1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Random audio ads playing in the background (no browser open)

Discussion in 'Virus & Other Malware Removal' started by decidedlyanxious, Jul 3, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. decidedlyanxious

    decidedlyanxious Thread Starter

    Joined:
    Jul 3, 2012
    Messages:
    11
    Yesterday and the day before I opened my computer and all of a sudden random audio ads started to play even though I hadn't opened a browser or started any programs. Browsing through all the other techguy forum posts of people with the same computer symptoms (random audio ads playing in the background with no browser running) the problem has turned out to be a Zeroaccess Rootkit. If that turns out to be the case I'm prepared to do a hard drive reformat but would like to make certain before doing so (am extremely concerned about identity theft and banking detail implications).

    There are no other symptoms of any viruses or malware - my computer is running fine and my Nod Eset antivirus scanner has turned up with 0 infections.

    System specs:
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz, Intel64 Family 6 Model 30 Stepping 5
    Processor Count: 4
    RAM: 8151 Mb
    Graphics Card: NVIDIA GeForce GT 230, 1536 Mb
    Hard Drives: C: Total - 942573 MB, Free - 613544 MB; D: Total - 11192 MB, Free - 1627 MB;
    Motherboard: MSI, IONA
    Antivirus: ESET NOD32 Antivirus 4.2, Updated and Enabled


    Below is the HijackThis logfile


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:41:01 PM, on 3/07/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
    C:\Program Files (x86)\MultiScreen\MultiScreen.exe
    C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuSchd2.exe
    C:\Windows\OEM03Mon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
    C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
    C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
    C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
    C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
    C:\Users\Shirley\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
    O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
    O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
    O4 - HKLM\..\Run: [F5D8055v2] C:\Program Files (x86)\Belkin\F5D8055\v2\BelkinDetectUI.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-440003043-1088803470-648843409-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-440003043-1088803470-648843409-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Startup: CurseClientStartup.ccip
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NETGEAR WNDA3100v2 Smart Wizard.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: WSWNDA3100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe

    --
    End of file - 12981 bytes
     
  2. decidedlyanxious

    decidedlyanxious Thread Starter

    Joined:
    Jul 3, 2012
    Messages:
    11
    DDS text file:


