1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

TR/crypt.XPACK.Gen3 infection!

Discussion in 'Virus & Other Malware Removal' started by wildzac, Oct 17, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. wildzac

    wildzac Thread Starter

    Joined:
    Oct 17, 2010
    Messages:
    2
    Hi! Sure hope you can help. I believe the infection of my laptop with the Trojan dropper happened today. This is my system:

    Tech Support Guy System Info Utility version 1.0.0.1
    OS Version: Microsoft Windows 7 Home Premium , 64 bit
    Processor: AMD Athlon(tm) II P320 Dual-Core Processor, AMD64 Family 16 Model 6 Stepping 3
    Processor Count: 2
    RAM: 3834 Mb
    Graphics Card: AMD M880G with ATI Mobility Radeon HD 4250, 336 Mb
    Hard Drives: C: Total - 457455 MB, Free - 401693 MB; D: Total - 19179 MB, Free - 2782 MB;
    Motherboard: Hewlett-Packard, 143F, 67.22, P L820 01 1Z ZF 3MC
    Antivirus: AntiVir Desktop, Updated and Enabled
    My free Avira Antivirus gave me warnings as my new laptop ran a program claiming to be a microsoft product (with the logo) called "Think(something)". I scanned with the Avira and got this report:
    Avira AntiVir Personal
    Report file date: Saturday, October 16, 2010 20:38

    Scanning for 2939810 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows 7 x64
    Windows version : (plain) [6.1.7600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : ZACKSNEWLAPTOP

    Version information:
    BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
    AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 20:37:38
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04
    LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 02:33:04
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 03:27:49
    VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 01:37:42
    VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 00:37:42
    VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 19:29:03
    VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 19:47:05
    VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 19:47:13
    VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 19:47:42
    VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 19:47:57
    VBASE009.VDF : 7.10.11.134 2048 Bytes 9/13/2010 19:47:58
    VBASE010.VDF : 7.10.11.135 2048 Bytes 9/13/2010 19:47:58
    VBASE011.VDF : 7.10.11.136 2048 Bytes 9/13/2010 19:47:58
    VBASE012.VDF : 7.10.11.137 2048 Bytes 9/13/2010 19:47:59
    VBASE013.VDF : 7.10.11.165 172032 Bytes 9/15/2010 19:48:00
    VBASE014.VDF : 7.10.11.202 144384 Bytes 9/18/2010 19:48:02
    VBASE015.VDF : 7.10.11.231 129024 Bytes 9/21/2010 19:48:03
    VBASE016.VDF : 7.10.12.4 126464 Bytes 9/23/2010 19:48:03
    VBASE017.VDF : 7.10.12.38 146944 Bytes 9/27/2010 19:48:04
    VBASE018.VDF : 7.10.12.64 133120 Bytes 9/29/2010 19:48:09
    VBASE019.VDF : 7.10.12.99 134144 Bytes 10/1/2010 19:48:10
    VBASE020.VDF : 7.10.12.122 131584 Bytes 10/5/2010 19:48:11
    VBASE021.VDF : 7.10.12.148 119296 Bytes 10/7/2010 19:48:12
    VBASE022.VDF : 7.10.12.175 142848 Bytes 10/11/2010 19:48:13
    VBASE023.VDF : 7.10.12.198 131584 Bytes 10/13/2010 16:36:46
    VBASE024.VDF : 7.10.12.216 133120 Bytes 10/14/2010 16:36:49
    VBASE025.VDF : 7.10.12.217 2048 Bytes 10/14/2010 16:36:49
    VBASE026.VDF : 7.10.12.218 2048 Bytes 10/14/2010 16:36:50
    VBASE027.VDF : 7.10.12.219 2048 Bytes 10/14/2010 16:36:50
    VBASE028.VDF : 7.10.12.220 2048 Bytes 10/14/2010 16:36:50
    VBASE029.VDF : 7.10.12.221 2048 Bytes 10/14/2010 16:36:51
    VBASE030.VDF : 7.10.12.222 2048 Bytes 10/14/2010 16:36:51
    VBASE031.VDF : 7.10.12.230 66048 Bytes 10/16/2010 16:36:51
    Engineversion : 8.2.4.82
    AEVDF.DLL : 8.1.2.1 106868 Bytes 10/11/2010 19:48:35
    AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 10/11/2010 19:48:34
    AESCN.DLL : 8.1.6.1 127347 Bytes 10/11/2010 19:48:29
    AESBX.DLL : 8.1.3.1 254324 Bytes 10/11/2010 19:48:36
    AERDL.DLL : 8.1.9.2 635252 Bytes 10/11/2010 19:48:29
    AEPACK.DLL : 8.2.3.11 471416 Bytes 10/11/2010 19:48:27
    AEOFFICE.DLL : 8.1.1.8 201081 Bytes 10/11/2010 19:48:26
    AEHEUR.DLL : 8.1.2.35 2961784 Bytes 10/16/2010 16:36:58
    AEHELP.DLL : 8.1.14.0 246134 Bytes 10/11/2010 19:48:21
    AEGEN.DLL : 8.1.3.23 401779 Bytes 10/11/2010 19:48:20
    AEEMU.DLL : 8.1.2.0 393588 Bytes 10/11/2010 19:48:19
    AECORE.DLL : 8.1.17.0 196982 Bytes 10/11/2010 19:48:18
    AEBB.DLL : 8.1.1.0 53618 Bytes 10/11/2010 19:48:17
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 20:03:38
    AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 20:03:35
    AVREP.DLL : 10.0.0.8 62209 Bytes 2/19/2010 00:47:40
    AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 20:35:46
    AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 20:39:51
    AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 20:22:13
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 17:53:30
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 20:57:58
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 23:38:56
    NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 22:41:00
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20
    RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 22:14:29

