EXE
C:\Windows\splwow64.exe
Q:\140066.enu\Office14\OffSpon.EXE
C:\Users\FBI Surveillance Van\Pictures\Health-Fitness\HijackThis.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN69903720112430242&ctid=CT3268494
uDefault_Page_URL = www.dell.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uURLSearchHooks: VisualBee V.1 Toolbar: {7aeae561-714b-45f6-ace3-4a8aed6e227b} -
mURLSearchHooks: VisualBee V.1 Toolbar: {7aeae561-714b-45f6-ace3-4a8aed6e227b} -
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Idea2 SidebarBrowserMonitor Class: {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files (x86)\Desktop Sidebar\sbhelp.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: VisualBee V.1 Toolbar: {7aeae561-714b-45f6-ace3-4a8aed6e227b} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\EvernoteIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Freemake.YoutubeButton: {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: VisualBee V.1 Toolbar: {7aeae561-714b-45f6-ace3-4a8aed6e227b} -
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Evernote 4 - C:\Program Files (x86)\Evernote\\EvernoteIERes\Clip.html
IE: LastPass - C:\Users\FBI Surveillance Van\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\FBI Surveillance Van\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: New Note - C:\Program Files (x86)\Evernote\\EvernoteIERes\NewNote.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00109-0002-0009-ABCDEFFEDCBC} - <orphaned>
IE: {09FE188B-6E85-479e-9411-51FB2220DF80} - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files (x86)\Desktop Sidebar\sbhelp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\\EvernoteIERes\AddNote.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B07EE655-DD4B-496D-980F-16E4BC111277} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F83136A4-724D-48DB-BB21-4896D94745FB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F83136A4-724D-48DB-BB21-4896D94745FB}\23E4440264C4F4F4250223037302241434B4 : DHCPNameServer = 202.56.230.5 202.56.230.6
TCP: Interfaces\{F83136A4-724D-48DB-BB21-4896D94745FB}\3325440264C4F4F4250224230373 : DHCPNameServer = 202.56.230.5 202.56.230.6
TCP: Interfaces\{F83136A4-724D-48DB-BB21-4896D94745FB}\B45495353314 : DHCPNameServer = 203.67.222.222 8.8.8.8
TCP: Interfaces\{F83136A4-724D-48DB-BB21-4896D94745FB}\B45495358505 : DHCPNameServer = 203.67.222.222 8.8.8.8
TCP: Interfaces\{F83136A4-724D-48DB-BB21-4896D94745FB}\C4F46554253502E4543545 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F83136A4-724D-48DB-BB21-4896D94745FB}\E495343445 : DHCPNameServer = 10.10.200.10 10.10.200.230 10.10.200.11 128.228.1.10
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - <orphaned>
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - <orphaned>
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q3pmf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494&SearchSource=3&q={searchTerms}&CUI=UN33858214542508132
FF - prefs.js: browser.startup.homepage - hxxp://www.avg.com.au/resources/web-page-scanner/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\FBI Surveillance Van\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-20 23:52; {34712C68-7391-4c47-94F3-8F88D49AD632}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: 2013-01-29 00:21; {BD4B37E6-7AE7-48d7-A2D7-6FF5775924AB}; C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q3pmf.default\extensions\{BD4B37E6-7AE7-48d7-A2D7-6FF5775924AB}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-1-26 30648]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-2-7 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-2-7 21616]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2013-1-26 284600]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-2-7 27760]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-2-7 172704]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-2-7 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-3-25 24176]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-2-7 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-2-7 181760]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2012-2-7 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-7 412264]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-11-23 158336]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-2-7 98208]
R4 BackupService;BackupService;C:\Users\FBI Surveillance Van\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2013-1-24 83512]
R4 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R4 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-10-28 8704]
R4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-13 398184]
R4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-13 682344]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-12-30 103472]
R4 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-9-13 229392]
R4 NovacomD;Palm Novacom;C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\x86\novacomd.exe [2011-9-19 61440]
R4 Palm_TCP_Relay;Palm TCP Relay;C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe [2011-12-21 11776]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-7 1153368]
R4 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-9-24 656480]
R4 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R4 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S2 PCloudCleanerService;Panda Security CloudCLeaner Service;C:\Windows\System32\PCloudCleanerService.EXE --> C:\Windows\System32\PCloudCleanerService.EXE [?]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-2-7 158976]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2012-2-7 174168]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S4 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-10-28 101376]
S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S4 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-9-24 1328736]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S4 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-19 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-01-28 00:09:07 -------- d-----w- C:\Users\FBI Surveillance Van\AppData\Local\{02C5B2EA-5DBB-4401-BCE7-FB46F8B09288}
2013-01-27 20:03:42 53616 ----a-w- C:\Windows\SysWow64\PCloudCleanerService.EXE
2013-01-27 08:16:51 -------- d-----w- C:\Program Files (x86)\SearchProtect
2013-01-27 08:16:47 -------- d-----w- C:\Users\FBI Surveillance Van\AppData\Roaming\SearchProtect