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Shirley at 17:55:40 on 2012-07-03
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8151.6035 [GMT 8:00]
    .
    AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files (x86)\MultiScreen\MultiScreen.exe
    C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuSchd2.exe
    C:\Windows\OEM03Mon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Users\Shirley\AppData\Local\Apps\2.0\AWLQ1Y62.RZ8\82EMCA2G.3MW\curs..tion_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\CurseClient.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
    C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
    C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
    C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
    C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
    mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
    mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
    mRun: [F5D8055v2] C:\Program Files (x86)\Belkin\F5D8055\v2\BelkinDetectUI.exe
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\Shirley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{84B3FB17-2CF6-4D8D-BC90-65B8F10F11A5} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{84B3FB17-2CF6-4D8D-BC90-65B8F10F11A5}\3547574656E647 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{84B3FB17-2CF6-4D8D-BC90-65B8F10F11A5}\E4544574541425D223E243D274 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{9E981298-052A-450F-9770-E1FA7783F507} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{D7956ABC-BA6F-40DB-B167-BF28A6E841FB} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{D7956ABC-BA6F-40DB-B167-BF28A6E841FB}\3547574656E647 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{EACC12C1-B2E0-4245-A9CC-8EBBBC6EF48D} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{EACC12C1-B2E0-4245-A9CC-8EBBBC6EF48D}\3547574656E647 : DhcpNameServer = 192.168.0.1
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun-x64: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
    mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
    mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
    mRun-x64: [F5D8055v2] C:\Program Files (x86)\Belkin\F5D8055\v2\BelkinDetectUI.exe
    mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/12/19 11:41:51];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-12-19 146928]
    R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-3-24 810120]
    R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-19 13336]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-2-23 103440]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-15 1262400]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
    R2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-10-30 278528]
    R3 AVER_H193;AVerMedia H193 Video Capture;C:\Windows\system32\drivers\AVer888RC_64.sys --> C:\Windows\system32\drivers\AVer888RC_64.sys [?]
    R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
    R3 CXCIR;AVerMedia Consumer Infrared Receiver;C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys --> C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 TotRec8;Total Recorder WDM audio filter driver;\??\C:\Windows\system32\drivers\TotRec8.sys --> C:\Windows\system32\drivers\TotRec8.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 netr28ux;Belkin N+ Wireless USB Adapter Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    S3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;\??\C:\Windows\system32\Drivers\OEM03Afx.sys --> C:\Windows\system32\Drivers\OEM03Afx.sys [?]
    S3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM03Vfx.sys --> C:\Windows\system32\DRIVERS\OEM03Vfx.sys [?]
    S3 OEM03Vid;Creative Camera OEM003 Driver;C:\Windows\system32\DRIVERS\OEM03Vid.sys --> C:\Windows\system32\DRIVERS\OEM03Vid.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WRfiltv;WRfiltv;C:\Windows\system32\drivers\WRfiltv.sys --> C:\Windows\system32\drivers\WRfiltv.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-03 09:32:05 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78332675-CB20-40DC-ACF1-A21C387F2585}\offreg.dll
    2012-06-29 06:51:38 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78332675-CB20-40DC-ACF1-A21C387F2585}\mpengine.dll
    2012-06-19 06:18:19 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-19 06:17:59 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-19 06:17:39 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-19 06:17:38 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-15 14:28:02 -------- d-----w- C:\Users\Shirley\.config
    2012-06-13 12:50:54 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-06-13 07:13:31 -------- d-----w- C:\Program Files\iTunes
    2012-06-13 07:13:31 -------- d-----w- C:\Program Files\iPod
    2012-06-13 07:13:31 -------- d-----w- C:\Program Files (x86)\iTunes
    .
    ==================== Find3M ====================
    .
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
    2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-14 18:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-04-18 12:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-04-18 12:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    .
    ============= FINISH: 17:55:55.08 ===============
     
  3. decidedlyanxious

    decidedlyanxious Thread Starter

    Joined:
    Jul 3, 2012
    Messages:
    11
    as attached.
     

    Attached Files:

  4. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi and welcome....

    Please download aswMBR to your desktop.

    • Right click and Run as Administrator the aswMBR icon to run it.
    • Click the Scan button to start scan.
    • If asked whether you would like to update the Avast virus database please do.
    • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

    [​IMG]
    Click the image to enlarge it
    ----------
     
  5. decidedlyanxious

    decidedlyanxious Thread Starter

    Joined:
    Jul 3, 2012
    Messages:
    11
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-03 21:46:29
    -----------------------------
    21:46:29.672 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:46:29.672 Number of processors: 4 586 0x1E05
    21:46:29.672 ComputerName: SHIRLEY-PC UserName: Shirley
    21:46:31.809 Initialize success
    21:49:52.860 AVAST engine defs: 12070300
    21:50:55.290 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:50:55.290 Disk 0 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 8
    21:50:55.290 Disk 0 MBR read successfully
    21:50:55.306 Disk 0 MBR scan
    21:50:55.306 Disk 0 unknown MBR code
    21:50:55.322 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    21:50:55.337 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942574 MB offset 206848
    21:50:55.384 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11193 MB offset 1930598400
    21:50:55.431 Disk 0 scanning C:\Windows\system32\drivers
    21:51:06.070 Service scanning
    21:51:28.066 Modules scanning
    21:51:28.082 Disk 0 trace - called modules:
    21:51:28.097 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    21:51:28.612 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007add060]
    21:51:28.612 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80077e5050]
    21:51:30.671 AVAST engine scan C:\Windows
    21:51:34.384 AVAST engine scan C:\Windows\system32
    21:54:05.503 AVAST engine scan C:\Windows\system32\drivers
    21:54:19.543 AVAST engine scan C:\Users\Shirley
    21:55:03.545 Disk 0 MBR has been saved successfully to "C:\Users\Shirley\Desktop\MBR.dat"
    21:55:03.545 The log file has been saved successfully to "C:\Users\Shirley\Desktop\aswMBR.txt"
     
  6. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • when the window opens, click on Change Parameters
    • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
    • click OK
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Attach the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    ----------

    Please download MBRCheck.exe to your desktop.
    • Be sure to disable your security programs
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
    • A window will open on your desktop
    • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
    • Please post the contents of that file.