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, D:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: Saturday, October 16, 2010 20:38

    Starting search for hidden objects.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\381b4222-f694-41f0-9685-ff5bb260df2e
    [NOTE] The registry entry is invisible.

    The scan of running processes will be started
    Scan process 'googletalkplugin.exe' - '61' Module(s) have been scanned
    Scan process 'plugin-container.exe' - '86' Module(s) have been scanned
    Scan process 'firefox.exe' - '120' Module(s) have been scanned
    Scan process 'avscan.exe' - '75' Module(s) have been scanned
    Scan process 'avscan.exe' - '30' Module(s) have been scanned
    Scan process 'avcenter.exe' - '103' Module(s) have been scanned
    Scan process 'realsched.exe' - '54' Module(s) have been scanned
    Scan process 'avgnt.exe' - '76' Module(s) have been scanned
    Scan process 'soffice.bin' - '108' Module(s) have been scanned
    Scan process 'exe.exe' - '40' Module(s) have been scanned
    Scan process 'HPMSGSVC.exe' - '54' Module(s) have been scanned
    Scan process 'soffice.exe' - '36' Module(s) have been scanned
    Scan process 'gynu.exe' - '63' Module(s) have been scanned
    Scan process 'LightScribeControlPanel.exe' - '46' Module(s) have been scanned
    Scan process 'hpqwmiex.exe' - '38' Module(s) have been scanned
    Scan process 'jusched.exe' - '35' Module(s) have been scanned
    Scan process 'YCMMirage.exe' - '48' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '25' Module(s) have been scanned
    Scan process 'HPWMISVC.exe' - '37' Module(s) have been scanned
    Scan process 'HPDrvMntSvc.exe' - '19' Module(s) have been scanned
    Scan process 'CinemanowSvc.exe' - '41' Module(s) have been scanned
    Scan process 'avguard.exe' - '71' Module(s) have been scanned
    Scan process 'sched.exe' - '50' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '113' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\Users\Zacks new laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ZHYPU5C\gkemxszusa[2].htm
    [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan
    C:\Users\Zacks new laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNLE2DHU\lltaitbvdo[1].htm
    [0] Archive type: NSIS
    [DETECTION] Is the TR/Dropper.Gen Trojan
    --> ProgramFilesDir/seupd.exe
    [DETECTION] Contains recognition pattern of the DR/Clicker.HD.85 dropper
    C:\Users\Zacks new laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNLE2DHU\zpwrlte[1].htm
    [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
    C:\Users\Zacks new laptop\AppData\Local\Temp\obdk.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan
    C:\Users\Zacks new laptop\AppData\Local\Temp\wvfo.exe
    [0] Archive type: NSIS
    [DETECTION] Is the TR/Dropper.Gen Trojan
    --> ProgramFilesDir/seupd.exe
    [DETECTION] Contains recognition pattern of the DR/Clicker.HD.85 dropper
    Begin scan in 'D:\' <RECOVERY>

