Jump to content

Possible Rootkit Infection


cryofinnocence
 Share

Recommended Posts

Hi,

 

I'm concerned about a possible rootkit infection in my computer and a laptop that is connected through a router. The rootkit seems to only appear on the laptop but I was told that it can travel to other computers through the router. All computers connected through the router are working fine, but I just wanted to be on the safe side. The following are the scan logs from both Malawarebytes and HijackThis.

 

These are the logs for the laptop:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Database version: 7340

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

 

7/31/2011 4:57:16 PM

mbam-log-2011-07-31 (16-57-16).txt

 

Scan type: Full scan (C:\|D:\|)

Objects scanned: 529648

Time elapsed: 2 hour(s), 28 minute(s), 20 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 4

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\Users\Owner\AppData\Local\Temp\~nsu.tmp\whitesmoke-silent.exe (PUP.BHO) -> Quarantined and deleted successfully.

c:\Users\Owner\AppData\Roaming\thinstall\CSDATA\1000000800002i\svchost.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.

c:\Users\Owner\documents\downloads\uusee_kaba_setup_0.exe (PUP.Uusee) -> Quarantined and deleted successfully.

c:\Users\Owner\documents\downloads\whitesmokewritergeo5002_en.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

 

---

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:16:33 AM, on 8/1/2011

Platform: Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\AIM\aim.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\HP\QuickPlay\QPService.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

C:\Program Files (x86)\Real\realplayer\Update\realsched.exe

C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\Desktop\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: ::1 localhost

O2 - BHO: SearchHook Class - {00000000-0593-4356-9CF7-1D8C2B3343C0} - C:\Program Files (x86)\Baidu\AddressBar\AddressBar.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

O3 - Toolbar: WhiteSmoke Toolbar - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start

O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [uUSeeMediaCenter] "C:\Program Files (x86)\Common Files\uusee\UUSeeMediaCenter.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US

O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

O4 - Startup: PPS.lnk = C:\Program Files (x86)\PPStream\PPStream.exe

O4 - Startup: ViiKiiDesktopPlugin.lnk = C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nakido - Nakido - C:\Program Files (x86)\Nakido\nakido.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe (file missing)

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 15669 bytes

 

These are the logs for the desktop:

 

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Database version: 7340

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

7/31/2011 2:15:17 PM

mbam-log-2011-07-31 (14-15-17).txt

 

Scan type: Full scan (C:\|Q:\|)

Objects scanned: 323901

Time elapsed: 33 minute(s), 24 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 7

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UUSEE_base (PUP.Uusee) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UUSEE (PUP.Uusee) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\program files (x86)\360\360Safe\360leakfixer.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\program files (x86)\360\360Safe\leakrepair.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\program files (x86)\360\360Safe\ipc\patchcheck.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\program files (x86)\common files\uusee\uninst.exe (PUP.Uusee) -> Quarantined and deleted successfully.

c:\program files (x86)\uusee\uninstuusee.exe (PUP.Uusee) -> Quarantined and deleted successfully.

c:\Users\Jamie\AppData\Local\Temp\uuseedownload.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Users\Jamie\documents\Setups\uusee_setup_2010.exe (PUP.Uusee) -> Quarantined and deleted successfully.

---

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:31:43 AM, on 8/1/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16800)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe

C:\Program Files (x86)\ooVoo\ooVoo.exe

C:\Users\Jamie\AppData\Local\MediaGet2\mediaget.exe

C:\Program Files (x86)\jmesoft\hotkey.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\uusee\UUSeeMediaCenter.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\SysWOW64\rundll32.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\AIM\aim.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2653012

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

R3 - URLSearchHook: Veoh Web Player Toolbar - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll

R3 - URLSearchHook: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

O2 - BHO: NCH EN - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512184658.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Veoh Web Player - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

O3 - Toolbar: Veoh Web Player Toolbar - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

O4 - HKLM\..\Run: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe

O4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [uUSeeMediaCenter] "C:\Program Files (x86)\Common Files\uusee\UUSeeMediaCenter.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\windows\SysWOW64\\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized

O4 - HKCU\..\Run: [MediaGet2] C:\Users\Jamie\AppData\Local\MediaGet2\mediaget.exe --minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'Default user')

O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: ʹÓÃUUSee¼ÓËÙ²¥·Å - C:\Program Files (x86)\uusee\geturltoplay.htm

O8 - Extra context menu item: ʹÓÃUUSeeÏÂÔØ - C:\Program Files (x86)\uusee\geturltodown.htm