    In your next reply please post the logs made by TDSSKiller and MBRCheck. :)
     
  7. decidedlyanxious

    decidedlyanxious Thread Starter

    Joined:
    Jul 3, 2012
    Messages:
    11
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: Service Pack 1 (build 7601), 64-bit
    Base Board Manufacturer: MSI
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: HP-Pavilion
    System Product Name: VT564AA-ABG HPE-180a
    Logical Drives Mask: 0x000005fc

    Kernel Drivers (total 196):
    0x02E05000 \SystemRoot\system32\ntoskrnl.exe
    0x033ED000 \SystemRoot\system32\hal.dll
    0x00BAE000 \SystemRoot\system32\kdcom.dll
    0x00CC8000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00D17000 \SystemRoot\system32\PSHED.dll
    0x00D2B000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00E4E000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00EF2000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F01000 \SystemRoot\system32\drivers\ACPI.sys
    0x00F58000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00F61000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00F6B000 \SystemRoot\system32\drivers\pci.sys
    0x00F9E000 \SystemRoot\system32\drivers\vdrvroot.sys
    0x00FAB000 \SystemRoot\System32\drivers\partmgr.sys
    0x00FC0000 \SystemRoot\system32\drivers\volmgr.sys
    0x00D89000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FD5000 \SystemRoot\System32\drivers\mountmgr.sys
    0x01058000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x01260000 \SystemRoot\system32\drivers\amdxata.sys
    0x0126B000 \SystemRoot\system32\drivers\fltmgr.sys
    0x012B7000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01432000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x012CB000 \SystemRoot\System32\Drivers\msrpc.sys
    0x015D5000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01329000 \SystemRoot\System32\Drivers\cng.sys
    0x01400000 \SystemRoot\System32\drivers\pcw.sys
    0x01411000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x016DC000 \SystemRoot\system32\drivers\ndis.sys
    0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x018DF000 \SystemRoot\System32\drivers\tcpip.sys
    0x01AE2000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01B2C000 \SystemRoot\system32\DRIVERS\scmndisp.sys
    0x01B36000 \SystemRoot\system32\drivers\volsnap.sys
    0x01B82000 \SystemRoot\System32\Drivers\spldr.sys
    0x01B8A000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01BC4000 \SystemRoot\System32\Drivers\mup.sys
    0x01BD6000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x0183A000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01850000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x044B3000 \SystemRoot\system32\drivers\cdrom.sys
    0x044DD000 \SystemRoot\System32\Drivers\Null.SYS
    0x044E6000 \SystemRoot\System32\Drivers\Beep.SYS
    0x044ED000 \SystemRoot\system32\DRIVERS\ehdrv.sys
    0x04512000 \SystemRoot\System32\drivers\vga.sys
    0x04520000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x04545000 \SystemRoot\System32\drivers\watchdog.sys
    0x04555000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x0455E000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x04567000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x04570000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x0457B000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x0458C000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x045AE000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x04200000 \SystemRoot\system32\drivers\afd.sys
    0x045BB000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x04289000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x0188E000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x018B4000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x018CA000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x01BDF000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x0168B000 \SystemRoot\system32\drivers\termdd.sys
    0x0139B000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x0169F000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x016AB000 \SystemRoot\system32\drivers\mssmbios.sys
    0x016B6000 \SystemRoot\System32\drivers\discache.sys
    0x017CF000 \SystemRoot\System32\Drivers\dfsc.sys
    0x017ED000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x01000000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x016C5000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x0F22C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x0FFEE000 \SystemRoot\System32\Drivers\nvBridge.kmd
    0x04674000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04768000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x047AE000 \SystemRoot\system32\DRIVERS\HECIx64.sys
    0x047BF000 \SystemRoot\system32\drivers\usbehci.sys
    0x04600000 \SystemRoot\system32\drivers\USBPORT.SYS
    0x047D0000 \SystemRoot\system32\drivers\HDAudBus.sys
    0x04AA5000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x04AFB000 \SystemRoot\system32\drivers\1394ohci.sys
    0x04B39000 \SystemRoot\system32\drivers\AVer888RC_64.sys
    0x04A00000 \SystemRoot\system32\drivers\ks.sys
    0x04A43000 \SystemRoot\system32\drivers\BdaSup.SYS
    0x04A47000 \??\C:\Windows\system32\drivers\TotRec8.sys
    0x04A70000 \SystemRoot\system32\drivers\ksthunk.sys
    0x04A76000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x04A83000 \SystemRoot\system32\drivers\CompositeBus.sys
