Hijack This Log

bjl0307 · April 3, 2011

I need help with the below Hijack Scan, and actually I'm not sure if I have a problem or not as I haven't noticed in change in performance or speed but as periodic maintenance I ran the hijack log in Iobit 360 and had it analyzed online and I had 6 or 7 items that I needed to correct which I did and applied the changes and did a refresh, then I ran another scan and had it analyzed again, two of the items that the analzyer identifed as "nasty" and which I corrected continue to reappear after they have been corrected, here are the two items in question

023 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown -%windir%\system32\svchost.exe

023 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe

What I have done to try to correct:

Ran all my Virus and Adware and Malware programs, also ran Microsoft Windows Malicious Software Removal Tool through Revo Uninstaller with no luck on any of them, I even uninstalled Adaware and Malwarebytes and reinstalled incase they were corrupted

I do think that prior to me running the above program my automatic system updates may have been disabled because after running them I received the notification that a new service pack was available for download along with 3 other updates which I was able to download and install successfully, and that is about as far as I trust myself to go with the problem without any help, thanking you in advance for any help of direction you can give me

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 5:36:58, on 2011-4-3

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe

C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} -

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}SwCtl.SwCtl.11 - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Application Updater (Application Updater) - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown -

O23 - Service: Diagnostic Policy Service (DPS) - Unknown -

O23 - Service: Group Policy Client (gpsvc) - Unknown -

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Kodak AiO Network Discovery Service (Kodak AiO Network Discovery Service) - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe

O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown -

O23 - Service: Security Accounts Manager (SamSs) - Unknown -

O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe

O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown -

O23 - Service: Windows Modules Installer (TrustedInstaller) - Unknown -

O23 - Service: Block Level Backup Engine Service (wbengine) - Unknown - %systemroot%\system32\wbengine.exe

O23 - Service: Diagnostic Service Host (WdiServiceHost) - Unknown -

O23 - Service: Diagnostic System Host (WdiSystemHost) - Unknown -

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

O23 - Service: XAudioService (XAudioService) - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Superdave · April 4, 2011

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

************************************************

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*****************************************

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

****************************************************

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.

* If your antivirus or firewall try to block DDS then please allow it to run.

* When finished DDS will open two (2) logs.

1) DDS.txt

2) Attach.txt

* Save both logs to your desktop.

* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.

Please just post it as you would any other log by copy and pasting it into the reply.

bjl0307 · April 6, 2011

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 04/06/2011 at 02:27 PM

Application Version : 4.50.1002

Core Rules Database Version : 6766

Trace Rules Database Version: 4578

Scan type : Complete Scan

Total Scan Time : 00:54:44

Memory items scanned : 753

Memory threats detected : 0

Registry items scanned : 8447

Registry threats detected : 0

File items scanned : 103430

File threats detected : 247

Adware.Tracking Cookie

.doubleclick.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

hpi.rotator.hadj7.adjuggler.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.rotator.hadj7.adjuggler.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

hpi.rotator.hadj7.adjuggler.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.zedo.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

counters.gigya.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.imrworldwide.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.burstnet.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.http://www.burstnet.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

http://www.burstnet.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ads.pointroll.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.pointroll.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

http://www.burstnet.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ru4.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ero-advertising.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.yadro.ru [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ru4.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

user.lucidmedia.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ad.doubleclick.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.interclick.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adserver.adtechus.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adinterax.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.trafficmp.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adxpose.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

citi.bridgetrack.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.apmebf.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.mediaplex.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.a1.interclick.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.edgeadx.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.bs.serving-sys.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.trafficmp.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.microsoftwindows.112.2o7.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.fastclick.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.clickfuse.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.doubleclick.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.zedo.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.dmtracker.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.a1.interclick.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.zedo.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.specificmedia.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.kontera.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.microsoftsto.112.2o7.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ads.neudesicmediagroup.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.fastclick.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

us.sitestat.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

uk.sitestat.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.smartadserver.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.xiti.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ar.atwola.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.tribalfusion.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.smartadserver.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.realmedia.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.at.atwola.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adinterax.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.realmedia.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.trafficmp.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.specificclick.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

media303.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.qksrv.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