O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: СÓÎÏ· - {998A88A0-A355-809B-831C-B83A80000991} - http://www.ugege.com/ (file missing)

O9 - Extra 'Tools' menuitem: СÓÎÏ· - {998A88A0-A355-809B-831C-B83A80000991} - http://www.ugege.com/ (file missing)

O9 - Extra button: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files (x86)\uusee\UUSeePlayer.exe

O9 - Extra 'Tools' menuitem: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files (x86)\uusee\UUSeePlayer.exe

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: Giraffic Video Accelerator (Giraffic) - Unknown owner - C:\Program Files (x86)\Giraffic\GirafficWatchdog.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe

O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 16850 bytes

Thank you!

Link to comment
Share on other sites

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)

Hello there, cryofinnocence

 

:wp:

 

I'm Conspire, I'll be glad to help you with your computer problems.

 

Please observe these rules while we work:

  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

Link to comment
Share on other sites

Hello there,

 

1. All tools MUST be run from the executable. (.exe)

With Admin Rights (Right click, choose "Run as Administrator")

 

Please download DDS by sUBs from one of the following links and save it to your desktop.

  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
===================================================

 

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===================================================

 

On your next reply please post :

DDS log

Checkup log

Let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Link to comment
Share on other sites

Hello Conspire,

 

Thank you for replying. The following are the requested logs for both the desktop and the laptop. Also, I am unable to locate the "attachment area" but I have the Attach.txt files for both systems. Should I post them as text?

 

Desktop DDS:

 

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26

Run by Jamie at 17:11:41 on 2011-08-03

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8040.6336 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\Program Files\Tablet\Pen\Pen_TouchService.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\SYSTEM32\WISPTIS.EXE

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\windows\system32\taskhost.exe

C:\windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Giraffic\GirafficWatchdog.exe

c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

C:\windows\system32\mfevtps.exe

C:\windows\system32\rundll32.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\windows\SysWOW64\rundll32.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe

C:\Program Files (x86)\ooVoo\ooVoo.exe

C:\Program Files (x86)\jmesoft\hotkey.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\uusee\UUSeeMediaCenter.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\DllHost.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\wuauclt.exe

C:\windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\AIM\aim.exe

C:\Program Files (x86)\Giraffic\Giraffic.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\SysWOW64\rundll32.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jamie\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2653012

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

uURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll

uURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

mURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll

mURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

BHO: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512184658.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

TB: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [Google Update] "C:\Users\Jamie\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized

uRun: [MediaGet2] C:\Users\Jamie\AppData\Local\MediaGet2\mediaget.exe --minimized

mRun: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe

mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [uUSeeMediaCenter] "C:\Program Files (x86)\Common Files\uusee\UUSeeMediaCenter.exe"

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [NeroCheck] C:\windows\SysWOW64\\NeroCheck.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: ʹÓÃUUSee¼ÓËÙ²¥·Å - C:\Program Files (x86)\uusee\geturltoplay.htm

IE: ʹÓÃUUSeeÏÂÔØ - C:\Program Files (x86)\uusee\geturltodown.htm

IE: {998A88A0-A355-809B-831C-B83A80000991} - http://www.ugege.com/

IE: {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files (x86)\uusee\UUSeePlayer.exe

IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{E2733870-A020-4914-AB54-8E128E3967CD} : DhcpNameServer = 192.168.1.1 192.168.1.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

BHO-X64: Conduit Engine - No File

BHO-X64: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

BHO-X64: NCH EN - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512184658.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO-X64: AIM Toolbar Loader - No File

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll

BHO-X64: Veoh Web Player - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

TB-X64: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeoh.dll

TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB-X64: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe

mRun-x64: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [uUSeeMediaCenter] "C:\Program Files (x86)\Common Files\uusee\UUSeeMediaCenter.exe"

mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [NeroCheck] C:\windows\SysWOW64\\NeroCheck.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

IE-X64: {998A88A0-A355-809B-831C-B83A80000991} - http://www.ugege.com/

IE-X64: {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files (x86)\uusee\UUSeePlayer.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\uc6b2bqd.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Veoh Web Player Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13

FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - component: C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\uc6b2bqd.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\uc6b2bqd.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npuuseep.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll

FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Jamie\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Users\Jamie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: Veoh Web Player Community Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - %profile%\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}

FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]

R2 Giraffic;Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\GirafficWatchdog.exe --service [?]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2011-4-26 101048]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-18 355440]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-18 355440]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-3-18 355440]