2013-01-27 08:11:29 -------- d-----w- C:\ProgramData\Tarma Installer
2013-01-27 08:11:03 813976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\sqlite3.dll
2013-01-27 08:09:25 -------- d-----w- C:\Program Files (x86)\DealPly
2013-01-27 07:55:11 -------- d-----w- C:\Users\FBI Surveillance Van\AppData\Local\CRE
2013-01-27 07:54:35 -------- d-----w- C:\Users\FBI Surveillance Van\AppData\Local\VisualBeeExe
2013-01-27 07:54:32 -------- d-----w- C:\Program Files (x86)\Conduit
2013-01-27 07:54:27 -------- d-----w- C:\Users\FBI Surveillance Van\AppData\Local\Conduit
2013-01-27 07:54:21 -------- d-----w- C:\ProgramData\VisualBee
2013-01-26 23:16:43 -------- d-----w- C:\NVIDIA
2013-01-26 22:40:55 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2013-01-25 19:25:06 -------- d-----w- C:\Users\FBI Surveillance Van\AppData\Local\Programs
2013-01-25 19:23:12 -------- d-----w- C:\Program Files (x86)\Evernote
2013-01-25 04:17:37 -------- d-----w- C:\ProgramData\HPSS
2013-01-25 04:17:23 -------- d-----w- C:\Users\FBI Surveillance Van\AppData\Roaming\HP SimpleSave Application
2013-01-25 04:17:22 -------- d-----w- C:\Users\FBI Surveillance Van\AppData\Roaming\HPSS
2013-01-24 09:56:04 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E6E326B-6289-43D3-9259-332200FF0F01}\offreg.dll
2013-01-24 09:53:15 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E6E326B-6289-43D3-9259-332200FF0F01}\mpengine.dll
2013-01-05 02:57:50 -------- d-sh--w- C:\found.000
2012-12-30 18:29:17 -------- d-----w- C:\Program Files\McAfee
.
==================== Find3M ====================
.
2013-01-09 17:01:24 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 17:01:24 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-29 08:40:27 6382008 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-29 08:40:27 3455416 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-12-29 08:40:11 2923201 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-12-29 08:40:09 997816 ----a-w- C:\Windows\System32\nv3dappshext.dll
2012-12-29 08:40:09 884152 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-29 08:40:09 63928 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-29 08:40:09 55736 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2012-12-29 08:40:09 2558392 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-12-29 08:40:09 118712 ----a-w- C:\Windows\System32\nvmctray.dll
2012-12-29 07:54:24 550328 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-12-21 04:51:42 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-12-21 04:51:42 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-06-23 22:16:14 6221896 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 0:43:48.80 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/15/2012 12:23:56 AM
System Uptime: 1/27/2013 3:04:41 PM (33 hours ago)
.
Motherboard: Dell Inc. | | 0YR8NN
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz | CPU | 990/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 685 GiB total, 135.586 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 6.56 GiB free.
E: is CDROM ()
R: is CDROM (CDFS)
S: is FIXED (NTFS) - 1862 GiB total, 145.996 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
7-Zip 4.65 (x64 edition)
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
Amazon Kindle
Android SDK Tools
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Canon Easy-WebPrint EX
Canon MP Navigator EX 3.0
Canon MP560 series MP Drivers
Canon MP560 series User Registration
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
CyberLink PowerDVD 9.5
D3DX10
DealPly
Dell Webcam Central
Desktop Sidebar
DirectX 9 Runtime
Dropbox
DVDFab Ghosthunter release 5.3.0.5 Beta
Evernote v. 4.6.1
F.lux
Flixster
Freemake Video Downloader
Funambol Windows Sync Client 10.0.1
GnuWin32: Wget-1.11.4-1
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
HP webOS SDK
Intel(R) Processor Graphics
Internet TV for Windows Media Center
iTunes
Java 7 Update 9
Java Auto Updater
Junk Mail filter update
K-Lite Codec Pack 5.9.0 (64-bit)
K-Lite Mega Codec Pack 8.4.0
LastPass (uninstall only)
LastPass for Applications
Live! Cam Avatar Creator
LockHunter 2.0 beta 2, 64 bit
Malwarebytes Anti-Malware version 1.70.0.1100
McAfee SiteAdvisor
MediaMonkey 4.0
MediaMonkey AAC Plug-in 1.0
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MusicBrainz Picard
Nitro Reader 2
NVIDIA 3D Vision Driver 310.90
NVIDIA Control Panel 310.90
NVIDIA Graphics Driver 310.90
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA Optimus 1.11.3
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Panda Cloud Cleaner
PhotoShowExpress
PowerISO
PrimoPDF -- brought to you by Nitro PDF Software
Quickset64
RBVirtualFolder64Inst
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Sandboxie 3.62 (64-bit)
Search Protect by conduit
Secunia PSI (3.0.0.4001)
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype&#8482; 5.10
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
SugarSync Manager
swMSM
Synaptics Pointing Device Driver
System Requirements Lab for Intel
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VisualBee V.1 Toolbar
WebM Media Foundation Components
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
WinPcap 4.1.2
.
==== Event Viewer Messages From Past Week ========
.
1/28/2013 11:23:09 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
1/28/2013 11:09:18 PM, Error: Service Control Manager [7034] - The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).
1/27/2013 3:05:45 PM, Error: Service Control Manager [7000] - The Panda Security CloudCLeaner Service service failed to start due to the following error: The system cannot find the file specified.
1/26/2013 2:38:56 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR12.
1/26/2013 1:43:23 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR10.
1/26/2013 1:42:18 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR11.
1/25/2013 5:12:12 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/25/2013 2:23:54 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.
1/25/2013 1:39:14 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.
1/24/2013 8:24:33 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7.
1/24/2013 6:33:55 PM, Error: Microsoft-Windows-Diagnostics-Networking [5300] - An error occurred. The Network Diagnostics Framework failed to complete the repair phase of operation. A Windows Error Report was generated. [2147942487]
.
==== End Of File ===========================

