Task Manager Closes Upon Starting

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Smoge

Thread Starter
Joined
Jan 16, 2013
Messages
4
My computer was recently infected with one of the fake FBI alert virus, which I thought I had successfully removed. However, my task manager is still having problems. Immediately after opening, it will close.

Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:18:02 PM, on 1/16/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
c:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Troy Malsam\Desktop\HijackThis.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzeb049YYUS_ZJxdm128YYUS
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O15 - Trusted IP range: http://192.168.10.1
O15 - ESC Trusted IP range: http://192.168.10.1
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.26.0.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
O16 - DPF: {444785F1-DE89-4295-863A-D46C3A781394} - http://webplayer.unity3d.com/download_webplayer/UnityWebPlayer.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} (IBM Lotus iNotes 8.5 Control) - http://domino2.limacityschools.org/dwa85W.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://mywayphotos.riteaid.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files\Common Files\Desura\desura_service.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files\Hi-Rez Studios\HiPatchService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9365 bytes

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1
Run by Troy Malsam at 19:18:15 on 2013-01-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1181 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
c:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Common Files\Steam\SteamService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Troy Malsam\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: SearchSettings Class: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\search settings\kb128\SearchSettings.dll
uURLSearchHooks: <No Name>: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - c:\program files\couponalert_2p\bar\1.bin\2pSrcAs.dll
uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
uURLSearchHooks: {32b29df0-2237-4370-9a29-37cebb730e9b} - <orphaned>
mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
uWindows: Load = c:\users\troyma~1\locals~1\temp\mspaifxx.pif
mWinlogon: Userinit = c:\windows\system32\userinit.exe
BHO: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\dealio toolbar\DealioToolbarIE.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - c:\program files\couponalert_2p\bar\1.bin\2pbar.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll
BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - c:\program files\couponalert_2p\bar\1.bin\2pSrcAs.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\18.7.2.3\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SearchSettings Class: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\search settings\kb128\SearchSettings.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\dealio toolbar\DealioToolbarIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - c:\program files\couponalert_2p\bar\1.bin\2pbar.dll
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\troy malsam\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [systeminit.exe] c:\users\troyma~1\appdata\local\temp\systeminit.exe
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [NCsoft Launcher] c:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
uRun: [CrashDumps] rundll32.exe "c:\users\troy malsam\appdata\local\falloutnv\crashdumps\mbssgxg.dll",DllRegisterServerW
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [CyberLink] c:\users\troy malsam\appdata\roaming\54809a\54809A.exe
uRun: [Adobe CS Manager] c:\users\troy malsam\appdata\roaming\d286bf41-218d-432a-b15f-d40cebc6b19c79\dbfdabfdcebcbc.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SS_MW] c:\program files\radica\stylin' studio\SS_MW.exe
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [CouponAlert_2p Browser Plugin Loader] c:\progra~1\coupon~2\bar\1.bin\2pbrmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: c:\users\troyma~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\runctf.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzeb049YYUS_ZJxdm128YYUS
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.26.0.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer/UnityWebPlayer.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxp://domino2.limacityschools.org/dwa85W.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://mywayphotos.riteaid.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{0078279E-8349-48A2-941C-83420A7E14DA} : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{4B8DB134-9445-4147-BE84-E777B9D1E0A3} : DHCPNameServer = 192.168.10.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\troy malsam\appdata\roaming\mozilla\firefox\profiles\ztc61qm1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\couponalert_2p\bar\1.bin\NP2pStub.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\troy malsam\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\troy malsam\appdata\roaming\mozilla\firefox\profiles\ztc61qm1.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\plugins\np-mswmp.dll
FF - plugin: c:\users\troy malsam\appdata\roaming\mozilla\firefox\profiles\ztc61qm1.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\plugins\np-mswmp.dll
FF - plugin: c:\users\troy malsam\appdata\roaming\mozilla\firefox\profiles\ztc61qm1.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2011-07-01 22:52; [email protected]_2p.com; c:\program files\couponalert_2p\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1207020.003\symds.sys [2012-6-11 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1207020.003\symefa.sys [2012-6-11 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20130111.001\BHDrvx86.sys [2013-1-15 995488]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20130115.001\IDSvix86.sys [2013-1-16 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1207020.003\ironx86.sys [2012-6-11 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1207020.003\symtdiv.sys [2012-6-11 331384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-12-10 1435568]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2012-1-8 8704]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-11-30 382824]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\ae1000va.sys [2010-12-3 836384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-27 106656]
R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2008-8-26 207360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 Desura Install Service;Desura Install Service;c:\program files\common files\desura\desura_service.exe [2012-2-25 131912]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-8-7 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-01-16 23:09:06 -------- d-----w- c:\users\troy malsam\appdata\roaming\Waew
2013-01-16 23:09:06 -------- d-----w- c:\users\troy malsam\appdata\roaming\Ittuu
2013-01-16 23:09:06 -------- d-----w- c:\users\troy malsam\appdata\roaming\Axag
2013-01-16 23:04:08 -------- d-----w- c:\users\troy malsam\appdata\roaming\d286bf41-218d-432a-b15f-d40cebc6b19c79
2013-01-16 23:04:00 181248 --sha-w- c:\programdata\ms00A10AEB.dat
2013-01-16 23:03:53 -------- d-----w- c:\users\troy malsam\appdata\roaming\Xaure
2013-01-16 23:03:53 -------- d-----w- c:\users\troy malsam\appdata\roaming\Veacu
2013-01-16 23:03:53 -------- d-----w- c:\users\troy malsam\appdata\roaming\Asno
2013-01-12 16:56:38 -------- d-----w- c:\users\troy malsam\appdata\local\Warframe
2013-01-08 20:59:50 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-08 20:59:49 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 20:58:51 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-06 19:58:43 -------- d-----w- c:\program files\OverTheEdge
2012-12-22 17:01:40 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-12-21 18:20:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 18:20:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-18 21:18:04 -------- d-----w- c:\users\troy malsam\appdata\local\4A Games
2012-12-18 02:47:45 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-12-18 02:47:45 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2012-12-18 02:47:45 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-12-18 02:47:44 9373032 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-18 02:47:44 7819016 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-18 02:47:44 6149904 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-18 02:47:44 20335976 ----a-w- c:\windows\system32\nvoglv32.dll
2012-12-18 02:47:43 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-18 02:47:43 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-18 02:47:42 2606440 ----a-w- c:\windows\system32\nvcuvid.dll
.
==================== Find3M ====================
.
2013-01-09 00:43:23 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 00:43:22 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-03 15:39:40 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-03 15:39:40 2496976 ----a-w- c:\windows\system32\nvapi.dll
2012-12-03 15:39:40 15122280 ----a-w- c:\windows\system32\nvd3dum.dll
2012-12-03 15:39:40 12603960 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-12-03 15:39:40 1011048 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-01 04:38:18 2869608 ----a-w- c:\windows\system32\nvsvc.dll
2012-12-01 04:38:13 3984744 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 04:37:55 645480 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 04:37:55 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 04:37:55 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 03:43:52 438632 ----a-w- c:\windows\system32\nvStreaming.exe
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
.
============= FINISH: 19:19:54.26 ===============