R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-3-18 200056]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-3-18 245352]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\windows\system32\mfevtps.exe" --> C:\windows\system32\mfevtps.exe [?]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]

R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-3-19 5790064]

R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-3-19 487280]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-8 2655768]

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2011-3-17 24652]

R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\windows\system32\DRIVERS\e1c62x64.sys --> C:\windows\system32\DRIVERS\e1c62x64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]

S1 EfiMon;EfiSystemMon;C:\windows\system32\Drivers\Efimon.sys --> C:\windows\system32\Drivers\Efimon.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-17 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-17 136176]

S3 LVUSBS64;Logitech USB Monitor Filter;C:\windows\system32\DRIVERS\LVUSBS64.sys --> C:\windows\system32\DRIVERS\LVUSBS64.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\windows\system32\DRIVERS\Rtnic64.sys --> C:\windows\system32\DRIVERS\Rtnic64.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 wacmoumonitor;Wacom Mode Helper;C:\windows\system32\DRIVERS\wacmoumonitor.sys --> C:\windows\system32\DRIVERS\wacmoumonitor.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2011-08-03 09:19:26 -------- d-----w- C:\Users\Jamie\AppData\Local\{DE12B460-7ACD-4F3D-9FEF-AC0CC3AAD748}

2011-08-02 12:21:32 -------- d-----w- C:\Users\Jamie\AppData\Local\{1A71F8F2-7065-4B1C-A34D-600BB66E8ACA}

2011-08-01 11:19:17 -------- d-----w- C:\Users\Jamie\AppData\Local\{179D2D9E-E382-4210-8852-2098B4336676}

2011-07-31 22:58:24 -------- d-----w- C:\Users\Jamie\AppData\Local\{98F42641-4152-4CBF-BD42-FFBB11970ED9}

2011-07-31 18:18:46 177200 ----a-w- C:\windows\System32\drivers\BAPIDRV64.SYS

2011-07-31 17:31:59 -------- d-----w- C:\Users\Jamie\AppData\Roaming\Malwarebytes

2011-07-31 17:31:49 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-31 17:31:49 -------- d-----w- C:\ProgramData\Malwarebytes

2011-07-31 17:31:46 25912 ----a-w- C:\windows\System32\drivers\mbam.sys

2011-07-31 17:31:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-07-31 10:57:59 -------- d-----w- C:\Users\Jamie\AppData\Local\{24676C78-F4FA-41BF-86FB-0A47BDB000E4}

2011-07-30 14:19:52 -------- d-----w- C:\Users\Jamie\AppData\Local\{C9197678-886E-4E4E-8940-6573480648CB}

2011-07-29 09:55:42 -------- d-----w- C:\Users\Jamie\AppData\Local\{70662EDE-901F-494B-99F4-EE625F407DC7}

2011-07-28 11:15:18 -------- d-----w- C:\Users\Jamie\AppData\Local\{32C04365-70CA-429C-8F66-D4EAC0507B03}

2011-07-27 10:42:03 -------- d-----w- C:\Users\Jamie\AppData\Local\{AAAA3F12-2B6F-461C-A3A9-C6E76BAB1A51}

2011-07-26 10:40:45 -------- d-----w- C:\Users\Jamie\AppData\Local\{E0259838-70FA-4A8D-9E06-DF4460ABE414}

2011-07-25 12:45:15 -------- d-----w- C:\Users\Jamie\AppData\Local\{957E9E2E-DBFB-4399-BFC2-2173849A4F1E}

2011-07-24 12:24:19 -------- d-----w- C:\Users\Jamie\AppData\Local\Media Get LLC

2011-07-24 12:24:18 -------- d-----w- C:\Users\Jamie\AppData\Roaming\Media Get LLC

2011-07-24 12:24:18 -------- d-----w- C:\ProgramData\Media Get LLC

2011-07-24 12:23:52 -------- d-----w- C:\Users\Jamie\AppData\Local\MediaGet2

2011-07-24 11:26:03 -------- d-----w- C:\Users\Jamie\AppData\Local\{172A9655-C33E-4F83-A3CE-BCD6D33356E2}

2011-07-23 23:25:25 -------- d-----w- C:\Users\Jamie\AppData\Local\{EEDD28D5-F0A2-425E-AE02-1FABFC68B592}

2011-07-23 11:24:31 -------- d-----w- C:\Users\Jamie\AppData\Local\{CED02728-9D49-4D7E-92CD-6D1DA2E3C7FA}