1. GMER
[FONT=&quot]GMER 2.0.18444 - http://www.gmer.net[/FONT]
[FONT=&quot]Rootkit scan 2013-01-27 16:32:19[/FONT]
[FONT=&quot]Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST975042 rev.0002 698.64GB[/FONT]
[FONT=&quot]Running: h12ws6mk.exe; Driver: C:\Users\FBISUR~1\AppData\Local\Temp\axeyyuog.sys[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]---- Threads - GMER 2.0 ----[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\LastPass\lastapp_x64.exe [1144:5104] 000007fefbe62a7c[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\LastPass\lastapp_x64.exe [1144:5604] 000007fefbb61ebc[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5668] 0000000065fa6314[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6600] 0000000065fa539b[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:3652] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:3216] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5196] 0000000072c162ee[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5676] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5264] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5620] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6604] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:4068] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:2552] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:1532] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6608] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6632] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6628] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6624] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6644] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6640] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6668] 0000000077732e25[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6500] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:1544] 000000006cee32fb[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:1484] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:3600] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5408] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5488] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:2876] 000000006b7427e1[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:1236] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:2872] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:7092] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5664] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:2040] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:4576] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:3644] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:896] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6568] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:7104] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:7152] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:7164] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:2520] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6276] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6420] 0000000077733e45[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5772] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:3692] 000000006585aa40[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:1440] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:4896] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5500] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5720] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5000] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:2472] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:4668] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:4748] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5856] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:528] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:4360] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:2416] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6736] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:2236] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:2456] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:5584] 0000000072f427c1[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:8588] 00000000761ed864[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:9872] 0000000075f742ed[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:12124] 000000006658775e[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:6772] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:16436] 0000000077733e45[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:16948] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:18056] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:19136] 0000000077733e45[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:19224] 00000000761ed864[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:19956] 0000000077733e45[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:19976] 0000000077733e45[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:19992] 0000000077733e45[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:20048] 0000000077733e45[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7156:21328] 0000000074abc724[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6428:6692] 0000000065fa539b[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6428:3340] 000000006b7427e1[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6428:6904] 0000000065453304[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6428:1052] 0000000065453304[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6428:6908] 0000000077732e25[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6428:16044] 00000000761ed864[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6428:4636] 0000000077733e45[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6760:1696] 0000000065fa539b[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6760:2548] 000000006b7427e1[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [6760:6924] 0000000077733e45[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5808:5996] 0000000065fa539b[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5808:6800] 000000006374eb50[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5808:5944] 000000006374eb50[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5808:4408] 0000000077732e25[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5808:5204] 0000000077733e45[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5808:5340] 000000006374eb50[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5808:1680] 000000006374eb50[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5808:6164] 000000006b7427e1[/FONT]
[FONT=&quot]Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5808:4760] 0000000077733e45[/FONT]
[FONT=&quot]---- Processes - GMER 2.0 ----[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]Library ? (*** suspicious ***) @ c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2064] 000007fefe770000[/FONT]
[FONT=&quot]Library ? (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [3816] 000000006f880000[/FONT]
[FONT=&quot]Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [3616] 000007fef4b00000[/FONT]
[FONT=&quot]Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [3804] 000007fefcae0000[/FONT]
[FONT=&quot]Library ? (*** suspicious ***) @ C:\Windows\system32\wbem\unsecapp.exe [1392] 000007fef8130000[/FONT]
[FONT=&quot]Library Q:\140066.enu\Office14\WINWORDC.EXE (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000002fda0000[/FONT]
[FONT=&quot]Library Q:\140066.enu\Office14\wwlibc.dll (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005bdd0000[/FONT]
[FONT=&quot]Library Q:\140066.enu\Office14\gfx.dll (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 0000000060110000[/FONT]
[FONT=&quot]Library Q:\140066.enu\Office14\oart.dll (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005aa30000[/FONT]
[FONT=&quot]Library Q:\140066.ENU\VFS\CSIDL_PROGRAM_FILES_COMMON\MICROSOFT (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005d060000[/FONT]
[FONT=&quot]Library Q:\140066.ENU\VFS\CSIDL_PROGRAM_FILES_COMMON\MICROSOFT (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005fcf0000[/FONT]
[FONT=&quot]Library Q:\140066.ENU\OFFICE14\1033\WWINTLC.DLL (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 00000000603a0000[/FONT]
[FONT=&quot]Library Q:\140066.ENU\VFS\CSIDL_PROGRAM_FILES_COMMON\MICROSOFT (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005fa80000[/FONT]
[FONT=&quot]Library Q:\140066.ENU\VFS\CSIDL_PROGRAM_FILES_COMMON\MICROSOFT (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 00000000602e0000[/FONT]
[FONT=&quot]Library Q:\140066.ENU\VFS\CSIDL_PROGRAM_FILES_COMMON\MICROSOFT (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005f930000[/FONT]
[FONT=&quot]Library Q:\140066.ENU\VFS\CSIDL_PROGRAM_FILES_COMMON\MICROSOFT (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 0000000053950000[/FONT]
[FONT=&quot]Library Q:\140066.ENU\VFS\CSIDL_PROGRAM_FILES_COMMON\MICROSOFT (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005f890000[/FONT]
[FONT=&quot]Library Q:\140066.ENU\VFS\CSIDL_PROGRAM_FILES_COMMON\MICROSOFT (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005f5f0000[/FONT]
[FONT=&quot]Library Q:\140066.ENU\VFS\CSIDL_PROGRAM_FILES_COMMON\MICROSOFT (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 0000000065300000[/FONT]
[FONT=&quot]Library Q:\140066.enu\Office14\msproof7.dll (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 0000000069950000[/FONT]
[FONT=&quot]Library Q:\140066.enu\OFFICE14\PROOF\1033\MSGR3EN.DLL (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005a710000[/FONT]
[FONT=&quot]Library Q:\140066.enu\OFFICE14\PROOF\MSSP7EN.DLL (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005f460000[/FONT]
[FONT=&quot]Library Q:\140066.enu\Office14\mscss7en.dll (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005f410000[/FONT]
[FONT=&quot]Library Q:\140066.enu\Office14\css7Data0009.dll (*** suspicious ***) @ Q:\140066.enu\Office14\WINWORDC.EXE [11236] 000000005f390000[/FONT]
[FONT=&quot]Library Q:\140066.enu\Office14\OffSpon.EXE (*** suspicious ***) @ Q:\140066.enu\Office14\OffSpon.EXE [11060] 000000002da10000[/FONT]
[FONT=&quot]Library Q:\140066.enu\Office14\msadctls.dll (*** suspicious ***) @ Q:\140066.enu\Office14\OffSpon.EXE [11060] 000000005a530000[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]---- EOF - GMER 2.0 ----[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]GMER 2.0.18444 - http://www.gmer.net[/FONT]
[FONT=&quot]Rootkit scan 2013-01-29 02:04:51[/FONT]
[FONT=&quot]Windows 6.1.7601 Service Pack 1 x64 [/FONT]
[FONT=&quot]Running: uj0lmf1u.exe[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]---- Registry - GMER 2.0 ----[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289fb55bc [/FONT]
[FONT=&quot]Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289fb55bc (not active ControlSet) [/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]---- EOF - GMER 2.0 ----[/FONT]