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/11/2008 5:49:18 PM
System Uptime: 1/16/2013 6:58:54 PM (1 hours ago)
.
Motherboard: OEM_MB | | IVY8
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 6.106 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.22 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0000
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: NVIDIA nForce 10/100 Mbps Ethernet
Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_2A5B103C&REV_A2\3&2411E6FE&0&38
Manufacturer: NVIDIA
Name: NVIDIA nForce 10/100 Mbps Ethernet
PNP Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_2A5B103C&REV_A2\3&2411E6FE&0&38
Service: NVENETFD
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_COUPONALERT_2PSERVICE_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_COUPONALERT_2PSERVICE_XX
Service: CouponAlert_2pService
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_MYWEBSEARCHSERVICE_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_MYWEBSEARCHSERVICE_XX
Service: MyWebSearchService
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (L2TP)
Device ID: ROOT\MS_L2TPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (L2TP)
PNP Device ID: ROOT\MS_L2TPMINIPORT\0000
Service: Rasl2tp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (Network Monitor)
Device ID: ROOT\MS_NDISWANBH\0000
Manufacturer: Microsoft
Name: WAN Miniport (Network Monitor)
PNP Device ID: ROOT\MS_NDISWANBH\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IP)
Device ID: ROOT\MS_NDISWANIP\0000
Manufacturer: Microsoft
Name: WAN Miniport (IP)
PNP Device ID: ROOT\MS_NDISWANIP\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IPv6)
Device ID: ROOT\MS_NDISWANIPV6\0000
Manufacturer: Microsoft
Name: WAN Miniport (IPv6)
PNP Device ID: ROOT\MS_NDISWANIPV6\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (PPPOE)
Device ID: ROOT\MS_PPPOEMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPPOE)
PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000
Service: RasPppoe
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (PPTP)
Device ID: ROOT\MS_PPTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPTP)
PNP Device ID: ROOT\MS_PPTPMINIPORT\0000
Service: PptpMiniport
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (SSTP)
Device ID: ROOT\MS_SSTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (SSTP)
PNP Device ID: ROOT\MS_SSTPMINIPORT\0000
Service: RasSstp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
Adobe Shockwave Player 11.5
Advanced PC Tweaker v4.2
Amazon MP3 Downloader 1.0.15
Apple Application Support
Apple Mobile Device Support
Apple Software Update
applicationupdater
Ask Toolbar
Audacity 1.2.6
Auslogics Disk Defrag
Big Fish Games: Game Manager
Bing Bar
Bonjour
CamStudio
Cards_Calendar_OrderGift_DoMorePlugout
Cave Story Deluxe
Compatibility Pack for the 2007 Office system
Coupon Alert
Coupon Printer for Windows
Coupons.com Toolbar
CyberLink DVD Suite Deluxe
D-Link DFE-530TX+
D-Link PCI Fast Ethernet Adapter
D3DX10
Dark Souls: Prepare to Die Edition
Dealio Toolbar v4.0
Dedicated Server
Desura
DFOLauncher
Dungeon Fighter Online
Ease Audio Converter 4.80
Explorer Suite III
Fallout: New Vegas
Flash Movie Player 1.5
FlipShare
Free Mp3 Wma Converter V 1.8.0
Free MP3 WMA OGG Converter 8.2.5
FTL: Faster Than Light
Garry's Mod
GCFScape 1.8.0
GECK - New Vegas Edition
GoldWave v5.20
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Gyazo 1.0
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life Dedicated Server Update Tool
Hardware Diagnostic Tools
Hi-Rez Studios Games
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Demo
HP MediaSmart DVD
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Product Detection
HP Recovery Manager RSS
HP Update
HPAsset component for HP Active Support Library
HPPhotoSmartPhotobookWebPack1
HPTCSSetup
iTunes
Japanese Fonts Support For Adobe Reader 8
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) SE Runtime Environment 6 Update 1
JavaFX 2.1.1
Junk Mail filter update
LabelPrint
League of Legends
Left 4 Dead 2
Left 4 Dead 2 Add-on Support
Left 4 Dead 2 Authoring Tools
Left 4 Dead 2 Dedicated Server
LightScribe System Software
LightScribeTemplateLabeler
LogMeIn Hamachi
Map Button (Windows Live Toolbar)
Mesh Runtime
Messenger Companion
Metro 2033
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
MobileMe Control Panel
Mozilla Firefox 5.0.1 (x86 en-US)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mumble 1.2.3
muvee autoProducer 6.1
My HP Games
My Web Search (Smiley Central)
MySQL Connector/ODBC 3.51
MySQL Server 5.0
Mystery Case Files: Ravenhearst &reg;
Norton Internet Security
Norton Security Scan
NVIDIA 3D Vision Controller Driver 310.70
NVIDIA 3D Vision Driver 310.70
NVIDIA Control Panel 310.70
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 310.70
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
OBCO Final Release (Compiled Version - some features disabled).
OGA Notifier 2.0.0048.0
Paint.NET v3.5.10
Pando Media Booster
ParetoLogic DriverCure
PCIe Soft Data Fax Modem with SmartCP
PhotoMovieMaker
PictureMover
Portal
Portforward Static IP Address 1.0.43
Power2Go
PowerDirector
ProGen
PSSWCORE
Python 2.5.2
QuickTime
Realm of the Mad God
Realtek High Definition Audio Driver
RegAce System Suite
Safari
Search Settings 1.2.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Segoe UI
Simple Port Forwarding
Skype Toolbars
Skype™ 5.10
Smart Menus (Windows Live Toolbar)
Source SDK Base - Orange Box
sp44626
Spelling Dictionaries Support For Adobe Reader 8
Sphere (remove only)
Spiral Knights
SPORE Creature Creator Trial Edition
SQLyog Community 6.03
Steam
Stylin' Studio v1.0
System Requirements Lab
System Requirements Lab CYRI
Team Fortress 2
Team Fortress 2 Dedicated Server
Terraria
The Binding Of Isaac
The Weather Channel App
The Weather Channel Desktop 6
TortoiseSVN 1.6.7.18415 (32 bit)
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VideoToolkit01
VTFEdit 1.2.5
Warcraft III
Warframe
WeGame Client 2.2.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
XSplit
.
==== End Of File ===========================

ark.txt

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-16 19:28:43
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000065 ST332082 rev.3.CH 298.09GB
Running: m7shzt81.exe; Driver: C:\Users\TROYMA~1\AppData\Local\Temp\fwldypod.sys