2011-07-22 10:01:39 -------- d-----w- C:\Users\Jamie\AppData\Local\{07133460-22CF-4255-BDCB-4C72819F86AB}

2011-07-21 09:52:49 -------- d-----w- C:\Users\Jamie\AppData\Local\{F15638B0-C3AE-4EF6-B46C-B2DED84FD3C0}

2011-07-20 21:49:00 -------- d-----w- C:\Users\Jamie\AppData\Local\{B4BBC57A-AA1F-4A2D-B799-504ADCA9C0E3}

2011-07-20 09:48:22 -------- d-----w- C:\Users\Jamie\AppData\Local\{02E7DA07-096E-403D-88A6-43D85B46C5C8}

2011-07-19 11:14:39 -------- d-----w- C:\Users\Jamie\AppData\Local\{5D482D64-E890-467F-8389-EA5D3B182767}

2011-07-18 10:22:23 -------- d-----w- C:\Users\Jamie\AppData\Local\{FA2995BE-84B2-43D8-A9EA-3916E374294E}

2011-07-17 11:19:34 -------- d-----w- C:\Users\Jamie\AppData\Local\{3902F038-CD60-4137-8D2E-9E24B0E4AD6B}

2011-07-16 12:45:55 -------- d-----w- C:\Users\Jamie\AppData\Local\{424C9BB8-B202-41FC-AEED-DD3A209B57FD}

2011-07-16 00:45:20 -------- d-----w- C:\Users\Jamie\AppData\Local\{E65DB1EE-848F-47CD-A56A-32967A2F7820}

2011-07-15 12:44:47 -------- d-----w- C:\Users\Jamie\AppData\Local\{54F8F89E-240A-40BE-9E3F-BDF8B6E9324B}

2011-07-14 12:43:51 -------- d-----w- C:\Users\Jamie\AppData\Local\{9192D38D-A45D-4771-95AD-5513ED8409AE}

2011-07-14 00:43:17 -------- d-----w- C:\Users\Jamie\AppData\Local\{B3EE0EC0-A1DD-4029-A260-B6F319781A9D}

2011-07-13 18:50:17 -------- d-----w- C:\Users\Jamie\AppData\Local\Apple Computer

2011-07-13 18:50:08 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys

2011-07-13 18:50:08 126312 ----a-w- C:\windows\System32\GEARAspi64.dll

2011-07-13 18:50:08 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll

2011-07-13 18:49:49 -------- d-----w- C:\Program Files\iPod

2011-07-13 18:49:48 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2011-07-13 18:49:48 -------- d-----w- C:\Program Files\iTunes

2011-07-13 18:49:48 -------- d-----w- C:\Program Files (x86)\iTunes

2011-07-13 18:49:09 -------- d-----w- C:\Program Files\Bonjour

2011-07-13 18:49:09 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-07-13 15:05:21 -------- d-----w- C:\Users\Jamie\AppData\Roaming\Unity

2011-07-13 14:57:28 -------- d-----w- C:\Users\Jamie\AppData\Local\Unity

2011-07-13 12:42:55 -------- d-----w- C:\Users\Jamie\AppData\Local\{F949B655-9A7E-4566-BB80-F4313DC6774F}

2011-07-12 12:41:58 -------- d-----w- C:\Users\Jamie\AppData\Local\{3CDAE880-78ED-452F-96FE-805F5B864155}

2011-07-11 12:40:59 -------- d-----w- C:\Users\Jamie\AppData\Local\{0EF8AFEC-E6F4-49F9-AB2B-FCD5C760D109}

2011-07-10 12:40:02 -------- d-----w- C:\Users\Jamie\AppData\Local\{74903030-59D0-4A90-BADE-81C96C99A659}

2011-07-09 12:38:44 -------- d-----w- C:\Users\Jamie\AppData\Local\{4F7546C9-7EF3-4D63-93A4-4CB15B31400E}

2011-07-08 19:56:56 -------- d-----w- C:\Program Files (x86)\FA Davis

2011-07-08 12:37:48 -------- d-----w- C:\Users\Jamie\AppData\Local\{0FC3635A-2EB9-4C94-9A9C-1F20E37458B3}

2011-07-07 12:36:38 -------- d-----w- C:\Users\Jamie\AppData\Local\{90537A09-B2B1-48E8-97D7-DAE51E4D0B5D}

2011-07-06 12:35:38 -------- d-----w- C:\Users\Jamie\AppData\Local\{75BBDB2E-9A3A-4714-8942-4B780448E9AD}

2011-07-05 12:34:40 -------- d-----w- C:\Users\Jamie\AppData\Local\{018BFC4F-03C4-4FED-8785-B2796F3F33EC}

.