 
Joined
May 7, 2011
Messages
14,142
The file you uploaded to Virustotal only shows 2 detections so it is not a serious infection and quite likely a false positive.

Please run these two scans and post the logs:

SCAN 1
Click on this link to download : ADWCleaner and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and click on this icon on your desktop:


You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.





SCAN 2
Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page click on this:


  • Quit all running programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished.
  • Ensure all boxes are ticked under "Report" tab.
  • Click on Scan.
  • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
  • NOTE: DO NOT attempt to remove anything that the scan detects.

 
Joined
May 7, 2011
Messages
14,142
Also, you do not appear to have a resident Anti Virus program installed on your system.

Please install this Microsoft Security Essentials run the program and let it update and then run a Full system scan with it and remove anything it finds and post the report.

There is also signs of a problem with your hard drive.

Disk Check

  • Click on Start then type cmd in the search box. A menu will pop up with cmd at the top, right click on it and select Run as Administrator. Another box will open, at the prompt type chkdsk /r and hit Enter. Note: you must include a space between the k and the /
  • You will then see the following message:
    chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)
  • Type Y for yes, and hit Enter. Then reboot the computer.
  • chkdsk will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (The chkdsk process may take an hour or more to finish, if it appears to freeze this is normal so do not interrupt it. On drives above 500GB it can take several hours.)
  • When the Disk Check is done, it will finish loading Windows.


Then follow this guide to find the chkdsk log. NOTE: You need to do the search for wininit not chkdsk.
Windows 7 Disk Check log

Once the log is in view then click on Copy in the right hand pane and select "Copy details as text".
You can then right click on the message box on this forum and select Paste and the log will appear, add any further information asked for and then click on Submit/Post Quick Reply and your done.
 