http://www.qksrv.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.edge.ru4.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.liveperson.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.edge.ru4.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.apmebf.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.fastclick.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adecn.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.microsoftwlsearchcrm.112.2o7.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.revsci.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.a1.interclick.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.interclick.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.mm.chitika.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.interclick.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ads.bridgetrack.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ads.pointroll.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.pointroll.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ads.pointroll.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.casalemedia.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.2o7.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

sales.liveperson.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.liveperson.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.questionmarket.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.content.yieldmanager.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

pixel.invitemedia.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.invitemedia.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.mediaplex.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.kontera.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.at.atwola.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.tacoda.at.atwola.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.at.atwola.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.tacoda.at.atwola.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.tacoda.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.advertising.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.ad.doubleclick.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.lucidmedia.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.2o7.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

statse.webtrendslive.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.eyewonder.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.legolas-media.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.serving-sys.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.adbrite.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.mediabrandsww.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

.collective-media.net [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

a.ads2.msads.net [ C:\Users\Brett\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6KXNT4PU ]

b.ads2.msads.net [ C:\Users\Brett\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6KXNT4PU ]

ia.media-imdb.com [ C:\Users\Brett\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6KXNT4PU ]

media.ign.com [ C:\Users\Brett\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6KXNT4PU ]

media.mtvnservices.com [ C:\Users\Brett\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6KXNT4PU ]

media1.break.com [ C:\Users\Brett\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6KXNT4PU ]

msnbcmedia.msn.com [ C:\Users\Brett\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6KXNT4PU ]

s0.2mdn.net [ C:\Users\Brett\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6KXNT4PU ]

secure-us.imrworldwide.com [ C:\Users\Brett\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6KXNT4PU ]

serving-sys.com [ C:\Users\Brett\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6KXNT4PU ]

C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Cookies\Low\brett@2o7[1].txt

C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Cookies\Low\brett@ad.wsod[2].txt

C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Cookies\Low\brett@ad.yieldmanager[1].txt

C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Cookies\Low\brett@ads.bleepingcomputer[1].txt

C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Cookies\Low\brett@ads.ookla[1].txt

C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Cookies\Low\brett@ar.atwola[2].txt

C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Cookies\Low\brett@ar.atwola[3].txt

C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Cookies\Low\brett@at.atwola[1].txt

C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Cookies\Low\brett@atwola[1].txt

C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Cookies\Low\brett@collective-media[1].txt

C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Cookies\Low\brett@content.yieldmanager[2].txt

C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Cookies\Low\brett@invitemedia[1].txt

C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Cookies\Low\brett@media6degrees[2].txt

C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Cookies\Low\brett@microsoftsto.112.2o7[1].txt

C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Cookies\Low\brett@mm.chitika[1].txt

C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Cookies\Low\brett@tacoda.at.atwola[2].txt

bjl0307 · April 6, 2011

Malwarebytes' Anti-Malware 1.50.1.1100

http://www.malwarebytes.org

Database version: 6289

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

4/6/2011 3:10:18 PM

mbam-log-2011-04-06 (15-10-18).txt

Scan type: Full scan (C:\|)

Objects scanned: 270483

Time elapsed: 25 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

bjl0307 · April 6, 2011

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/3/2010 9:43:59 PM

System Uptime: 4/6/2011 2:33:42 PM (1 hours ago)

.

Motherboard: ELITEGROUP | | MCP61PM-AM

Processor: AMD Athlon 64 X2 Dual Core Processor 6000+ | Socket AM2 | 3000/201mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 439.665 GiB free.

D: is CDROM (CDFS)

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is FIXED (FAT32) - 931 GiB total, 216.559 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc1-810f-11d0-bec7-08002be2092f}

Description: Texas Instruments 1394 OHCI Compliant Host Controller

Device ID: PCI\VEN_104C&DEV_8024&SUBSYS_80241019&REV_00\4&9418CF&0&4820

Manufacturer: Texas Instruments

Name: Texas Instruments 1394 OHCI Compliant Host Controller

PNP Device ID: PCI\VEN_104C&DEV_8024&SUBSYS_80241019&REV_00\4&9418CF&0&4820

Service: 1394ohci

.

==== System Restore Points ===================

.