==================== Find3M ====================

.

2011-06-22 01:49:32 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll

2011-06-11 02:56:44 3134464 ----a-w- C:\windows\System32\win32k.sys

2011-06-02 06:45:22 362496 ----a-w- C:\windows\System32\wow64win.dll

2011-06-02 06:45:22 243200 ----a-w- C:\windows\System32\wow64.dll

2011-06-02 06:45:22 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2011-06-02 06:44:54 214528 ----a-w- C:\windows\System32\winsrv.dll

2011-06-02 06:42:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2011-06-02 06:39:54 422400 ----a-w- C:\windows\System32\KernelBase.dll

2011-06-02 06:35:56 338944 ----a-w- C:\windows\System32\conhost.exe

2011-06-02 05:59:44 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2011-06-02 05:56:28 44032 ----a-w- C:\windows\apppatch\acwow64.dll

2011-06-02 05:56:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2011-06-02 05:54:51 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2011-06-02 05:54:50 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll

2011-06-02 03:51:00 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2011-06-02 03:50:59 2048 ----a-w- C:\windows\SysWow64\user.exe

2011-06-02 03:45:49 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-02 03:45:49 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-02 03:45:49 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-02 03:45:49 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-28 03:25:16 1638912 ----a-w- C:\windows\System32\mshtml.tlb

2011-05-28 03:00:02 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

2011-05-24 11:21:59 404992 ----a-w- C:\windows\System32\umpnpmgr.dll

2011-05-24 10:34:20 64512 ----a-w- C:\windows\SysWow64\devobj.dll

2011-05-24 10:34:20 44544 ----a-w- C:\windows\SysWow64\devrtl.dll

2011-05-24 10:34:00 145920 ----a-w- C:\windows\SysWow64\cfgmgr32.dll

2011-05-24 10:32:46 252928 ----a-w- C:\windows\SysWow64\drvinst.exe

2011-05-10 12:06:08 51712 ----a-w- C:\windows\System32\drivers\usbaapl64.sys

2011-05-10 12:06:08 4517664 ----a-w- C:\windows\System32\usbaaplrc.dll

.

============= FINISH: 17:12:13.45 ===============

 

Desktop Checkup:

 

 

Results of screen317's Security Check version 0.99.18

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

McAfee AntiVirus Plus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 26

Adobe Flash Player

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

 

 

Laptop DDS:

 

 

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_26

Run by Owner at 17:55:40 on 2011-08-03

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2053 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Program Files\WTouch\WTouchService.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\Explorer.EXE

C:\Program Files\WTouch\WTouchUser.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\AIM\aim.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe

C:\Program Files (x86)\HP\QuickPlay\QPService.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

C:\Program Files (x86)\Real\realplayer\Update\realsched.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Windows\system32\agr64svc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\SysWOW64\PSIService.exe

C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe

C:\Windows\SMINST\BLService.exe

C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: SearchHook Class: {00000000-0593-4356-9cf7-1d8c2b3343c0} - C:\Program Files (x86)\Baidu\AddressBar\AddressBar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US

uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"

mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start

mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [uUSeeMediaCenter] "C:\Program Files (x86)\Common Files\uusee\UUSeeMediaCenter.exe"

mRun: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VIIKII~1.LNK - C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: ??UUSee?? - C:\Program Files (x86)\uusee\geturltodown.htm

IE: ??UUSee???? - C:\Program Files (x86)\uusee\geturltoplay.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{5E5C62FE-47E0-4EE2-835E-9A840A23BDB9} : DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{FB189FC4-76F4-4063-AE6D-0251392EFD0D} : DhcpNameServer = 192.168.1.1 192.168.1.1

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: SearchHook Class: {00000000-0593-4356-9CF7-1D8C2B3343C0} - C:\Program Files (x86)\Baidu\AddressBar\AddressBar.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll

TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

mRun-x64: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"

mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start

mRun-x64: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [uUSeeMediaCenter] "C:\Program Files (x86)\Common Files\uusee\UUSeeMediaCenter.exe"

mRun-x64: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader

Link to comment
Share on other sites

Hi,

 

No need for attach.txt now. :)

 

Do this for both of your computers.