RipnDip

Thread Starter
Joined
Mar 14, 2009
Messages
67
Hi Mark, thank you for responding. I will get to all of the steps. 1 major problem after step 1 ADW cleaner & Roguekiller, I can no longer access my wifi or drivers after reboot.

I don't want to lose data and im following your instructions so I a will not try loading the last known good configuration just yet. Ok, thats my last resort unless I can figure out what Windows calls its service manager. I can't connect to the drivers (i.e. wireless) that are usually in the status bar, among so many others. The comp can boot into safe mode but when booting normally the drivers still don't start automatically, I need to remember what the service host is called. Tried safe mode + network still no internet.

What now?
 
Joined
May 7, 2011
Messages
14,142
There are a few comments in your last couple of posts that I need to question.

In respect of your internet connection, RogueKiller will not have made any changes to the system if you followed the instructions correctly and ADWCleaner will only have removed known Adware from your browsers so I doubt very much that either could be responsible for breaking your internet connection.

I am not sure what you mean about accessing your drivers.

You are concerned about loosing data, you should always have back ups of your important data on an external hard drive or CD/DVD's. Hard drives have a limited life and will always fail at some point in time so keeping backups of anything you do not want to loose is essential. Using "Last Known Good Configuration" will not erase any data.

I am not clear on what you mean by this "I need to remember what the service host is called."

There was nothing of any significance in your logs. The biggest concern I have is that there does not appear to be any Anti Virus program installed which you have not commented on. With no Anti Virus your PC is extremely vulnerable to infection.

Can you copy the logs from ADWCleaner and RogueKiller onto a flash drive and transfer them to a working PC so you can copy them into your next post.
 

RipnDip

Thread Starter
Joined
Mar 14, 2009
Messages
67
Last known good configuration has not helped at all. I can not click any files on my desktop now, sometimes it works other times not.

I should have said "Services" not host. My services are now working, ms config fixed it. Sorry I am not familiar with the terms.

My laptop is very new and I've never had these issues until after the installation of the prog in question, Translator. You say nothing suspicious in my logs but if you read the comments on virustotal, that description in my title is from the person who found the virus. I have done the disk check, but Event Viewer is not available. I can't view log through Event Viewer, is there another way? See attached.

Is copying and pasting my personal data to a public forum the only option?

RogueKiller V8.4.3 _x64_ [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : FBI Surveillance Van [Admin rights]
Mode : Scan -- Date : 01/31/2013 00:33:58
| ARK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SCREENSV][SUSP PATH] HKCU\[...]\ServicesPanel\Desktop (C:\Windows\WLXPGSS.SCR) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 850a1e51ae28859b9c9df85587f60ee8
[BSP] e7cdb280918e4775125d53b23c89a8af : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 701402 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1436473344 | Size: 14000 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_01312013_02d0033.txt >>
RKreport[1]_S_01312013_02d0033.txt