RP187: 4/3/2011 4:08:19 AM - Windows 7 Service Pack 1

RP188: 4/3/2011 4:29:23 AM - Windows Update

RP189: 4/3/2011 4:57:35 AM - Windows Update

RP191: 4/6/2011 1:07:39 PM - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware

RP192: 4/6/2011 1:09:04 PM - Windows Update

.

==== Installed Programs ======================

.

µTorrent

Ad-Aware

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.0.1)

Adobe Shockwave Player 11.5

Advanced SystemCare 3

aiofw

aioprnt

aioscnnr

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

CameraHelperMsi

center

Coupon Printer for Windows

D3DX10

erLT

ExtractNow

Foxit Reader

Google Chrome

Google Update Helper

IObit Security 360

IObit Toolbar v4.1

iTunes

Junk Mail filter update

K-Lite Mega Codec Pack 6.6.6

KODAK AiO Home Center

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Magical Jelly Bean KeyFinder

Malwarebytes' Anti-Malware

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Default Manager

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Mozilla Firefox (3.6.16)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA Display Control Panel

NVIDIA Drivers

OGA Notifier 2.0.0048.0

PeerBlock 1.1 (r518)

PreReq

PVSonyDll

QuickTime

Revo Uninstaller 1.91

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office Groove 2007 (KB2494047)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Soft Data Fax Modem with SmartCP

SUPERAntiSpyware

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2412171)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2508979)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Visual C++ 9.0 CRT (x86) WinSXS MSM

Visual C++ 9.0 OpenMP (x86) WinSXS MSM

VLC media player 1.1.5

WinAVI Video Converter

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR archiver

WinUtilities 9.98 Free Edition

.

==== Event Viewer Messages From Past Week ========

.

4/6/2011 2:33:50 PM, Error: volmgr [46] - Crash dump initialization failed!

4/3/2011 5:11:26 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

4/3/2011 5:04:14 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

4/3/2011 5:02:40 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

4/3/2011 5:02:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/3/2011 5:02:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/3/2011 5:02:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/3/2011 5:02:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/3/2011 5:02:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

4/3/2011 5:02:14 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6

4/3/2011 5:02:12 AM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

4/3/2011 4:43:20 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/3/2011 4:08:34 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows 7 Service Pack 1 (KB976932).

4/3/2011 1:59:52 AM, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.

4/3/2011 1:58:04 AM, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

.

==== End Of File ===========================

bjl0307 · April 6, 2011

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Brett at 15:16:34.49 on Wed 04/06/2011

Internet Explorer: 9.0.8112.16421

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3454.1999 [GMT -5:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe

C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Brett\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} -

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - IObit Toolbar

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

TB: {bb72e465-86f9-4b7b-a117-966e6ac03795} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {38542454-DFB6-44F5-B052-D4E071A3D073} - No File

uRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\brett\appdata\roaming\mozilla\firefox\profiles\qazn09h9.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - component: c:\users\brett\appdata\roaming\mozilla\firefox\profiles\qazn09h9.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

FF - Ext: Gamers Unite! Snag Bar: {afe43e80-0abc-4df2-81a0-3fe44b74abe8} - %profile%\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}

.

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-4-3 64512]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]

R1 MpKsl9580f69c;MpKsl9580f69c;c:\programdata\microsoft\microsoft antimalware\definition updates\{61d2b181-0fa4-4416-8225-832eea6940bd}\MpKsl9580f69c.sys [2011-4-6 28752]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-11-18 386560]

R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2011-4-3 312152]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-1 1405384]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-8 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-2 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-3 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-4 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-04-06 19:43:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-06 19:43:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-06 19:43:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-06 19:34:17 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{61d2b181-0fa4-4416-8225-832eea6940bd}\MpKsl9580f69c.sys

2011-04-06 18:29:14 -------- d-----w- c:\users\brett\appdata\roaming\SUPERAntiSpyware.com

2011-04-06 18:29:14 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com

2011-04-06 18:29:07 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-04-06 18:12:33 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{61d2b181-0fa4-4416-8225-832eea6940bd}\mpengine.dll

2011-04-05 22:20:57 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{bd10a0d2-8bc6-4eed-9575-f52f68d7d3f7}\gapaengine.dll

2011-04-03 09:30:29 -------- d-----w- c:\windows\system32\SPReview

2011-04-03 09:27:59 82944 ----a-w- c:\windows\system32\thumbcache.dll

2011-04-03 09:26:54 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-04-03 09:26:54 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll

2011-04-03 09:26:54 363008 ----a-w- c:\windows\system32\wbemcomn.dll

2011-04-03 09:26:54 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-04-03 09:26:45 697344 ----a-w- c:\windows\system32\SmiEngine.dll

2011-04-03 09:26:38 209920 ----a-w- c:\windows\system32\PkgMgr.exe

2011-04-03 09:26:38 189952 ----a-w- c:\windows\system32\wdscore.dll

2011-04-03 09:26:14 323072 ----a-w- c:\windows\system32\drvstore.dll

2011-04-03 09:26:14 257024 ----a-w- c:\windows\system32\dpx.dll

2011-04-03 09:07:35 -------- d-----w- c:\windows\system32\EventProviders

2011-04-03 07:18:13 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-04-03 06:59:51 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-04-03 06:57:27 -------- dc-h--w- c:\progra~2\{6A395471-4AA3-4072-AE1B-9B69A97AD164}

2011-04-03 06:57:08 -------- d-----w- c:\program files\Lavasoft

2011-04-03 05:45:58 219136 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-04-03 05:45:58 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-04-03 05:27:01 -------- d-----w- c:\progra~2\FreeApp

2011-04-03 05:26:23 -------- d-----w- c:\program files\Application Updater

2011-04-03 05:26:12 -------- d-----w- c:\progra~2\IObit

2011-03-25 16:23:36 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll

2011-03-19 16:16:14 -------- d-----w- c:\program files\iTunes

2011-03-19 16:16:14 -------- d-----w- c:\program files\iPod

2011-03-09 07:04:04 805376 ----a-w- c:\windows\system32\FntCache.dll

2011-03-09 07:04:04 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-03-09 07:04:04 1076736 ----a-w- c:\windows\system32\DWrite.dll

2011-03-09 07:04:00 850944 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 07:04:00 642048 ----a-w- c:\windows\system32\CPFilters.dll

2011-03-09 07:04:00 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 07:03:59 199680 ----a-w- c:\windows\system32\mpg2splt.ax

.

==================== Find3M ====================

.

2011-04-03 09:33:44 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-01-07 07:46:34 870912 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-07 07:46:34 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-07 07:45:57 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:43:36 294400 ----a-w- c:\windows\system32\atmfd.dll

.

============= FINISH: 15:22:04.79 ===============

Superdave · April 7, 2011

P2P - I see you have P2P software installed on your machine (µTorrent ). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

******************************************

The logs show that you're running more than one AV program; Lavasoft Ad-Watch Live! Anti-Virus and Microsoft Security Essentials This is a no-no. One will have to go. I mean disabled or uninstalled. You can only have one active AV.

Please uninstall C:\Program Files\Application Updater. It is malware.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1

Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

**************************************************

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1

Link # 2

If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.

When finished, ComboFix will produce a log for you.

Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

bjl0307 · April 7, 2011

logs requested and new hijack scan

thanks for the info on utorrent, is it any safer if all downloads go to an external drive, also I was unaware that adaware was an AV, is Microsoft Security Essentials an all encompassing program or should I run Iobit 360 Security along with it, I also usually have Advance System Care 3 Pro running at start up, is too much overkill, I have a home network system which connects laptops and my xbox to my tv and my computer runs 24/7 and always connected to the internet, its hard sometimes with everything out there to come out of the other end of the abundance of products and information and make the right choices

Results of screen317's Security Check version 0.99.10

Windows 7 Service Pack 1 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Microsoft Security Essentials

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Flash Player 10.2.152.32

Adobe Reader X (10.0.1)