 

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan

 

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

 

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin

    scanning your computer. Please be patient as this can take some time.

  • Look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Select Uninstall application on close check box and push Posted Image
Link to comment
Share on other sites

Hi again,

 

Here are the ESET scan logs:

 

Desktop:

 

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=cc4c818f72d5ca4285477208d77ae6bf

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-08-07 12:33:03

# local_time=2011-08-06 08:33:03 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5121 16777213 100 75 7345803 25252970 0 0

# compatibility_mode=5893 16776574 100 94 12180596 64216088 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=168692

# found=3

# cleaned=0

# scan_time=4545

C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I

C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I

C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I

 

Laptop:

 

ESETSmartInstaller@High as downloader log:all ok# version=7# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.6528# api_version=3.0.2# EOSSerial=6a0fdc1c552c4540936acbea48fc857d# end=finished# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2011-08-06 10:53:32# local_time=2011-08-06 06:53:32 (-0500, Eastern Daylight Time)# country="United States"# lang=1033# osver=6.0.6002 NT Service Pack 2# compatibility_mode=512 16777215 100 0 0 0 0 0# compatibility_mode=768 16777215 100 0 0 0 0 0# compatibility_mode=5892 16776573 100 56 0 149240678 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=322787# found=10# cleaned=0# scan_time=29240C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\334136ca-3062e325 a variant of Java/Exploit.Agent.NAL trojan (unable to clean) 00000000000000000000000000000000 IC:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\3d726d4b-32ed72d3 multiple threats (unable to clean) 00000000000000000000000000000000 IC:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\5f583a0f-5e13f307 a variant of Java/Exploit.CVE-2009-2843.B trojan (unable to clean) 00000000000000000000000000000000 IC:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7a0b54eb-57dd0009 multiple threats (unable to clean) 00000000000000000000000000000000 IC:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\19ce4ef2-6a3f84f5 Java/TrojanDownloader.Agent.NBE trojan (unable to clean) 00000000000000000000000000000000 IC:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1baeccbb-5620e2bc Java/Exploit.CVE-2009-2843.B trojan (unable to clean) 00000000000000000000000000000000 IC:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\2371d6c6-34010bb9 multiple threats (unable to clean) 00000000000000000000000000000000 IC:\Users\Owner\Documents\Downloads\CityStoryV75.rar probably a variant of Win32/Agent.EQHHXJI trojan (unable to clean) 00000000000000000000000000000000 IC:\Users\Owner\Documents\Downloads\MsgPlusLive-480.exe a variant of Win32/MessengerPlus application (unable to clean) 00000000000000000000000000000000 IC:\Users\Owner\Documents\Downloads\MsgPlusLive-484.exe a variant of Win32/MessengerPlus application (unable to clean) 00000000000000000000000000000000 I

Link to comment
Share on other sites

Sometimes it does take longer than expected. :)

 

Your Desktop :

 

You should uninstall Yontoo as it contains adware that is use for tracking surfing habits.

 

 

-----------------------

 

 

Your Laptop :

 

Go into the Control Panel and double-click the Java Icon.

  • Under Temporary Internet Files, click the Settings... button
  • Click the Delete Files button.
  • There are two options in the window to clear the cache - Leave both Checked

    • Applications and Applets
    • Trace and log files
  • Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

  • Click OK to leave the Temporary Files Settings
  • Click OK to leave the Java Control Panel.
===================================================

 

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

 

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\Owner\Documents\Downloads\CityStoryV75.rar"
"C:\Users\Owner\Documents\Downloads\MsgPlusLive-480.exe"
"C:\Users\Owner\Documents\Downloads\MsgPlusLive-484.exe"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0

Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.

It should look like this: Posted Image

 

Double-click on fix.bat to run it.

 

Tell me what it says in your next reply. Press any key to continue.

Link to comment
Share on other sites

You're good to go.

 

You can now delete the tools we use.

 

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

 

--------------------------------------------------------------------------------------------------------------

 

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

 

 

Passwords

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.

 

 

SPYWARE PREVENTION

This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an add-on available for both Firefox and IE.

  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here

  • Download Host.zip and Save it to your Desktop.
  • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
  • Follow the prompts and click 'Finish'.
  • This will open the newly created hosts folder on your Desktop.
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  • Once updated you should see another prompt that the task was completed.
Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

 

Hopefully this should take care of your problems! Good luck.

 

Do you have any questions or problems to ask? Please do not hesitate to do so.

 

**Please respond this one more time to ensure it is resolved and close this topic.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...