----
 

Attachments

RipnDip

Thread Starter
Joined
Mar 14, 2009
Messages
67
# AdwCleaner v2.109 - Logfile created 01/30/2013 at 13:38:35
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : FBI Surveillance Van - FBISURVEILLANCE
# Boot Mode : Normal
# Running from : C:\Users\FBI Surveillance Van\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
File Deleted : C:\END
File Deleted : C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q3pmf.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DealPly
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\FBI Surveillance Van\AppData\Local\Conduit
Folder Deleted : C:\Users\FBI Surveillance Van\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\FBI Surveillance Van\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\FBI Surveillance Van\AppData\LocalLow\VisualBee_V.1
Folder Deleted : C:\Users\FBI Surveillance Van\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q3pmf.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841}
Folder Deleted : C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q3pmf.default\extensions\staged
Folder Deleted : C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q3pmf.default\Smartbar
Folder Deleted : C:\Users\FBI Surveillance Van\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\FBI Surveillance Van\AppData\Roaming\SearchProtect
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\VisualBee_V.1
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3268494
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0DD0FE23-7024-4FB8-AD4B-6C65D085618F}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\VisualBee_V.1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0DD0FE23-7024-4FB8-AD4B-6C65D085618F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CB5239C-3BD9-41CB-A22E-C13B73671E72}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38621E01-D161-4088-95D2-D79EAA810664}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee_V.1 Toolbar
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN69903720112430242&ctid=CT3268494 --> hxxp://www.google.com
-\\ Mozilla Firefox v18.0.1 (en-US)
File : C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q3pmf.default\prefs.js
C:\Users\FBI Surveillance Van\AppData\Roaming\Mozilla\Firefox\Profiles\0a5q3pmf.default\user.js ... Deleted !
Deleted : user_pref("CT3268494.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3268494.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3268494.CBOpenMAMSettings.enc", "MA==");
Deleted : user_pref("CT3268494.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3268494.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3268494.FirstTime", "true");
Deleted : user_pref("CT3268494.FirstTimeFF3", "true");
Deleted : user_pref("CT3268494.LoginRevertSettingsEnabled", true);
Deleted : user_pref("CT3268494.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3268494.RevertSettingsEnabled", true);
Deleted : user_pref("CT3268494.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT326[...]
Deleted : user_pref("CT3268494.UserID", "UN33858214542508132");
Deleted : user_pref("CT3268494.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3268494.addressUrlXPETakeover", "true");
Deleted : user_pref("CT3268494.autoDisableScopes", -1);
Deleted : user_pref("CT3268494.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3268494.cbcountry_001.enc", "VVM=");
Deleted : user_pref("CT3268494.cbfirsttime.enc", "U3VuIEphbiAyNyAyMDEzIDAyOjU5OjE0IEdNVC0wNTAwIChFYXN0ZXJuIFN0[...]
Deleted : user_pref("CT3268494.defaultSearch", "true");
Deleted : user_pref("CT3268494.defaultSearchXPETakeover", "true");
Deleted : user_pref("CT3268494.enableAlerts", "always");
Deleted : user_pref("CT3268494.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT3268494.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3268494.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3268494.fixPageNotFoundError", "true");
Deleted : user_pref("CT3268494.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3268494.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3268494.fixUrls", true);
Deleted : user_pref("CT3268494.homepageuserchanged", true);
Deleted : user_pref("CT3268494.installDate", "27/1/2013 2:54:44");
Deleted : user_pref("CT3268494.installId", "116303");
Deleted : user_pref("CT3268494.installType", "conduitnsisintegration");