    Beginning disinfection:
    C:\Users\Zacks new laptop\AppData\Local\Temp\wvfo.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to the quarantine directory under the name '4894da50.qua'.
    C:\Users\Zacks new laptop\AppData\Local\Temp\obdk.exe
    [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '503df5eb.qua'.
    C:\Users\Zacks new laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNLE2DHU\zpwrlte[1].htm
    [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
    [NOTE] The file was moved to the quarantine directory under the name '024daf11.qua'.
    C:\Users\Zacks new laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNLE2DHU\lltaitbvdo[1].htm
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to the quarantine directory under the name '6465e0d7.qua'.
    C:\Users\Zacks new laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ZHYPU5C\gkemxszusa[2].htm
    [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '21d0cde8.qua'.


    End of the scan: Saturday, October 16, 2010 21:41
    Used time: 59:54 Minute(s)

    The scan has been done completely.

    29412 Scanned directories
    691839 Files were scanned
    7 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    5 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    691832 Files not concerned
    3161 Archives were scanned
    0 Warnings
    5 Notes
    567118 Objects were scanned with rootkit scan
    1 Hidden objects were found
    But I am still getting warnings every 10-20 seconds from Avira, and I'm pressing 'remove' the virus (which is in my Appdata files...and ends with maindll.dll)
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:00:15 PM, on 10/16/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16671)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Users\Zacks new laptop\AppData\Roaming\Owvoc\gynu.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Users\ZACKSN~1\AppData\Local\Temp\exe.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    C:\program files (x86)\avira\antivir desktop\avcenter.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Zacks new laptop\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Shareaza\Shareaza.exe
    C:\Program Files (x86)\Shareaza\MediaLibraryBuilder.exe
    C:\Program Files (x86)\Shareaza\MediaImageServices.exe
    C:\Program Files (x86)\Shareaza\WindowsThumbnail.exe
    C:\Users\Zacks new laptop\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1#inbox
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Zacks new laptop\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [{763D1AD7-73BF-2C91-6E2F-E7E2C6884060}] "C:\Users\Zacks new laptop\AppData\Roaming\Owvoc\gynu.exe"
    O4 - HKCU\..\Run: [exe.exe] C:\Users\ZACKSN~1\AppData\Local\Temp\exe.exe
    O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files (x86)\Shareaza\RazaWebHook32.dll/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: HPWMISVC - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11312 bytes
    DDS (Ver_09-09-29.01) - NTFSx86
    Run by Zacks new laptop at 22:04:07.56 on Sat 10/16/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.1779 [GMT -7:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\explorer.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Users\Zacks new laptop\AppData\Roaming\Owvoc\gynu.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Users\ZACKSN~1\AppData\Local\Temp\exe.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\program files (x86)\avira\antivir desktop\avcenter.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Zacks new laptop\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Program Files (x86)\Shareaza\Shareaza.exe
    C:\Program Files (x86)\Shareaza\MediaLibraryBuilder.exe
    C:\Program Files (x86)\Shareaza\WindowsThumbnail.exe
    C:\Users\Zacks new laptop\Downloads\HijackThis.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Zacks new laptop\Downloads\dds.com
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = https://mail.google.com/mail/?shva=1#inbox
    mLocal Page = c:\windows\syswow64\blank.htm
    mWinlogon: Userinit=userinit.exe