---- System - GMER 2.0 ----
SSDT 88518648 ZwAlertResumeThread
SSDT 88518728 ZwAlertThread
SSDT 88525558 ZwAllocateVirtualMemory
SSDT 87D392C0 ZwAlpcConnectPort
SSDT 88527900 ZwAssignProcessToJobObject
SSDT 88518398 ZwCreateMutant
SSDT 885275D8 ZwCreateSymbolicLinkObject
SSDT 88BBB060 ZwCreateThread
SSDT 885279E0 ZwDebugActiveProcess
SSDT 88525728 ZwDuplicateObject
SSDT 884F4E68 ZwFreeVirtualMemory
SSDT 88518488 ZwImpersonateAnonymousToken
SSDT 88518568 ZwImpersonateThread
SSDT 87D39248 ZwLoadDriver
SSDT 884F4D68 ZwMapViewOfSection
SSDT 885182B8 ZwOpenEvent
SSDT 88BAA9C0 ZwOpenProcess
SSDT 88525648 ZwOpenProcessToken
SSDT 88527C08 ZwOpenSection
SSDT 88525818 ZwOpenThread
SSDT 88527810 ZwProtectVirtualMemory
SSDT 88527FA8 ZwResumeThread
SSDT 884F4AB8 ZwSetContextThread
SSDT 884F4B98 ZwSetInformationProcess
SSDT 88527AC0 ZwSetSystemInformation
SSDT 88527EA8 ZwSuspendProcess
SSDT 88518BF0 ZwSuspendThread
SSDT 8864DE58 ZwTerminateProcess
SSDT 884F49D8 ZwTerminateThread
SSDT 884F4C88 ZwUnmapViewOfSection
SSDT 884F4F38 ZwWriteVirtualMemory
SSDT 88527710 ZwCreateThreadEx
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!KeSetEvent + 11D 82CB57E0 8 Bytes [48, 86, 51, 88, 28, 87, 51, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 82CB57F4 4 Bytes [58, 55, 52, 88]
.text ntkrnlpa.exe!KeSetEvent + 13D 82CB5800 4 Bytes [C0, 92, D3, 87]
.text ntkrnlpa.exe!KeSetEvent + 191 82CB5854 4 Bytes CALL D54458DB
.text ntkrnlpa.exe!KeSetEvent + 1F5 82CB58B8 4 Bytes [98, 83, 51, 88]
.text ...
? C:\Users\TROYMA~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 2.0 ----
.text C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE[868] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00275560
.text C:\Windows\System32\rundll32.exe[1240] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 001E5560
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1384] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 003F5560
.text C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe[2112] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 002B5560
.text C:\Windows\ehome\ehtray.exe[2404] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 014A5560
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] ntdll.dll!NtSetInformationProcess 77835194 5 Bytes JMP 032C0594
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!ReadProcessMemory + 3E 76741CB3 7 Bytes JMP 032C012A
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!WriteProcessMemory + 106 76741DBE 7 Bytes JMP 032C03D0
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!CreateIoCompletionPort + 52 76769D96 7 Bytes JMP 032C04B2
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!VirtualAllocEx + 54 7678AF50 7 Bytes JMP 032C02EE
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!CreateThread 7678CB0E 5 Bytes JMP 032C0048
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!GetProcessHandleCount + 35 767D5DD3 7 Bytes JMP 032C020C
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!SetWindowsHookExW 75F687AD 5 Bytes JMP 694425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!CallNextHookEx 75F68E3B 5 Bytes JMP 69467FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!UnhookWindowsHookEx 75F698DB 5 Bytes JMP 6948ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!EnableWindow 75F6CD8B 5 Bytes JMP 69449EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DefWindowProcA 75F6DB88 7 Bytes JMP 69409805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!CreateWindowExA 75F6DC2A 5 Bytes JMP 6941363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!CreateWindowExW 75F71305 5 Bytes JMP 694703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DefWindowProcW 75F803B4 7 Bytes JMP 69468042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxParamW 75F910B0 5 Bytes JMP 693A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxIndirectParamW 75F92EF5 5 Bytes JMP 69598FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxParamA 75FA8152 5 Bytes JMP 69598F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxIndirectParamA 75FA847D 5 Bytes JMP 6959901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxIndirectA 75FBD4D9 5 Bytes JMP 69598ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxIndirectW 75FBD5D3 5 Bytes JMP 69598E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxExA 75FBD639 5 Bytes JMP 69598DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxExW 75FBD65D 5 Bytes JMP 69598D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] ole32.dll!OleLoadFromStream 776A1E80 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] ole32.dll!OleLoadFromStream 776A1E80 5 Bytes JMP 69599784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] ole32.dll!CoGetTreatAsClass + D2F 776BFAE3 7 Bytes JMP 032C0676
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] ole32.dll!CoCreateInstance + 3E 776D9F7C 7 Bytes JMP 032C0758
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] WININET.dll!HttpSendRequestW 7688632D 5 Bytes JMP 001C1FF8
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] WININET.dll!HttpSendRequestA 768B525A 5 Bytes JMP 001C1F8C
.text C:\Windows\Explorer.EXE[3248] ntdll.dll!NtResumeThread 77835024 3 Bytes JMP 00835560
.text C:\Windows\Explorer.EXE[3248] ntdll.dll!NtResumeThread + 4 77835028 1 Byte [89]
.text C:\Program Files\Radica\Stylin' Studio\SS_MW.exe[3264] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00265560
.text C:\Windows\ehome\ehmsas.exe[3364] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 000D5560
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3452] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00925560
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!EnableWindow 75F6CD8B 5 Bytes JMP 69449EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!DialogBoxParamW 75F910B0 5 Bytes JMP 693A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!DialogBoxIndirectParamW 75F92EF5 5 Bytes JMP 69598FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!DialogBoxParamA 75FA8152 5 Bytes JMP 69598F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!DialogBoxIndirectParamA 75FA847D 5 Bytes JMP 6959901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!MessageBoxIndirectA 75FBD4D9 5 Bytes JMP 69598ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!MessageBoxIndirectW 75FBD5D3 5 Bytes JMP 69598E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!MessageBoxExA 75FBD639 5 Bytes JMP 69598DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!MessageBoxExW 75FBD65D 5 Bytes JMP 69598D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] WININET.dll!HttpSendRequestW 7688632D 5 Bytes JMP 02E11FF8
.text C:\Program Files\Internet Explorer\iexplore.exe[4888] WININET.dll!HttpSendRequestA 768B525A 5 Bytes JMP 02E11F8C
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 002C5560
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!EnableWindow 75F6CD8B 5 Bytes JMP 69449EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxParamW 75F910B0 5 Bytes JMP 693A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxIndirectParamW 75F92EF5 5 Bytes JMP 69598FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxParamA 75FA8152 5 Bytes JMP 69598F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxIndirectParamA 75FA847D 5 Bytes JMP 6959901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxIndirectA 75FBD4D9 5 Bytes JMP 69598ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxIndirectW 75FBD5D3 5 Bytes JMP 69598E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxExA 75FBD639 5 Bytes JMP 69598DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxExW 75FBD65D 5 Bytes JMP 69598D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] WININET.dll!HttpSendRequestW 7688632D 5 Bytes JMP 02D31FF8
.text C:\Program Files\Internet Explorer\iexplore.exe[5168] WININET.dll!HttpSendRequestA 768B525A 5 Bytes JMP 02D31F8C
.text C:\Windows\system32\NOTEPAD.EXE[5192] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00055560
.text C:\Windows\system32\wuauclt.exe[5364] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00075560
.text C:\Windows\system32\svchost.exe[5652] svchost.exe 005D2083 6 Bytes PUSH 00050000; RET
.text C:\Windows\system32\svchost.exe[5652] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00065560
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00045560
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] ntdll.dll!NtSetInformationProcess 77835194 5 Bytes JMP 05380594
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!ReadProcessMemory + 3E 76741CB3 7 Bytes JMP 0538012A
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!WriteProcessMemory + 106 76741DBE 7 Bytes JMP 053803D0
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!CreateIoCompletionPort + 52 76769D96 7 Bytes JMP 053804B2
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!VirtualAllocEx + 54 7678AF50 7 Bytes JMP 053802EE
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!CreateThread 7678CB0E 5 Bytes JMP 05380048
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!GetProcessHandleCount + 35 767D5DD3 7 Bytes JMP 0538020C
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!SetWindowsHookExW 75F687AD 5 Bytes JMP 694425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CallNextHookEx 75F68E3B 5 Bytes JMP 69467FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!UnhookWindowsHookEx 75F698DB 5 Bytes JMP 6948ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!EnableWindow 75F6CD8B 5 Bytes JMP 69449EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DefWindowProcA 75F6DB88 7 Bytes JMP 69409805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CreateWindowExA 75F6DC2A 5 Bytes JMP 6941363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CreateWindowExW 75F71305 5 Bytes JMP 694703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DefWindowProcW 75F803B4 7 Bytes JMP 69468042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxParamW 75F910B0 5 Bytes JMP 693A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxIndirectParamW 75F92EF5 5 Bytes JMP 69598FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxParamA 75FA8152 5 Bytes JMP 69598F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxIndirectParamA 75FA847D 5 Bytes JMP 6959901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxIndirectA 75FBD4D9 5 Bytes JMP 69598ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxIndirectW 75FBD5D3 5 Bytes JMP 69598E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxExA 75FBD639 5 Bytes JMP 69598DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxExW 75FBD65D 5 Bytes JMP 69598D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] ole32.dll!OleLoadFromStream 776A1E80 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] ole32.dll!OleLoadFromStream 776A1E80 5 Bytes JMP 69599784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] ole32.dll!CoGetTreatAsClass + D2F 776BFAE3 7 Bytes JMP 05380676
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] ole32.dll!CoCreateInstance + 3E 776D9F7C 7 Bytes JMP 05380758
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] WININET.dll!HttpSendRequestW 7688632D 5 Bytes JMP 02DB1FF8
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] WININET.dll!HttpSendRequestA 768B525A 5 Bytes JMP 02DB1F8C
.text C:\Windows\system32\ctfmon.exe[5836] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00055560
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[6128] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00055560
.text C:\Users\Troy Malsam\Desktop\HijackThis.exe[8136] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00145560
---- EOF - GMER 2.0 ----
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,441
Download Farbar Recovery Scan Tool on a clean PC (if possible) and save to a flash drive (memory stick). Use which ever of the folllowing is applicable to your system. (32 or 64 bit)

Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ <--- 64 bit version Save to USB flash drive

Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ <--- 32 bit version Save to USB Flash drive

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Kevin....
 

Smoge

Thread Starter
Joined
Jan 16, 2013
Messages
4
Followed your instructions, here is the file

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2013 02
Ran by SYSTEM at 23-01-2013 18:46:35
Running from J:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-02] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [SS_MW] C:\Program Files\Radica\Stylin' Studio\SS_MW.exe [524288 2008-04-25] (Radica)
HKLM\...\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF [53352 2009-05-03] (MyWebSearch.com)
HKLM\...\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h [24688 2009-05-03] (MyWebSearch.com)
HKLM\...\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [32838 2009-05-03] (MyWebSearch.com)
HKLM\...\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe [970240 2009-04-09] (Spigot, Inc.)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2009-09-09] (CyberLink Corp.)
HKLM\...\Run: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~1\COUPON~2\bar\1.bin\2pbrmon.exe [30096 2011-07-01] (VER_COMPANY_NAME)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-12-10] (LogMeIn Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Default\...\Run: [HPADVISOR] [x]
HKU\Default User\...\Run: [HPADVISOR] [x]
HKU\Troy Malsam\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Troy Malsam\...\Run: [Google Update] "C:\Users\Troy Malsam\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-01-22] (Google Inc.)
HKU\Troy Malsam\...\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [32838 2009-05-03] (MyWebSearch.com)
HKU\Troy Malsam\...\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent [1354736 2012-12-03] (Valve Corporation)
HKU\Troy Malsam\...\Run: [NCsoft Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized [x]
HKU\Troy Malsam\...\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]
HKU\Troy Malsam\...\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" [13105848 2013-01-14] (The Weather Channel)
HKU\Troy Malsam\...\Run: [CrashDumps] rundll32.exe "C:\Users\Troy Malsam\AppData\Local\FalloutNV\CrashDumps\mbssgxg.dll",DllRegisterServerW [x]
HKU\Troy Malsam\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-01-11] (Google Inc.)
HKU\Troy Malsam\...\Run: [CyberLink] C:\Users\Troy Malsam\AppData\Roaming\54809A\54809A.exe [45560 2009-04-10] ()
HKU\Troy Malsam\...\Run: [Adobe CS Manager] C:\Users\Troy Malsam\AppData\Roaming\d286bf41-218d-432a-b15f-d40cebc6b19c79\dbfdabfdcebcbc.exe [132608 2013-01-16] ()
HKU\Troy Malsam\...\Run: [Qocauv] "C:\Users\Troy Malsam\AppData\Roaming\Zyvyo\syeb.exe" [x]
HKU\Troy Malsam\...\CurrentVersion\Windows: [Load] C:\Users\TROYMA~1\LOCALS~1\Temp\mscqiyri.com
HKU\UpdatusUser\...\Run: [HPADVISOR] [x]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Troy Malsam\Start Menu\Programs\Startup\runctf.lnk
ShortcutTarget: runctf.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation)
==================== Services (Whitelisted) ===================
3 Desura Install Service; C:\Program Files\Common Files\Desura\desura_service.exe [131912 2012-02-25] (Desura Pty Ltd)
2 FlipShare Service; "C:\Program Files\Flip Video\FlipShare\FlipShareService.exe" [455944 2009-11-19] ()
2 Hamachi2Svc; "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [1435568 2012-12-10] (LogMeIn Inc.)
2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [8704 2012-07-12] (Hi-Rez Studios)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 NIS; "C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
3 npggsvc; C:\Windows\system32\GameMon.des -service [2769658 2009-02-18] (INCA Internet Co., Ltd.)
2 Winmgmt; C:\PROGRA~2\ms0004C3DA.dat [139264 2013-01-18] (Microsoft Corporation)
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
==================== Drivers (Whitelisted) ====================
3 AE1000; C:\Windows\System32\DRIVERS\ae1000va.sys [836384 2010-02-12] (Ralink Technology Corp.)
1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130111.001\BHDrvx86.sys [995488 2012-10-23] (Symantec Corporation)
3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-20] (Microsoft Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-10-09] (Symantec Corporation)
3 EraserUtilDrv11220; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [106656 2012-10-09] (Symantec Corporation)
3 FETNDISB; C:\Windows\System32\DRIVERS\dlkfet5b.sys [43008 2007-07-13] (D-Link )
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [207360 2008-02-12] (Conexant Systems, Inc.)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130116.002\IDSvix86.sys [386720 2012-08-31] (Symantec Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
2 MySQL; "C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.0\my.ini" MySQL [9250 2009-04-21] ()
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130118.017\NAVENG.SYS [93296 2013-01-16] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130118.017\NAVEX15.SYS [1603824 2013-01-16] (Symantec Corporation)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
1 SRTSP; C:\Windows\System32\Drivers\NIS\1207020.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NIS\1207020.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NIS\1207020.003\SYMDS.SYS [340088 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NIS\1207020.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-05-11] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NIS\1207020.003\Ironx86.SYS [136312 2011-01-26] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1207020.003\SYMTDIV.SYS [331384 2011-04-20] (Symantec Corporation)
3 AIRPLUS; C:\Windows\System32\DRIVERS\airplus.sys [x]
3 catchme; \??\C:\Users\TROYMA~1\AppData\Local\Temp\catchme.sys [x]
3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 WPRO_40_1340; C:\Windows\System32\drivers\WPRO_40_1340.sys [x]
3 XDva390; \??\C:\Windows\system32\XDva390.sys [x]
3 XDva392; \??\C:\Windows\system32\XDva392.sys [x]
3 XDva393; \??\C:\Windows\system32\XDva393.sys [x]
0 xheor; C:\Windows\System32\drivers\ptanr.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-01-23 18:46 - 2013-01-23 18:46 - 00000000 ____D C:\FRST
2013-01-18 15:51 - 2013-01-18 16:07 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Kuyg
2013-01-18 15:51 - 2013-01-18 16:07 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Kuyg
2013-01-18 15:51 - 2013-01-18 15:59 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Zyvyo
2013-01-18 15:51 - 2013-01-18 15:59 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Zyvyo
2013-01-18 15:51 - 2013-01-18 15:52 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ulgao
2013-01-18 15:51 - 2013-01-18 15:52 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ulgao