Deleted : user_pref("CT3268494.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3268494.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3268494.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3268494.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3268494.keyword", "true");
Deleted : user_pref("CT3268494.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3268494.lastVersion", "10.14.42.7");
Deleted : user_pref("CT3268494.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3268494.migrateAppsAndComponents", true);
Deleted : user_pref("CT3268494.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3268494.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3268494.openThankYouPage", "false");
Deleted : user_pref("CT3268494.openUninstallPage", "true");
Deleted : user_pref("CT3268494.revertSettingsEnabled", "TRUE");
Deleted : user_pref("CT3268494.search.searchAppId", "129989109966145536");
Deleted : user_pref("CT3268494.search.searchCount", "0");
Deleted : user_pref("CT3268494.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3268494.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3268494.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3268494.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3268494.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3268494.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1359273541808");
Deleted : user_pref("CT3268494.serviceLayer_services_appsMetadata_lastUpdate", "1359273541780");
Deleted : user_pref("CT3268494.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1359273541667");
Deleted : user_pref("CT3268494.serviceLayer_services_login_10.14.42.7_lastUpdate", "1359332526949");
Deleted : user_pref("CT3268494.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1359273541713");
Deleted : user_pref("CT3268494.serviceLayer_services_searchAPI_lastUpdate", "1359273541015");
Deleted : user_pref("CT3268494.serviceLayer_services_serviceMap_lastUpdate", "1359273539818");
Deleted : user_pref("CT3268494.serviceLayer_services_toolbarContextMenu_lastUpdate", "1359273541630");
Deleted : user_pref("CT3268494.serviceLayer_services_toolbarSettings_lastUpdate", "1359332526895");
Deleted : user_pref("CT3268494.serviceLayer_services_translation_lastUpdate", "1359273541788");
Deleted : user_pref("CT3268494.settingsINI", true);
Deleted : user_pref("CT3268494.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3268494.smartbar.CTID", "CT3268494");
Deleted : user_pref("CT3268494.smartbar.Uninstall", "1");
Deleted : user_pref("CT3268494.smartbar.homepage", true);
Deleted : user_pref("CT3268494.smartbar.isHidden", true);
Deleted : user_pref("CT3268494.smartbar.toolbarName", "VisualBee V.1 ");
Deleted : user_pref("CT3268494.startPage", "true");
Deleted : user_pref("CT3268494.toolbarBornServerTime", "27-1-2013");
Deleted : user_pref("CT3268494.toolbarCurrentServerTime", "28-1-2013");
Deleted : user_pref("CT3268494.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
Deleted : user_pref("CT3268494.url_history0001.enc", "aHR0cDovL3RyYW5zbGF0ZWNsaWVudC5jb20vZG93bmxvYWRfZGljdGlv[...]
Deleted : user_pref("CT3268494.webServerUrl", "");
Deleted : user_pref("CT3268494_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3268494&octid=CT326849[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?q=");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3268494");
Deleted : user_pref("browser.search.defaultthis.engineName", "VisualBee V.1 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268494&Sea[...]
Deleted : user_pref("ct3268494.UserID", "UN33858214542508132");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3268494&octid=CT3268494[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.machineId", "PXHXQ3O18TXKH7KKJVSOWGHM0MUL/BDE601OXZMEEHA4+YRPS/QHH7AW435IAD7XNOR[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3268494&octid=CT3268494&Se[...]
Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://www.bing.com/search?q=");
Deleted : user_pref("smartbar.originalSearchEngine", "qrobe.it");
-\\ Google Chrome v24.0.1312.56
File : C:\Users\FBI Surveillance Van\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.1] : icon_url ={"t_search_provider"":{"enabled":true,"encodings":"UTF-8","hxxp://www.google.com/favicon.[...]
*************************
AdwCleaner[R1].txt - [142152 octets] - [30/01/2013 13:31:24]
AdwCleaner[S1].txt - [357 octets] - [30/01/2013 13:31:07]
AdwCleaner[S2].txt - [13730 octets] - [30/01/2013 13:38:35]
########## EOF - C:\AdwCleaner[S2].txt - [13791 octets] ##########
 