    uWinlogon: Shell=c:\users\zacks new laptop\appdata\roaming\hotfix.exe
    BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files (x86)\shareaza\RazaWebHook32.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [Google Update] "c:\users\zacks new laptop\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [{763D1AD7-73BF-2C91-6E2F-E7E2C6884060}] "c:\users\zacks new laptop\appdata\roaming\owvoc\gynu.exe"
    uRun: [exe.exe] c:\users\zacksn~1\appdata\local\temp\exe.exe
    mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [HP Quick Launch] c:\program files (x86)\hewlett-packard\hp quick launch\HPMSGSVC.exe
    mRun: [Norton Online Backup] c:\program files (x86)\symantec\norton online backup\NOBuClient.exe
    mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
    mRun: [TkBellExe] "c:\program files (x86)\common files\real\update_ob\realsched.exe" -osboot
    StartupFolder: c:\users\zacksn~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download with &Shareaza - c:\program files (x86)\shareaza\RazaWebHook32.dll/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\zacksn~1\appdata\roaming\mozilla\firefox\profiles\8tsdmffk.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?hl=en&shva=1#inbox
    FF - component: c:\program files (x86)\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files (x86)\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\default\appdata\local\huludesktop\instances\0.9.13.1\nphdplg.dll
    FF - plugin: c:\users\zacks new laptop\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\zacks new laptop\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\zacks new laptop\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\windows\syswow64\adobe\director\np32dsw.dll
    FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys --> c:\windows\system32\drivers\vwififlt.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AESTSr64.exe [2010-9-19 89600]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe --> c:\windows\system32\atiesrxx.exe [?]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2010-10-11 135336]
    R2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2010-6-12 400368]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-6-18 103992]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\hewlett-packard\shared\HPDrvMntSvc.exe [2010-7-23 92216]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe --> c:\windows\system32\Hpservice.exe [?]
    R2 HPWMISVC;HPWMISVC;c:\program files (x86)\hewlett-packard\hp quick launch\HPWMISVC.exe [2010-6-29 27192]
    R2 NOBU;Norton Online Backup;c:\program files (x86)\symantec\norton online backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-8-18 2291568]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys --> c:\windows\system32\drivers\atipmdag.sys [?]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys --> c:\windows\system32\drivers\atikmpag.sys [?]
    R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\atihdmi.sys --> c:\windows\system32\drivers\AtiHdmi.sys [?]
    R3 clwvd;HP Webcam Splitter;c:\windows\system32\drivers\clwvd.sys --> c:\windows\system32\drivers\clwvd.sys [?]
    R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys --> c:\windows\system32\drivers\usbfilter.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-10-11 136176]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys --> c:\windows\system32\drivers\netw5v64.sys [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rtsustor.sys --> c:\windows\system32\drivers\RtsUStor.sys [?]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\rt64win7.sys --> c:\windows\system32\drivers\Rt64win7.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\vstazl6.sys --> c:\windows\system32\drivers\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\vstdpv6.sys --> c:\windows\system32\drivers\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\vstcnxt6.sys --> c:\windows\system32\drivers\VSTCNXT6.SYS [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\watadminsvc.exe --> c:\windows\system32\wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys --> c:\windows\system32\drivers\yk62x64.sys [?]