2013-01-18 15:51 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Meut
2013-01-18 15:51 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ilbyowo
2013-01-18 15:51 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Meut
2013-01-18 15:51 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ilbyowo
2013-01-18 12:43 - 2013-01-18 15:51 - 00002727 ____A C:\Users\All Users\Application Data\AD3C4000sm.js
2013-01-18 12:43 - 2013-01-18 15:51 - 00002727 ____A C:\Users\All Users\AD3C4000sm.js
2013-01-18 12:42 - 2013-01-18 16:06 - 95023320 ___AT C:\Users\All Users\Application Data\AD3C4000sm.pad
2013-01-18 12:42 - 2013-01-18 16:06 - 95023320 ___AT C:\Users\All Users\AD3C4000sm.pad
2013-01-18 12:42 - 2013-01-18 12:42 - 00139264 __ASH (Microsoft Corporation) C:\Users\All Users\ms0004C3DA.dat
2013-01-18 12:42 - 2013-01-18 12:42 - 00139264 __ASH (Microsoft Corporation) C:\Users\All Users\Application Data\ms0004C3DA.dat
2013-01-17 13:19 - 2013-01-17 16:27 - 00018432 ____A C:\Users\Troy Malsam\My Documents\Annexation of Texas Report.wps
2013-01-17 13:19 - 2013-01-17 16:27 - 00018432 ____A C:\Users\Troy Malsam\Documents\Annexation of Texas Report.wps
2013-01-17 12:50 - 2013-01-17 12:50 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Malwarebytes
2013-01-17 12:50 - 2013-01-17 12:50 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Malwarebytes
2013-01-17 12:48 - 2013-01-17 12:48 - 00000912 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-17 12:48 - 2013-01-17 12:48 - 00000912 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-17 12:48 - 2013-01-17 12:48 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-17 12:48 - 2013-01-17 12:48 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2013-01-17 12:47 - 2013-01-17 12:48 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-01-17 12:47 - 2012-12-14 13:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-01-17 12:27 - 2013-01-17 12:39 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Yrylol
2013-01-17 12:27 - 2013-01-17 12:39 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Yrylol
2013-01-17 12:27 - 2013-01-17 12:30 - 95023320 ___AT C:\Users\All Users\BBF.pad
2013-01-17 12:27 - 2013-01-17 12:30 - 95023320 ___AT C:\Users\All Users\Application Data\BBF.pad
2013-01-17 12:27 - 2013-01-17 12:28 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ihgaul
2013-01-17 12:27 - 2013-01-17 12:28 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ihgaul
2013-01-17 12:27 - 2013-01-17 12:27 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ypny
2013-01-17 12:27 - 2013-01-17 12:27 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ypny
2013-01-16 16:39 - 2013-01-16 16:38 - 00261024 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-01-16 16:39 - 2013-01-16 16:38 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-01-16 16:39 - 2013-01-16 16:38 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-01-16 16:39 - 2013-01-16 16:38 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-01-16 16:28 - 2013-01-16 16:28 - 00023821 ____A C:\Users\Troy Malsam\Desktop\ark.txt
2013-01-16 16:20 - 2013-01-16 16:20 - 00012338 ____A C:\Users\Troy Malsam\Desktop\attach.txt
2013-01-16 16:20 - 2013-01-16 16:19 - 00026541 ____A C:\Users\Troy Malsam\Desktop\dds.txt
2013-01-16 16:19 - 2013-01-16 16:19 - 00365568 ____A C:\Users\Troy Malsam\Desktop\m7shzt81.exe
2013-01-16 16:18 - 2013-01-16 16:18 - 00009366 ____A C:\Users\Troy Malsam\Desktop\hijackthis.log
2013-01-16 16:15 - 2013-01-16 16:15 - 00388608 ____A (Trend Micro Inc.) C:\Users\Troy Malsam\Desktop\HijackThis.exe
2013-01-16 15:44 - 2013-01-16 15:44 - 00003296 ____A C:\{CAFB8363-169B-4E64-A8DB-E34533CB367C}
2013-01-16 15:09 - 2013-01-16 15:11 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ittuu
2013-01-16 15:09 - 2013-01-16 15:11 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ittuu
2013-01-16 15:09 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Waew
2013-01-16 15:09 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Axag
2013-01-16 15:09 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Waew
2013-01-16 15:09 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Axag
2013-01-16 15:04 - 2013-01-17 12:49 - 95023320 ___AT C:\Users\All Users\BEA01A00sm.pad
2013-01-16 15:04 - 2013-01-17 12:49 - 95023320 ___AT C:\Users\All Users\Application Data\BEA01A00sm.pad
2013-01-16 15:04 - 2013-01-16 15:12 - 95023320 ___AT C:\Users\All Users\Application Data\885A.pad
2013-01-16 15:04 - 2013-01-16 15:12 - 95023320 ___AT C:\Users\All Users\885A.pad
2013-01-16 15:04 - 2013-01-16 15:04 - 00002727 ____A C:\Users\All Users\BEA01A00sm.js
2013-01-16 15:04 - 2013-01-16 15:04 - 00002727 ____A C:\Users\All Users\Application Data\BEA01A00sm.js
2013-01-16 15:04 - 2013-01-16 15:04 - 00000000 ____D C:\Users\Troy Malsam\Application Data\d286bf41-218d-432a-b15f-d40cebc6b19c79
2013-01-16 15:04 - 2013-01-16 15:04 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\d286bf41-218d-432a-b15f-d40cebc6b19c79
2013-01-16 15:03 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Xaure
2013-01-16 15:03 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Xaure
2013-01-16 15:03 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Veacu
2013-01-16 15:03 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Asno
2013-01-16 15:03 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Veacu
2013-01-16 15:03 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Asno
2013-01-12 08:56 - 2013-01-15 16:37 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Warframe
2013-01-12 08:56 - 2013-01-15 16:37 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Application Data\Warframe
2013-01-12 08:56 - 2013-01-15 16:37 - 00000000 ____D C:\Users\Troy Malsam\AppData\Local\Warframe
2013-01-12 08:56 - 2013-01-12 08:56 - 00002099 ____A C:\Users\Troy Malsam\Desktop\Warframe.lnk
2013-01-08 12:59 - 2012-11-22 17:35 - 02048000 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-08 12:59 - 2012-11-21 19:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-01-08 12:59 - 2012-11-19 20:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-08 12:58 - 2012-11-02 02:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-06 11:58 - 2013-01-06 11:58 - 00000000 ____D C:\Program Files\OverTheEdge
2013-01-06 10:28 - 2013-01-14 15:31 - 00017408 ____A C:\Users\Troy Malsam\My Documents\The Scarlet Letter Report.wps
2013-01-06 10:28 - 2013-01-14 15:31 - 00017408 ____A C:\Users\Troy Malsam\Documents\The Scarlet Letter Report.wps
==================== One Month Modified Files and Folders ========
2013-01-23 18:46 - 2013-01-23 18:46 - 00000000 ____D C:\FRST
2013-01-18 16:12 - 2008-09-11 13:53 - 01359757 ____A C:\Windows\WindowsUpdate.log
2013-01-18 16:11 - 2006-11-02 05:01 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-01-18 16:11 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-18 16:11 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-18 16:11 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-18 16:07 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Kuyg