Joined
May 7, 2011
Messages
14,142
Is copying and pasting my personal data to a public forum the only option?
I have not asked and would never ask for personal information to be posted so I have no idea what you are referring to.

ADWCleaner has removed Visualbee along with several other Adware related items. RogueKiller found nothing suspicious.

As you have been running the system without any Anti Virus protection it is important that you install and run MSE as requested in post 4 to check your system for any infections, you will have to transfer it with a Flash Drive from a working PC if you still have no internet connection. Please select and remove any detections it finds and post all the details.

My services are now working, ms config fixed it.
What services are you referring to. Clearly not all your services are working as the Event Viewer is not available and your desktop is in an inconsistent state, this scan may show us what the problem is.

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Put a check mark in all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 

RipnDip

Thread Starter
Joined
Mar 14, 2009
Messages
67
MSE found no malware.

Farbar Service Scanner Version: 10-02-2013
Ran by FBI Surveillance Van (administrator) on 12-02-2013 at 21:59:37
Running from "C:\Users\FBI Surveillance Van\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 

RipnDip

Thread Starter
Joined
Mar 14, 2009
Messages
67
Thank you for your help Mark, I deeply appreciate it. When I said personal info I meant system info.
 
Joined
May 7, 2011
Messages
14,142
You're most welcome, I appreciate the offer of a donation, but this site needs it more than I do, there is a Donate button at the top of the page.

The last scan isn't showing any issues, how is the system running now?
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
opened by request
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top