Mozilla Firefox (3.6.16) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

``````````End of Log````````````

ComboFix 11-04-06.03 - Brett 04/07/2011 9:57.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3454.2437 [GMT -5:00]

Running from: c:\users\Brett\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

I:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))

.

2011-04-07 15:01 . 2011-04-07 15:01 -------- d-----w- c:\users\Mcx1-BRETT-PC.Brett-PC\AppData\Local\temp

2011-04-07 15:01 . 2011-04-07 15:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-04-07 14:49 . 2011-04-07 14:49 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA204EDF-A6FF-4781-92AF-BAF0CA9D2549}\MpKsl048e07bc.sys

2011-04-07 14:49 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA204EDF-A6FF-4781-92AF-BAF0CA9D2549}\mpengine.dll

2011-04-06 19:43 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-06 19:43 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-06 19:43 . 2011-04-06 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-06 18:29 . 2011-04-06 18:29 -------- d-----w- c:\users\Brett\AppData\Roaming\SUPERAntiSpyware.com

2011-04-06 18:29 . 2011-04-06 18:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-04-06 18:29 . 2011-04-06 18:29 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-04-05 22:20 . 2011-01-29 01:44 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD10A0D2-8BC6-4EED-9575-F52F68D7D3F7}\gapaengine.dll

2011-04-03 09:30 . 2011-04-03 09:30 -------- d-----w- c:\windows\system32\SPReview

2011-04-03 09:27 . 2010-11-20 12:30 53120 ----a-w- c:\windows\system32\drivers\volmgr.sys

2011-04-03 09:26 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-04-03 09:26 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-04-03 09:26 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll

2011-04-03 09:26 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll

2011-04-03 09:26 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll

2011-04-03 09:26 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll

2011-04-03 09:26 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe

2011-04-03 09:26 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll

2011-04-03 09:26 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll

2011-04-03 09:07 . 2011-04-03 09:07 -------- d-----w- c:\windows\system32\EventProviders

2011-04-03 05:45 . 2011-04-03 05:45 219136 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-04-03 05:45 . 2011-04-03 05:45 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-04-03 05:27 . 2011-04-03 05:27 -------- d-----w- c:\programdata\FreeApp

2011-04-03 05:26 . 2011-04-03 05:26 -------- d-----w- c:\programdata\IObit

2011-03-25 16:23 . 2011-01-29 01:44 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-03-19 16:16 . 2011-03-19 16:16 -------- d-----w- c:\program files\iTunes

2011-03-19 16:16 . 2011-03-19 16:16 -------- d-----w- c:\program files\iPod

2011-03-09 07:04 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll

2011-03-09 07:04 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll

2011-03-09 07:04 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-03-09 07:04 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 07:04 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll

2011-03-09 07:04 . 2010-12-23 05:54 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 07:03 . 2010-12-23 05:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-03 09:33 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-03-15 04:05 . 2010-12-05 09:35 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-03-10 15:05 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-02-03 05:54 . 2011-02-08 21:21 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-01-13 09:41 . 2011-01-28 01:36 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-08 136176]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]

R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-04 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 MpKsl048e07bc;MpKsl048e07bc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA204EDF-A6FF-4781-92AF-BAF0CA9D2549}\MpKsl048e07bc.sys [2011-04-07 28752]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [2010-09-13 308656]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL048E07BC

.

Contents of the 'Scheduled Tasks' folder

.

2011-04-07 c:\windows\Tasks\AWC AutoSweep.job

- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-12-07 19:11]

.

2011-04-07 c:\windows\Tasks\AWC Startup.job

- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-12-07 15:38]

.

2011-04-07 c:\windows\Tasks\AWC Update.job

- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-12-07 20:24]

.

2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-08 13:29]

.

2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-08 13:29]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\qazn09h9.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

FF - Ext: Gamers Unite! Snag Bar: {afe43e80-0abc-4df2-81a0-3fe44b74abe8} - %profile%\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bb72e465-86f9-4b7b-a117-966e6ac03795} - (no file)

URLSearchHooks-{38542454-dfb6-44f5-b052-d4e071a3d073} - (no file)

Toolbar-{bb72e465-86f9-4b7b-a117-966e6ac03795} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{BB72E465-86F9-4B7B-A117-966E6AC03795} - (no file)

WebBrowser-{38542454-DFB6-44F5-B052-D4E071A3D073} - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-04-07 10:02:22

ComboFix-quarantined-files.txt 2011-04-07 15:02

.

Pre-Run: 471,918,006,272 bytes free

Post-Run: 471,474,327,552 bytes free

.

- - End Of File - - B837B409C8E8C9489DF3DEC5D11BDDB4

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 10:13:36, on 2011-4-7

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\explorer.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} -

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}SwCtl.SwCtl.11 - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Application Updater (Application Updater) - Unknown - C:\Program Files\Application Updater\ApplicationUpdater.exe