2013-01-18 16:07 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Kuyg
2013-01-18 16:07 - 2010-04-01 20:23 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\TSVNCache
2013-01-18 16:07 - 2010-04-01 20:23 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Application Data\TSVNCache
2013-01-18 16:07 - 2010-04-01 20:23 - 00000000 ____D C:\Users\Troy Malsam\AppData\Local\TSVNCache
2013-01-18 16:06 - 2013-01-18 12:42 - 95023320 ___AT C:\Users\All Users\Application Data\AD3C4000sm.pad
2013-01-18 16:06 - 2013-01-18 12:42 - 95023320 ___AT C:\Users\All Users\AD3C4000sm.pad
2013-01-18 15:59 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Zyvyo
2013-01-18 15:59 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Zyvyo
2013-01-18 15:55 - 2010-03-26 11:15 - 00000000 ____D C:\Program Files\Steam
2013-01-18 15:52 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ulgao
2013-01-18 15:52 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ulgao
2013-01-18 15:51 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Meut
2013-01-18 15:51 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ilbyowo
2013-01-18 15:51 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Meut
2013-01-18 15:51 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ilbyowo
2013-01-18 15:51 - 2013-01-18 12:43 - 00002727 ____A C:\Users\All Users\Application Data\AD3C4000sm.js
2013-01-18 15:51 - 2013-01-18 12:43 - 00002727 ____A C:\Users\All Users\AD3C4000sm.js
2013-01-18 15:50 - 2011-05-21 21:47 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\LogMeIn Hamachi
2013-01-18 15:50 - 2011-05-21 21:47 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Application Data\LogMeIn Hamachi
2013-01-18 15:50 - 2011-05-21 21:47 - 00000000 ____D C:\Users\Troy Malsam\AppData\Local\LogMeIn Hamachi
2013-01-18 15:49 - 2010-01-28 15:09 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-18 15:46 - 2008-08-26 06:33 - 00000000 ____D C:\Users\All Users\NVIDIA
2013-01-18 15:46 - 2008-08-26 06:33 - 00000000 ____D C:\Users\All Users\Application Data\NVIDIA
2013-01-18 15:45 - 2008-01-20 18:47 - 01077118 ____A C:\Windows\PFRO.log
2013-01-18 15:36 - 2010-07-23 19:12 - 00000000 ____D C:\Windows\Simple Port Forwarding
2013-01-18 12:47 - 2008-12-25 12:29 - 00002032 ____A C:\Users\Troy Malsam\Local Settings\d3d9caps.dat
2013-01-18 12:47 - 2008-12-25 12:29 - 00002032 ____A C:\Users\Troy Malsam\Local Settings\Application Data\d3d9caps.dat
2013-01-18 12:47 - 2008-12-25 12:29 - 00002032 ____A C:\Users\Troy Malsam\AppData\Local\d3d9caps.dat
2013-01-18 12:42 - 2013-01-18 12:42 - 00139264 __ASH (Microsoft Corporation) C:\Users\All Users\ms0004C3DA.dat
2013-01-18 12:42 - 2013-01-18 12:42 - 00139264 __ASH (Microsoft Corporation) C:\Users\All Users\Application Data\ms0004C3DA.dat
2013-01-17 18:08 - 2010-11-07 17:48 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Windows Live
2013-01-17 18:08 - 2010-11-07 17:48 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Application Data\Windows Live
2013-01-17 18:08 - 2010-11-07 17:48 - 00000000 ____D C:\Users\Troy Malsam\AppData\Local\Windows Live
2013-01-17 16:27 - 2013-01-17 13:19 - 00018432 ____A C:\Users\Troy Malsam\My Documents\Annexation of Texas Report.wps
2013-01-17 16:27 - 2013-01-17 13:19 - 00018432 ____A C:\Users\Troy Malsam\Documents\Annexation of Texas Report.wps
2013-01-17 16:27 - 2009-08-19 04:51 - 00023166 ____A C:\Users\Troy Malsam\Application Data\wklnhst.dat
2013-01-17 16:27 - 2009-08-19 04:51 - 00023166 ____A C:\Users\Troy Malsam\AppData\Roaming\wklnhst.dat
2013-01-17 16:04 - 2009-10-14 11:20 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\PMB Files
2013-01-17 16:04 - 2009-10-14 11:20 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Application Data\PMB Files
2013-01-17 16:04 - 2009-10-14 11:20 - 00000000 ____D C:\Users\Troy Malsam\AppData\Local\PMB Files
2013-01-17 16:04 - 2009-10-14 11:20 - 00000000 ____D C:\Users\All Users\PMB Files
2013-01-17 16:04 - 2009-10-14 11:20 - 00000000 ____D C:\Users\All Users\Application Data\PMB Files
2013-01-17 15:32 - 2012-10-28 13:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-17 15:21 - 2010-01-28 15:09 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-17 15:17 - 2009-06-30 14:46 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1282813114-2919542827-3659624599-1000UA.job
2013-01-17 15:00 - 2010-07-20 21:43 - 00000456 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2013-01-17 15:00 - 2010-03-15 16:00 - 00000454 ____A C:\Windows\Tasks\ParetoLogic Registration.job
2013-01-17 13:27 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
2013-01-17 13:17 - 2009-06-30 14:46 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1282813114-2919542827-3659624599-1000Core.job
2013-01-17 12:50 - 2013-01-17 12:50 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Malwarebytes
2013-01-17 12:50 - 2013-01-17 12:50 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Malwarebytes
2013-01-17 12:49 - 2013-01-16 15:04 - 95023320 ___AT C:\Users\All Users\BEA01A00sm.pad
2013-01-17 12:49 - 2013-01-16 15:04 - 95023320 ___AT C:\Users\All Users\Application Data\BEA01A00sm.pad
2013-01-17 12:48 - 2013-01-17 12:48 - 00000912 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-17 12:48 - 2013-01-17 12:48 - 00000912 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-17 12:48 - 2013-01-17 12:48 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-17 12:48 - 2013-01-17 12:48 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2013-01-17 12:48 - 2013-01-17 12:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-01-17 12:43 - 2010-05-30 15:18 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\CrashDumps
2013-01-17 12:43 - 2010-05-30 15:18 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Application Data\CrashDumps
2013-01-17 12:43 - 2010-05-30 15:18 - 00000000 ____D C:\Users\Troy Malsam\AppData\Local\CrashDumps
2013-01-17 12:39 - 2013-01-17 12:27 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Yrylol
2013-01-17 12:39 - 2013-01-17 12:27 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Yrylol
2013-01-17 12:30 - 2013-01-17 12:27 - 95023320 ___AT C:\Users\All Users\BBF.pad
2013-01-17 12:30 - 2013-01-17 12:27 - 95023320 ___AT C:\Users\All Users\Application Data\BBF.pad
2013-01-17 12:28 - 2013-01-17 12:27 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ihgaul
2013-01-17 12:28 - 2013-01-17 12:27 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ihgaul
2013-01-17 12:27 - 2013-01-17 12:27 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ypny
2013-01-17 12:27 - 2013-01-17 12:27 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ypny
2013-01-16 16:39 - 2008-08-26 06:43 - 00000000 ____D C:\Program Files\Common Files\Java