    =============== Created Last 30 ================

    2010-10-16 20:38 <DIR> --d----- c:\users\zacksn~1\appdata\roaming\Avira
    2010-10-16 20:25 594,432 a------- c:\users\zacksn~1\appdata\roaming\hotfix.exe
    2010-10-16 20:25 199 a------- c:\users\zacksn~1\appdata\roaming\21971.bat
    2010-10-16 20:25 <DIR> --d----- c:\users\zacksn~1\appdata\roaming\Owvoc
    2010-10-16 20:25 <DIR> --d----- c:\users\zacksn~1\appdata\roaming\Nuama
    2010-10-16 01:11 <DIR> --d----- c:\programdata\Recovery
    2010-10-16 01:11 <DIR> --d----- c:\progra~3\Recovery
    2010-10-15 13:59 <DIR> --d----- C:\PSFONTS
    2010-10-15 13:59 <DIR> --d----- c:\program files (x86)\Finale PrintMusic 2009
    2010-10-12 21:55 <DIR> --d----- c:\users\zacksn~1\appdata\roaming\OpenOffice.org
    2010-10-12 18:03 56 a---h--- c:\programdata\ezsidmv.dat
    2010-10-12 18:03 56 a---h--- c:\progra~3\ezsidmv.dat
    2010-10-12 18:01 <DIR> --d--r-- c:\program files (x86)\Skype
    2010-10-12 10:52 <DIR> --d----- c:\program files (x86)\JRE
    2010-10-12 10:52 <DIR> --d----- c:\program files (x86)\OpenOffice.org 3
    2010-10-12 08:34 <DIR> --d----- c:\windows\system32\Wat
    2010-10-12 00:05 <DIR> --d----- c:\program files (x86)\GIMP-2.0
    2010-10-11 16:35 <DIR> --d----- c:\program files (x86)\GRETECH
    2010-10-11 15:38 <DIR> --d----- c:\program files (x86)\common files\xing shared
    2010-10-11 15:37 <DIR> --d----- c:\program files (x86)\common files\Real
    2010-10-11 15:37 <DIR> --d----- c:\programdata\Real
    2010-10-11 13:16 <DIR> --d----- c:\users\zacksn~1\appdata\roaming\Shareaza
    2010-10-11 13:16 <DIR> --d----- c:\program files (x86)\Shareaza
    2010-10-11 12:44 <DIR> --d----- c:\programdata\Avira
    2010-10-11 12:44 <DIR> --d----- c:\program files (x86)\Avira
    2010-10-11 12:44 <DIR> --d----- c:\progra~3\Avira
    2010-10-11 12:41 <DIR> --d----- c:\program files (x86)\MSXML 4.0
    2010-10-11 12:41 1,130,824 a------- c:\windows\system32\dfshim.dll
    2010-10-11 12:41 297,808 a------- c:\windows\system32\mscoree.dll
    2010-10-11 12:41 295,264 a------- c:\windows\system32\PresentationHost.exe
    2010-10-11 12:41 99,176 a------- c:\windows\system32\PresentationHostProxy.dll
    2010-10-11 12:41 49,472 a------- c:\windows\system32\netfxperf.dll
    2010-10-11 12:39 1,289,528 a------- c:\windows\system32\ntdll.dll
    2010-10-11 12:39 571,904 a------- c:\windows\system32\oleaut32.dll
    2010-10-11 12:39 641,536 a------- c:\windows\system32\CPFilters.dll
    2010-10-11 12:39 204,288 a------- c:\windows\system32\MSNP.ax
    2010-10-11 12:39 199,680 a------- c:\windows\system32\mpg2splt.ax
    2010-10-11 12:37 2,048 a------- c:\windows\system32\tzres.dll
    2010-10-11 12:37 82,944 a------- c:\windows\system32\iccvid.dll
    2010-10-11 12:37 3,955,080 a------- c:\windows\system32\ntkrnlpa.exe
    2010-10-11 12:37 3,899,784 a------- c:\windows\system32\ntoskrnl.exe