    0x04BBE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x04BD4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x04A93000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x01026000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04656000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x0F200000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x0FFF0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x0141B000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x04A9F000 \SystemRoot\system32\drivers\swenum.sys
    0x013EC000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x00E1A000 \SystemRoot\system32\drivers\umbus.sys
    0x04E83000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x04EDD000 \SystemRoot\system32\DRIVERS\AVer888RCIR_64.sys
    0x04EEE000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x06018000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x06275000 \SystemRoot\system32\drivers\portcls.sys
    0x062B2000 \SystemRoot\system32\drivers\drmk.sys
    0x062D4000 \SystemRoot\system32\DRIVERS\hidir.sys
    0x062E5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x062FE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x06307000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x06315000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x00020000 \SystemRoot\System32\win32k.sys
    0x06322000 \SystemRoot\System32\drivers\Dxapi.sys
    0x0632E000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x04292000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x0633C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x0634F000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x0284F000 \SystemRoot\system32\DRIVERS\bcmwlhigh664.sys
    0x02986000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x02993000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x029A1000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x029A3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x029C0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x029DB000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x029EC000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x02800000 \SystemRoot\system32\DRIVERS\dot4usb.sys
    0x02810000 \SystemRoot\system32\DRIVERS\Dot4.sys
    0x02838000 \SystemRoot\system32\drivers\Dot4Prt.sys
    0x005E0000 \SystemRoot\System32\TSDDD.dll
    0x00610000 \SystemRoot\System32\cdd.dll
    0x008B0000 \SystemRoot\System32\ATMFD.DLL
    0x0635D000 \SystemRoot\system32\drivers\luafv.sys
    0x04F03000 \SystemRoot\system32\DRIVERS\eamonm.sys
    0x06380000 \SystemRoot\system32\drivers\WudfPf.sys
    0x063A1000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x04E00000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x063B6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x063C9000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x048A9000 \SystemRoot\system32\drivers\HTTP.sys
    0x04972000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x04990000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x049A8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x04800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0484E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x04872000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0x0487C000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
    0x078E4000 \SystemRoot\system32\drivers\peauth.sys
    0x0798A000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x07995000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x079C6000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x07800000 \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
    0x0782B000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x07E34000 \SystemRoot\System32\DRIVERS\srv.sys
    0x07ECC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x07F6E000 \??\C:\Users\Shirley\AppData\Local\Temp\aswMBR.sys
    0x76E40000 \Windows\System32\ntdll.dll
    0x47970000 \Windows\System32\smss.exe
    0xFF160000 \Windows\System32\apisetschema.dll
    0xFF480000 \Windows\System32\autochk.exe
    0xFF0D0000 \Windows\System32\difxapi.dll
    0x76C30000 \Windows\System32\iertutil.dll
    0xFF030000 \Windows\System32\comdlg32.dll
    0xFEFD0000 \Windows\System32\Wldap32.dll
    0xFEF30000 \Windows\System32\msvcrt.dll
    0x76AD0000 \Windows\System32\wininet.dll
    0xFEEC0000 \Windows\System32\gdi32.dll
    0xFEDE0000 \Windows\System32\oleaut32.dll
    0xFED90000 \Windows\System32\ws2_32.dll
    0xFEC80000 \Windows\System32\msctf.dll
    0xFEA70000 \Windows\System32\ole32.dll
    0xFEA50000 \Windows\System32\sechost.dll
    0xFEA30000 \Windows\System32\imagehlp.dll
    0xFEA20000 \Windows\System32\lpk.dll
    0xFE9F0000 \Windows\System32\imm32.dll
    0xFDC60000 \Windows\System32\shell32.dll
    0x76980000 \Windows\System32\urlmon.dll
    0xFDB80000 \Windows\System32\advapi32.dll
    0x77010000 \Windows\System32\psapi.dll
    0xFDAB0000 \Windows\System32\usp10.dll
    0xFDA30000 \Windows\System32\shlwapi.dll
    0xFD850000 \Windows\System32\setupapi.dll
    0x77000000 \Windows\System32\normaliz.dll
    0xFD7B0000 \Windows\System32\clbcatq.dll
    0x76880000 \Windows\System32\user32.dll
    0x76760000 \Windows\System32\kernel32.dll
    0xFD680000 \Windows\System32\rpcrt4.dll
    0xFD670000 \Windows\System32\nsi.dll
    0xFD5D0000 \Windows\System32\comctl32.dll
    0xFD590000 \Windows\System32\wintrust.dll
    0xFD570000 \Windows\System32\devobj.dll
    0xFD400000 \Windows\System32\crypt32.dll
    0xFD3C0000 \Windows\System32\cfgmgr32.dll
    0xFD350000 \Windows\System32\KernelBase.dll
    0xFD340000 \Windows\System32\msasn1.dll
    0x76FF0000 \Windows\SysWOW64\normaliz.dll

    Processes (total 88):
    0 System Idle Process
    4 System
    332 C:\Windows\System32\smss.exe
    480 csrss.exe
    540 C:\Windows\System32\wininit.exe
    564 csrss.exe
    604 C:\Windows\System32\services.exe
    620 C:\Windows\System32\lsass.exe
    628 C:\Windows\System32\lsm.exe
    744 C:\Windows\System32\winlogon.exe
    752 C:\Windows\System32\svchost.exe
    828 C:\Windows\System32\nvvsvc.exe
    852 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    896 C:\Windows\System32\svchost.exe
    968 C:\Windows\System32\svchost.exe
    1004 C:\Windows\System32\svchost.exe
    300 C:\Windows\System32\svchost.exe
    548 C:\Windows\System32\svchost.exe
    1060 C:\Windows\System32\svchost.exe
    1156 C:\Windows\System32\wlanext.exe
    1164 C:\Windows\System32\conhost.exe
    1216 C:\Windows\System32\spoolsv.exe
    1300 C:\Windows\System32\svchost.exe
    1432 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1480 C:\Program Files\Bonjour\mDNSResponder.exe
    1524 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    1696 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    1708 C:\Windows\System32\nvvsvc.exe
    1828 C:\Windows\System32\svchost.exe
    1852 C:\Windows\SysWOW64\svchost.exe
    1876 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    1912 C:\PROGRA~2\McAfee\SITEAD~1\mcsacore.exe
    1936 C:\Windows\System32\svchost.exe
    1992 C:\Windows\System32\rundll32.exe
    2004 C:\Windows\System32\rundll32.exe
    2012 C:\Windows\SysWOW64\rundll32.exe
    1516 C:\Windows\System32\svchost.exe
    1016 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2132 C:\Windows\System32\svchost.exe
    2172 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2228 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
    2292 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    2304 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3000 C:\Windows\System32\svchost.exe
    1812 WUDFHost.exe
    3024 C:\Windows\System32\taskhost.exe
    2704 C:\Windows\System32\taskeng.exe
    2976 C:\Windows\System32\dwm.exe
    2708 C:\Windows\explorer.exe
    3132 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
    3204 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    3228 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    3248 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    3264 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    3300 C:\Program Files (x86)\MultiScreen\MultiScreen.exe
    3408 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
    3444 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    3464 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    3480 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
    3600 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    3612 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    3632 C:\Program Files (x86)\hp\HP Software Update\hpwuSchd2.exe
    3648 C:\Users\Shirley\AppData\Local\Apps\2.0\AWLQ1Y62.RZ8\82EMCA2G.3MW\curs..tion_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\CurseClient.exe
    3660 C:\Windows\OEM03Mon.exe
    3808 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3824 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3932 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    3244 C:\Program Files\iPod\bin\iPodService.exe
    3556 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
    3584 C:\Windows\System32\SearchIndexer.exe
    3896 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
    4764 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4992 C:\Windows\System32\svchost.exe
    4384 C:\Windows\System32\taskeng.exe
    4496 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    4548 C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
    2792 C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
    4440 C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
    5396 dllhost.exe
    4428 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    6104 C:\Windows\System32\svchost.exe
    6380 C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
    12960 C:\Windows\System32\audiodg.exe
    12580 C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
    13192 dllhost.exe
    13140 dllhost.exe
    468 C:\Users\Shirley\Desktop\MBRCheck.exe
    13436 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x000000e6`25300000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHDT721010SLA360, Rev: ST6OA39D