2013-01-16 16:38 - 2013-01-16 16:39 - 00261024 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-01-16 16:38 - 2013-01-16 16:39 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-01-16 16:38 - 2013-01-16 16:39 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-01-16 16:38 - 2013-01-16 16:39 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-01-16 16:38 - 2012-08-06 17:10 - 00859552 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-01-16 16:38 - 2010-04-15 14:41 - 00780192 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-01-16 16:37 - 2008-08-26 06:43 - 00000000 ____D C:\Program Files\Java
2013-01-16 16:28 - 2013-01-16 16:28 - 00023821 ____A C:\Users\Troy Malsam\Desktop\ark.txt
2013-01-16 16:20 - 2013-01-16 16:20 - 00012338 ____A C:\Users\Troy Malsam\Desktop\attach.txt
2013-01-16 16:19 - 2013-01-16 16:20 - 00026541 ____A C:\Users\Troy Malsam\Desktop\dds.txt
2013-01-16 16:19 - 2013-01-16 16:19 - 00365568 ____A C:\Users\Troy Malsam\Desktop\m7shzt81.exe
2013-01-16 16:18 - 2013-01-16 16:18 - 00009366 ____A C:\Users\Troy Malsam\Desktop\hijackthis.log
2013-01-16 16:15 - 2013-01-16 16:15 - 00388608 ____A (Trend Micro Inc.) C:\Users\Troy Malsam\Desktop\HijackThis.exe
2013-01-16 15:44 - 2013-01-16 15:44 - 00003296 ____A C:\{CAFB8363-169B-4E64-A8DB-E34533CB367C}
2013-01-16 15:12 - 2013-01-16 15:04 - 95023320 ___AT C:\Users\All Users\Application Data\885A.pad
2013-01-16 15:12 - 2013-01-16 15:04 - 95023320 ___AT C:\Users\All Users\885A.pad
2013-01-16 15:11 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ittuu
2013-01-16 15:11 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ittuu
2013-01-16 15:09 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Waew
2013-01-16 15:09 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Axag
2013-01-16 15:09 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Waew
2013-01-16 15:09 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Axag
2013-01-16 15:09 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Xaure
2013-01-16 15:09 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Xaure
2013-01-16 15:04 - 2013-01-16 15:04 - 00002727 ____A C:\Users\All Users\BEA01A00sm.js
2013-01-16 15:04 - 2013-01-16 15:04 - 00002727 ____A C:\Users\All Users\Application Data\BEA01A00sm.js
2013-01-16 15:04 - 2013-01-16 15:04 - 00000000 ____D C:\Users\Troy Malsam\Application Data\d286bf41-218d-432a-b15f-d40cebc6b19c79
2013-01-16 15:04 - 2013-01-16 15:04 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\d286bf41-218d-432a-b15f-d40cebc6b19c79
2013-01-16 15:03 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Veacu
2013-01-16 15:03 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Asno
2013-01-16 15:03 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Veacu
2013-01-16 15:03 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Asno
2013-01-15 16:37 - 2013-01-12 08:56 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Warframe
2013-01-15 16:37 - 2013-01-12 08:56 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Application Data\Warframe
2013-01-15 16:37 - 2013-01-12 08:56 - 00000000 ____D C:\Users\Troy Malsam\AppData\Local\Warframe
2013-01-14 16:00 - 2009-04-17 14:55 - 00000570 ___AH C:\Windows\Tasks\Norton Security Scan for Troy Malsam.job
2013-01-14 15:56 - 2008-12-29 18:51 - 00000052 ____A C:\Windows\System32\DOErrors.log
2013-01-14 15:31 - 2013-01-06 10:28 - 00017408 ____A C:\Users\Troy Malsam\My Documents\The Scarlet Letter Report.wps
2013-01-14 15:31 - 2013-01-06 10:28 - 00017408 ____A C:\Users\Troy Malsam\Documents\The Scarlet Letter Report.wps
2013-01-14 08:04 - 2012-02-11 06:45 - 00001107 ____A C:\Users\Public\Desktop\The Weather Channel App.lnk
2013-01-14 08:04 - 2012-02-11 06:45 - 00001107 ____A C:\Users\All Users\Desktop\The Weather Channel App.lnk
2013-01-13 09:00 - 2010-06-06 10:02 - 00000512 ____A C:\Windows\Tasks\One-Click Tweak.job
2013-01-12 18:26 - 2009-01-22 06:46 - 00002078 ____A C:\Users\Troy Malsam\Desktop\Google Chrome.lnk
2013-01-12 08:56 - 2013-01-12 08:56 - 00002099 ____A C:\Users\Troy Malsam\Desktop\Warframe.lnk
2013-01-11 14:56 - 2010-11-10 13:06 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Skype
2013-01-11 14:56 - 2010-11-10 13:06 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Skype
2013-01-09 19:55 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-01-09 19:41 - 2006-11-02 04:47 - 00303248 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-09 15:17 - 2006-11-02 02:33 - 00750820 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-08 16:43 - 2012-05-10 09:35 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-01-08 16:43 - 2011-06-16 07:06 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-01-06 11:58 - 2013-01-06 11:58 - 00000000 ____D C:\Program Files\OverTheEdge
2013-01-04 22:28 - 2009-03-14 18:42 - 00000000 ____D C:\Users\Troy Malsam\My Documents\My Games
2013-01-04 22:28 - 2009-03-14 18:42 - 00000000 ____D C:\Users\Troy Malsam\Documents\My Games
2012-12-31 12:33 - 2010-01-21 14:31 - 00000000 ____D C:\Program Files\Warcraft III
2012-12-30 00:01 - 2012-11-11 15:31 - 00000384 ____A C:\Windows\Tasks\RegAce Scheduled Scan - Troy Malsam.job
2012-12-30 00:00 - 2012-11-11 15:31 - 00000000 ____D C:\Users\All Users\RegAce
2012-12-30 00:00 - 2012-11-11 15:31 - 00000000 ____D C:\Users\All Users\Application Data\RegAce
2012-12-29 12:41 - 2012-02-03 17:03 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Paint.NET
2012-12-29 12:41 - 2012-02-03 17:03 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Application Data\Paint.NET
2012-12-29 12:41 - 2012-02-03 17:03 - 00000000 ____D C:\Users\Troy Malsam\AppData\Local\Paint.NET
2012-12-27 23:09 - 2010-03-15 16:00 - 00000392 ____A C:\Windows\Tasks\DriverCure.job
2012-12-27 22:33 - 2010-03-15 16:00 - 00000000 ____D C:\Users\All Users\DriverCure
2012-12-27 22:33 - 2010-03-15 16:00 - 00000000 ____D C:\Users\All Users\Application Data\DriverCure
2012-12-25 22:43 - 2010-03-15 16:00 - 00000428 ____A C:\Windows\Tasks\ParetoLogic Update Version2.job
2012-12-25 07:16 - 2006-11-02 04:52 - 00139189 ____A C:\Windows\setupact.log
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$54d36990d9acd958c48e9f5f76cd88d0
C:\$Recycle.Bin\S-1-5-18\$54d36990d9acd958c48e9f5f76cd88d0\@
C:\$Recycle.Bin\S-1-5-18\$54d36990d9acd958c48e9f5f76cd88d0\L
C:\$Recycle.Bin\S-1-5-18\$54d36990d9acd958c48e9f5f76cd88d0\U
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1282813114-2919542827-3659624599-1000\$54d36990d9acd958c48e9f5f76cd88d0
C:\$Recycle.Bin\S-1-5-21-1282813114-2919542827-3659624599-1000\$54d36990d9acd958c48e9f5f76cd88d0\@
C:\$Recycle.Bin\S-1-5-21-1282813114-2919542827-3659624599-1000\$54d36990d9acd958c48e9f5f76cd88d0\L
C:\$Recycle.Bin\S-1-5-21-1282813114-2919542827-3659624599-1000\$54d36990d9acd958c48e9f5f76cd88d0\U
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$54d36990d9acd958c48e9f5f76cd88d0
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-12 12:43] - [2012-08-21 03:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A

==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-01-17 12:51:07
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 3069.76 MB
Available physical RAM: 2506.08 MB
Total Pagefile: 2752.81 MB
Available Pagefile: 2576.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.11 MB
==================== Partitions =============================
1 Drive c: (COMPAQ) (Fixed) (Total:286.56 GB) (Free:6.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.53 GB) (Free:1.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
8 Drive j: () (Removable) (Total:1.86 GB) (Free:1.84 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 1910 MB 0 B
Partitions of Disk 0:
===============
Disk ID: 1549F232
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 287 GB 32 KB
Partition 2 Primary 12 GB 287 GB
=========================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C COMPAQ NTFS Partition 287 GB Healthy
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D FACTORY_IMA NTFS Partition 12 GB Healthy
=========================================================
Partitions of Disk 5:
===============
Disk ID: 00000000
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1906 MB 4032 KB
=========================================================
Disk: 5
Partition 1
Type : 0E
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J FAT Removable 1906 MB Healthy
=========================================================
Last Boot: 2013-01-18 16:13
==================== End Of Log ============================
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,441
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Code:
start
HKLM\...\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF [53352 2009-05-03] (MyWebSearch.com)
HKLM\...\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h [24688 2009-05-03] (MyWebSearch.com)
HKLM\...\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [32838 2009-05-03] (MyWebSearch.com)
HKLM\...\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe [970240 2009-04-09] (Spigot, Inc.)
HKLM\...\Run: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~1\COUPON~2\bar\1.bin\2pbrmon.exe [30096 2011-07-01] (VER_COMPANY_NAME)
HKU\Troy Malsam\...\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [32838 2009-05-03] (MyWebSearch.com)
HKU\Troy Malsam\...\Run: [CrashDumps] rundll32.exe "C:\Users\Troy Malsam\AppData\Local\FalloutNV\CrashDumps\mbssgxg.dll",DllRegisterServerW [x]
HKU\Troy Malsam\...\Run: [Qocauv] "C:\Users\Troy Malsam\AppData\Roaming\Zyvyo\syeb.exe" [x]
HKU\Troy Malsam\...\CurrentVersion\Windows: [Load] C:\Users\TROYMA~1\LOCALS~1\Temp\mscqiyri.com
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
C:\$Recycle.Bin\S-1-5-18\$54d36990d9acd958c48e9f5f76cd88d0
C:\$Recycle.Bin\S-1-5-21-1282813114-2919542827-3659624599-1000\$54d36990d9acd958c48e9f5f76cd88d0
C:\$Recycle.Bin\S-1-5-18\$54d36990d9acd958c48e9f5f76cd88d0
end
Now please enter System Recovery Options as you did to get the log.

Run FRST64 or FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next,

Reboot your PC try to get to Normal mode, if successful run the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the
    icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top