    2010-10-11 12:37 740,864 a------- c:\windows\system32\inetcomm.dll
    2010-10-11 12:37 37,376 a------- c:\windows\system32\rtutils.dll
    2010-10-11 12:36 1,233,920 a------- c:\windows\system32\msxml3.dll
    2010-10-11 10:56 <DIR> --d----- c:\users\zacksn~1\appdata\roaming\hpqLog
    2010-10-11 10:47 <DIR> --d----- c:\users\Zacks new laptop
    2010-09-19 01:57 465,408 a------- c:\windows\system32\psisdecd.dll
    2010-09-19 01:56 48,265 a------- c:\windows\HomePremium.xml
    2010-09-19 01:55 <DIR> --d----- c:\windows\ehome
    2010-09-19 01:48 <DIR> --d----- c:\programdata\ATI
    2010-09-19 01:32 <DIR> --d----- c:\program files (x86)\HP Games
    2010-09-19 01:32 <DIR> --d----- c:\programdata\WildTangent
    2010-09-19 01:32 <DIR> --d----- c:\progra~3\WildTangent
    2010-09-19 01:31 30 a------- c:\windows\system32\APP_LOG
    2010-09-19 01:30 <DIR> --d----- c:\programdata\Norton
    2010-09-19 01:30 <DIR> --d----- c:\progra~3\Norton
    2010-09-19 01:29 <DIR> --d----- c:\programdata\NortonInstaller
    2010-09-19 01:29 <DIR> --d----- c:\program files (x86)\NortonInstaller
    2010-09-19 01:29 <DIR> --d----- c:\progra~3\NortonInstaller
    2010-09-19 01:29 <DIR> --d----- c:\programdata\Uninstall
    2010-09-19 01:29 <DIR> --d----- c:\progra~3\Uninstall
    2010-09-19 01:29 <DIR> --d----- c:\programdata\CinemaNow
    2010-09-19 01:29 <DIR> --d----- c:\progra~3\CinemaNow
    2010-09-19 01:29 <DIR> --d----- c:\program files (x86)\CinemaNow
    2010-09-19 01:29 <DIR> --d----- c:\program files (x86)\Microsoft WSE
    2010-09-19 01:28 <DIR> --d----- c:\programdata\Sonic
    2010-09-19 01:28 <DIR> --d----- c:\programdata\Macrovision
    2010-09-19 01:25 <DIR> --d----- c:\program files (x86)\Times Reader
    2010-09-19 01:10 0 a------- c:\windows\ativpsrm.bin
    2010-09-19 01:09 <DIR> --d----- c:\windows\Hewlett-Packard
    2010-09-19 01:08 <DIR> --d----- c:\windows\Driver Cache
    2010-09-19 01:08 <DIR> --d----- c:\program files (x86)\HP
    2010-09-19 01:08 <DIR> --d----- c:\program files (x86)\Cisco
    2010-09-19 01:08 <DIR> --d----- c:\program files (x86)\Atheros
    2010-09-19 01:07 <DIR> --d----- c:\programdata\Atheros
    2010-09-19 01:07 <DIR> --d----- c:\progra~3\Atheros
    2010-09-19 01:06 487,424 a------- c:\windows\sttray64.exe
    2010-09-19 01:05 8,038,944 a------- c:\windows\system32\RtsUStoricon.dll
    2010-09-19 01:05 <DIR> --d----- c:\program files (x86)\Realtek
    2010-09-19 01:05 <DIR> --d----- c:\program files (x86)\AMD
    2010-09-19 01:03 <DIR> --d----- c:\program files (x86)\ATI Technologies
    2010-09-19 01:02 299 a------- c:\windows\system32\RStoneLog2.ini
    2010-09-19 01:02 240 a------- c:\windows\system32\RStoneLog.ini
    2010-09-19 01:02 0 a--shr-- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv6 Notebook PC_Y5335KV_0U_QCNF037BZB3_EPO7_4A_I143F_SHP_V67.22_F.13_T100806_WU3-0_L409_M3835_J500_7AMD_8F63_92.10_#100919_N10EC8168;168C002B_(XG890UA#ABA)_XMOBILE_CN10_Z.MRK