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 767BA62C9E78D8BC0F91B55FA0F4FADDFE463E62


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     

    Attached Files:

  8. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Thanks for those.

    Download Combofix from the link below, and save it to your desktop.
    Link

    **Note: It is important that it is saved directly to your desktop**
    If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


    --------------------------------------------------------------------

    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    --------------------------------------------------------------------

    Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt for further review.
     
  9. decidedlyanxious

    decidedlyanxious Thread Starter

    Joined:
    Jul 3, 2012
    Messages:
    11
    as attached. Many thanks for your assistance thus far :).
     

    Attached Files:

  10. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    You are more than welcome. :)
    ---------

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2


    **If you are using a 64bit system please use either of the following links for your download instead:
    Link 1
    Link 2

    • Right-click and Run as Administrator SystemLook.exe to run it.
    • Copy the content within the following codebox into the main textfield:
      Code:
      :dir
      c:\users\Shirley\.config /s
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  11. decidedlyanxious

    decidedlyanxious Thread Starter

    Joined:
    Jul 3, 2012
    Messages:
    11
    I'll be leaving for a family trip in 15 mins so won't be able to reply back until tomorrow.

    SystemLook 30.07.11 by jpshortstuff
    Log created at 11:01 on 04/07/2012 by Shirley
    Administrator - Elevation successful

    ========== dir ==========

    c:\users\Shirley\.config - Parameters: "/s"

    ---Files---
    None found.

    c:\users\Shirley\.config\qtcurve d------ [14:28 15/06/2012]

    -= EOF =-
     
  12. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    I see that you have had McAfee on your system before, but now seem to use ESET? If you are no longer using McAfee please uninstall that through Control Panel >> Programs and Features. Then run the following tool to remove anything left of McAfee >> http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe Once that tool is run reboot your system.
    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
      Code:
      ClearJavaCache::
      
      DDS::
      TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
      TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
      TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
      TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
      
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

      [​IMG]
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    ----------
     
  13. decidedlyanxious

    decidedlyanxious Thread Starter

    Joined:
    Jul 3, 2012
    Messages:
    11
    as attached :).
     

    Attached Files:

  14. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi,

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

      [​IMG]
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


    The log can also be found here:
    C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    ----------

    Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
    • Click Scan (This scan can take several hours, so please be patient)
    • If there are threats that are found, please press List of found threats and then in the next window that opens press Export to text file...
    • Copy and paste/or attach that log as a reply to this topic
    **Note** If not threats are found there will not be a log created.
    ----------

    In your next reply please post the logs created by Malwarebytes and ESET. :)
     
  15. decidedlyanxious

    decidedlyanxious Thread Starter

    Joined:
    Jul 3, 2012
    Messages:
    11
    Apologies for the late reply - below is log for the malwarebytes scan. The Eset online scan found no threats.

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.05.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Shirley :: SHIRLEY-PC [administrator]

    5/07/2012 9:33:47 PM
    mbam-log-2012-07-05 (21-33-47).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 231646
    Time elapsed: 2 minute(s), 3 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1059495