    ==================== Find3M ====================

    2010-10-11 15:37 499,712 a------- c:\windows\system32\msvcp71.dll
    2010-10-11 15:37 348,160 a------- c:\windows\system32\msvcr71.dll
    2010-09-07 21:30 978,432 a------- c:\windows\system32\wininet.dll
    2010-09-07 21:28 44,544 a------- c:\windows\system32\licmgr10.dll
    2010-09-02 23:39 411,368 a------- c:\windows\system32\deployJava1.dll
    2010-09-02 22:02 1,686,016 a------- c:\windows\system32\esent.dll
    2010-09-02 22:01 427,520 a------- c:\windows\system32\vbscript.dll
    2010-09-02 22:01 96,768 a------- c:\windows\system32\sspicli.dll
    2010-09-02 22:01 22,016 a------- c:\windows\system32\secur32.dll
    2010-09-02 22:00 293,888 a------- c:\windows\system32\atmfd.dll
    2010-09-02 22:00 34,304 a------- c:\windows\system32\atmlib.dll
    2010-09-02 21:59 67,584 a------- c:\windows\system32\asycfilt.dll
    2010-09-02 21:59 132,608 a------- c:\windows\system32\cabview.dll
    2010-09-02 21:57 2,870,272 a------- c:\windows\explorer.exe
    2010-09-02 21:57 2,614,272 a------- c:\windows\system32\explorer.exe
    2010-09-02 21:55 668,160 a------- c:\windows\system32\autochk.exe
    2010-09-02 21:55 1,328,640 a------- c:\windows\system32\quartz.dll
    2010-09-02 21:55 91,648 a------- c:\windows\system32\avifil32.dll
    2010-09-02 21:55 84,480 a------- c:\windows\system32\mciavi32.dll
    2010-09-02 21:55 50,176 a------- c:\windows\system32\iyuv_32.dll
    2010-09-02 21:55 31,744 a------- c:\windows\system32\msvidc32.dll
    2010-09-02 21:55 22,016 a------- c:\windows\system32\msyuv.dll
    2010-09-02 21:55 13,312 a------- c:\windows\system32\msrle32.dll
    2010-09-02 21:55 12,288 a------- c:\windows\system32\tsbyuv.dll
    2010-09-02 21:55 257,024 a------- c:\windows\system32\msv1_0.dll
    2010-09-02 21:54 34,816 a------- c:\windows\system32\msasn1.dll
    2010-09-02 21:54 1,320,960 a------- c:\windows\system32\CertEnroll.dll
    2010-09-02 21:53 70,656 a------- c:\windows\system32\fontsub.dll
    2010-09-02 21:53 220,672 a------- c:\windows\system32\mcbuilder.exe
    2010-08-31 21:23 12,625,408 a------- c:\windows\system32\wmploc.DLL
    2010-08-30 21:32 954,752 a------- c:\windows\system32\mfc40.dll
    2010-08-30 21:32 954,288 a------- c:\windows\system32\mfc40u.dll
    2010-08-26 22:46 9,728 a------- c:\windows\system32\sscore.dll
    2010-08-25 21:39 109,056 a------- c:\windows\system32\t2embed.dll
    2010-08-20 22:36 738,816 a------- c:\windows\system32\wmpmde.dll
    2010-08-20 22:36 224,256 a------- c:\windows\system32\schannel.dll
    2010-08-20 22:33 530,432 a------- c:\windows\system32\comctl32.dll
    2009-07-13 22:37 291,294 a------- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-13 22:37 291,294 a------- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-13 22:37 31,548 a------- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-13 22:37 31,548 a------- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-13 21:54 174 a--sh--- c:\program files (x86)\desktop.ini
    2009-07-13 18:00 291,294 a------- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-13 18:00 291,294 a------- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-13 18:00 31,548 a------- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-13 18:00 31,548 a------- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 13:44 9,633,792 a--shr-- c:\windows\fonts\StaticCache.dat
    2009-07-13 18:39 398,848 a--sh--- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
    2009-07-13 18:14 396,800 a--sh--- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 22:04:45.03 ===============
    my ark.txt file is empty!
    Somewhere it said nothing found...

    Thanks very much for your help!


     

    Attached Files:

  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi

    Please run the following:


    • Download OTL and save it to your desktop.
    • Double click on the [​IMG] icon to run it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top, make sure Standard output is selected.
    • Under the Extra Registry section, check Use SafeList
    • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
    • Double click inside the Custom Scan box at the bottom
    • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
    • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
    • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
     
  3. wildzac

    wildzac Thread Starter

    Joined:
    Oct 17, 2010
    Messages:
    2
    Thanks, CatByte, but I solved the problem myself using Malwarebyte's Antimalware program (a free download).
     
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    OK, thanks for letting me know
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/956681

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice