0

hello,
i've had this problem for over a week now, and i tried numerous fixes (virus scan, delete temp folder, reset router and modem...) but i can't seem to fix it, help me!

so about a week ago, for some reason my internet stopped working, it's quite weird.
for every connection, it works about 3 seconds and then cuts off, so i can't even watch a youtube movie without having to change the resolution about 5 times..

my virus scan didn't find any virusses (macafee) and i tried connecting to other networks but that didn't work. all other computers that are connected to the same network are doing just fine though.

i am seriously thinking of just re-installing windows but i'm wondering if there isn't any better solution to the problem.

i'm willing to do just about anything to solve the problem because i just made a backup of all my impotant documents and programs.


i also did a full scan thing using hijack this!, and this is the log file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:48:41, on 19-11-2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\steam\Steam.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
C:\Users\Cas\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\PROGRA~1\Raptr\raptr.exe
C:\PROGRA~1\Raptr\raptr_im.exe
C:\Users\Cas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Users\Cas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Cas\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111111154957.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"                                                                                                                                                                                                               
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~1\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun                                                                                                                                                                                            
O4 - HKCU\..\Run: [Steam] "C:\Program Files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Cas\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Camera Monitor SD.lnk = ?
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Cas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: Yet Another Media Meta Manager (YammmSvc) - Mikinho - C:\Program Files\Yammm\YammmSvc.exe

--
End of file - 12648 bytes
2
Contributors
27
Replies
32
Views
5 Years
Discussion Span
Last Post by jholland1964
Featured Replies
  • Anything else? Those trial versions are only temporary and good for a short time I believe, not illegal unless you illegally upgrade to the paid versions without paying for them. How many other programs are on there that are not paid for but should have been? Nearly every infected file … Read More

0

well GMER is still busy doing the full scan (has been working for about 50 hours now..) but here are all the other logs so far, maybe you can already do something with this.

one other thing, i can't seem to download dds by subs :\

GMER One

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-20 09:09:02
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6400AACS-00G8B1 rev.05.04C05
Running: gg1yuc6j.exe; Driver: C:\Users\Cas\AppData\Local\Temp\ugdoyfob.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwMapViewOfSection [0x8BE4D498]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwTerminateProcess [0x8BE4D4C2]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwUnmapViewOfSection [0x8BE4D4AE]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwYieldExecution [0x8BE4D484]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  NtMapViewOfSection

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                      mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice  \FileSystem\fastfat \Fat                                                    fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                    mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

malwarebyte's anti-malware

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8198

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22-11-2011 17:28:03
mbam-log-2011-11-22 (17-28-03).txt

Scan type: Full scan (C:\|)
Objects scanned: 767404
Time elapsed: 10 hour(s), 37 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Cas\Desktop\unused\keygen\sony vegas  10 keygen + patch\Keygen.exe (RiskWare.Tool.CK) -> Not selected for removal.
c:\Users\Cas\Desktop\unused\keygen\vegas 9 free\Keygen2.exe (Trojan.Agent.CK) -> Not selected for removal.
c:\Windows.old\Users\Cas\downloads\portable adobe photoshop cs4 v11.0 (full)\photoshop cs4 v11.0\Data\Native\STUBEXE\@SYSTEM@\Rundll32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Cas\downloads\portable adobe photoshop cs4 v11.0 (full)\photoshop cs4 v11.0\Data\Virtual\STUBEXE\@programfiles@\Adobe\photoshop cs4\photoshop.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Cas\downloads\propellerhead reason 4\crack\KEYGEN.EXE (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Windows.old\Users\Cas\Desktop\keygen\vegas 9 free\Keygen2.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\Windows.old\Users\remote\AppData\Local\Temp\333E.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
c:\Windows.old\Windows\System32\ichssrxm.dll (Trojan.Boaxxe) -> Quarantined and deleted successfully.
c:\Windows.old\Windows\Setup\SCRIPTS\Loader.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
c:\confin.sys (Malware.Trace) -> Quarantined and deleted successfully.

hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:48:41, on 19-11-2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\steam\Steam.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
C:\Users\Cas\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\PROGRA~1\Raptr\raptr.exe
C:\PROGRA~1\Raptr\raptr_im.exe
C:\Users\Cas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Users\Cas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Cas\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111111154957.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"                                                                                                                                                                                                               
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~1\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun                                                                                                                                                                                            
O4 - HKCU\..\Run: [Steam] "C:\Program Files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Cas\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Camera Monitor SD.lnk = ?
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Cas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: Yet Another Media Meta Manager (YammmSvc) - Mikinho - C:\Program Files\Yammm\YammmSvc.exe

--
End of file - 12648 bytes
0

Stop the GMER scan it should never take 50 hours.

If you refuse to remove these two items found by MBA-M then we cannot go forward.

c:\Users\Cas\Desktop\unused\keygen\sony vegas 10 keygen + patch\Keygen.exe (RiskWare.Tool.CK) -> Not selected for removal.
c:\Users\Cas\Desktop\unused\keygen\vegas 9 free\Keygen2.exe (Trojan.Agent.CK) -> Not selected for removal.
besides being listed as extremely dangerous, these are illegal password and or license key generators, meaning to me anyway that you are running pirated copies of various paid progtams, at least Sony Vegas 9 and 10. Both of these are paid programs and by using a keygen to generate the license key shows you are using them illegally.

This is the number one rule listed here which includes the lines listed below:

[B]Keep It Legal
[/B]
Do not ask about obtaining pirated software, nor link to it
[B]Do not ask for help to pursue any illegal activity[/B] including, but not limited to, hacking and spamming
Do not pursue any illegal activity within forum posts

This includes requesting assistance in the removal of infections contained in or likely brought in by the use of illegally obtained programs.

If you do want assistance you will Uninstall each and every illegally obtained program on the computer and the keygens used to generate any and all of them. Otherwise this thread will not go further.

Edited by jholland1964: n/a

0

if i click the dds link in the post posted earlier in this thread, i just get a blank page and nothing happens, the url in the url bar shows this: about:blank

i think the MBA-M log is the second one, (malabyte's anti-malware).

and for the GMER, i should scan my C:\ drive (windows installed on this one) and everything except sections and IAT/EAT right?

0

if i click the dds link in the post posted earlier in this thread, i just get a blank page and nothing happens, the url in the url bar shows this: about:blank

i think the MBA-M log is the second one, (malabyte's anti-malware).

and for the GMER, i should scan my C:\ drive (windows installed on this one) and everything except sections and IAT/EAT right?

Just stop the GMER scan.

You must have a pop up blocker enabled on the browser. The DDS link given is a direct link for the executable which should pop up on your computer and ask you where to save it.

Here is a link to the download page itself. Turn off any pop up blockers

http://www.bleepingcomputer.com/download/anti-virus/dds

0

i deleted the keygens.

i actually don't have any illegal versions of the softwares because the keygens didn't work. i was just too lazy to remove them :\

0

Just stop the GMER scan.

You must have a pop up blocker enabled on the browser. The DDS link given is a direct link for the executable which should pop up on your computer and ask you where to save it.

Here is a link to the download page itself. Turn off any pop up blockers

http://www.bleepingcomputer.com/download/anti-virus/dds

i still can't download it. i tried in chrome, firefox and IE.. (all popup blockers disabled) but it doesn't work :(

0

i got DDS to work, downloaded it on my sister's laptop and then put it on a USB stick. running it now.

0

here are the two dds logfiles

dds.txt

DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.7600.16385
Run by Cas at 18:14:35 on 2011-11-22
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.31.1043.18.3071.1825 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yammm\YammmSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\Cas\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Cas\Desktop\gg1yuc6j.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Cas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Cas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111111154957.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {87775fdb-6972-41f9-ae51-8326e38cb206} - No File
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [Raptr] c:\progra~1\raptr\raptrstub.exe --startup
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun                                                                                                                                                                                            
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"                                                                                                                                                                                                               
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\cas\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\cas\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\camera~1.lnk - c:\program files\pixela\everio mediabrowser\MBCameraMonitor.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Verzenden naar OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\cas\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\cas\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
TCP: Interfaces\{02DD543C-F7C4-4673-BBDD-4418C7ACE083} : DhcpNameServer = 213.46.228.196 62.179.104.196
TCP: Interfaces\{02DD543C-F7C4-4673-BBDD-4418C7ACE083}\E4750486F6D656 : DhcpNameServer = 213.46.228.196 62.179.104.196
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
IFEO: backitup.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: connectify.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: fufaxcnt.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: installiqupdater.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: neroburnrights.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cas\appdata\roaming\mozilla\firefox\profiles\h88p3zti.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/|[url]http://www.youtube.com/[/url]
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\cas\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\cas\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\cas\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\cas\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-2-14 464176]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-2-14 64880]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-2-14 165680]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2011-2-13 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-9-3 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-9-3 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-9-3 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-14 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-14 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-14 150856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-4-7 378472]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
R2 YammmSvc;Yet Another Media Meta Manager;c:\program files\yammm\YammmSvc.exe [2010-8-3 14336]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-14 57600]
R3 connctfyMP;connctfyMP;c:\windows\system32\drivers\connctfy.sys [2011-3-7 29248]
R3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [2010-6-3 13112]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-9-14 180816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-2-14 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-14 338176]
R3 netr28u;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-4-24 139368]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-4-24 2218600]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 connctfy;Connectify Service;c:\windows\system32\drivers\connctfy.sys [2011-3-7 29248]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2011-4-17 130976]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-14 87656]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-13 1343400]
S4 Connectify;Connectify;c:\program files\connectify\Connectifyd.exe [2011-3-9 892992]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-11-22 16:54:49	--------	d-----w-	c:\users\cas\appdata\local\Apple Computer
2011-11-22 14:46:43	--------	d-----w-	c:\users\cas\appdata\local\Adobe
2011-11-21 18:51:57	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-11-21 18:51:57	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-11-21 18:51:57	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-11-21 18:51:57	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-11-21 18:51:57	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-11-21 18:51:57	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-11-21 18:51:57	159744	----a-w-	c:\program files\internet explorer\plugins\npqtplugin.dll
2011-11-21 18:44:27	--------	d-----w-	c:\program files\iPod
2011-11-20 19:57:31	100864	----a-w-	C:\ugdoyfob.sys
2011-11-20 08:12:47	--------	d-----w-	c:\users\cas\appdata\roaming\Malwarebytes
2011-11-20 08:12:39	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-20 08:12:36	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-20 08:12:36	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-11-14 18:23:16	--------	dc----w-	c:\programdata\{27B0A538-DF16-44D6-820D-D0B042C42C20}
2011-11-14 18:22:58	--------	d-----w-	c:\users\cas\appdata\local\PackageAware
2011-11-13 19:25:12	--------	d-----w-	c:\users\cas\appdata\roaming\SmartDraw
2011-11-13 19:23:21	--------	d-----w-	c:\program files\SmartDraw 2012
2011-11-13 16:09:50	--------	d-----w-	c:\programdata\Uniblue
2011-11-13 16:04:36	--------	d-----w-	c:\users\cas\appdata\roaming\Uniblue
2011-11-09 07:06:11	1285488	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 07:06:02	708608	----a-w-	c:\program files\common files\system\wab32.dll
2011-11-09 07:05:59	2339840	----a-w-	c:\windows\system32\win32k.sys
2011-11-06 13:50:21	1892184	----a-w-	c:\windows\system32\D3DX9_42.dll
2011-11-06 13:50:20	81768	----a-w-	c:\windows\system32\xinput1_3.dll
2011-11-06 11:45:08	28760	----a-w-	c:\program files\mozilla firefox\ScriptFF.dll
2011-11-05 11:40:59	19416	----a-w-	c:\program files\mozilla firefox\AccessibleMarshal.dll
2011-11-02 15:00:51	--------	d-----w-	C:\PFiles
2011-10-26 17:42:25	--------	d-----w-	c:\users\cas\gtaivxlive
2011-10-26 06:12:58	6144	----a-w-	c:\program files\internet explorer\iecompat.dll
2011-10-25 16:47:45	14744	----a-w-	c:\users\cas\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2011-10-25 16:46:01	--------	d-sh--w-	c:\programdata\SecuROM
2011-10-25 16:43:45	--------	d-----w-	c:\users\cas\appdata\local\Rockstar Games
2011-10-24 13:29:02	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29:02	69632	----a-w-	c:\windows\system32\QuickTime.qts
.
==================== Find3M  ====================
.
2011-10-25 16:43:29	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2011-10-23 15:45:11	134072	----a-w-	c:\windows\ColorPic Uninstaller.exe
2011-10-18 13:32:30	150856	----a-w-	c:\windows\system32\mfevtps.exe
2011-10-15 12:16:16	9608	----a-w-	c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 12:16:16	87656	----a-w-	c:\windows\system32\drivers\mferkdet.sys
2011-10-15 12:16:16	64880	----a-w-	c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 12:16:16	59456	----a-w-	c:\windows\system32\drivers\mfebopk.sys
2011-10-15 12:16:16	57600	----a-w-	c:\windows\system32\drivers\cfwids.sys
2011-10-15 12:16:16	464176	----a-w-	c:\windows\system32\drivers\mfehidk.sys
2011-10-15 12:16:16	338176	----a-w-	c:\windows\system32\drivers\mfefirek.sys
2011-10-15 12:16:16	180816	----a-w-	c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 12:16:16	165680	----a-w-	c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 12:16:16	121256	----a-w-	c:\windows\system32\drivers\mfeapfk.sys
2011-10-14 17:10:20	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 04:06:03	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-10-01 02:59:14	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-09-28 16:45:42	15453832	----a-w-	c:\windows\system32\xlive.dll
2011-09-28 16:45:42	13642888	----a-w-	c:\windows\system32\xlivefnt.dll
2011-08-30 21:05:04	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-08-30 21:05:04	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-08-30 21:05:04	50536	----a-w-	c:\windows\system32\jdns_sd.dll
2011-08-30 21:05:04	178536	----a-w-	c:\windows\system32\dnssdX.dll
2011-08-27 04:43:07	571904	----a-w-	c:\windows\system32\oleaut32.dll
2011-08-27 04:43:06	233472	----a-w-	c:\windows\system32\oleacc.dll
.
============= FINISH: 18:16:33,56 ===============

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 13-2-2011 13:02:24
System Uptime: 22-11-2011 17:59:54 (1 hours ago)
.
Motherboard: MEDIONPC |  | MS-7366
Processor: Intel(R) Core(TM)2 Quad CPU    Q8300  @ 2.50GHz | CPU 1 | 2499/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 152,457 GiB free.
D: is FIXED (FAT32) - 15 GiB total, 1,192 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
J: is CDROM ()
L: is FIXED (FAT32) - 931 GiB total, 719,455 GiB free.
Z: is NetworkDisk (FAT) - 0 GiB total, 0 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Flash HS-MS/SD
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_FLASH_HS-MS#SD&REV_5.42#000026022601&1#
Manufacturer: Generic 
Name: G:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_FLASH_HS-MS#SD&REV_5.42#000026022601&1#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Flash HS-SM
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_FLASH_HS-SM&REV_5.42#000026022601&2#
Manufacturer: Generic 
Name: H:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_FLASH_HS-SM&REV_5.42#000026022601&2#
Service: WUDFRd
.
Class GUID: 
Description: Coprocessor
Device ID: PCI\VEN_10DE&DEV_07DA&SUBSYS_736B1462&REV_A2\3&267A616A&0&1B
Manufacturer: 
Name: Coprocessor
PNP Device ID: PCI\VEN_10DE&DEV_07DA&SUBSYS_736B1462&REV_A2\3&267A616A&0&1B
Service: 
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Flash HS-CF
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_FLASH_HS-CF&REV_5.42#000026022601&0#
Manufacturer: Generic 
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_FLASH_HS-CF&REV_5.42#000026022601&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP224: 19-11-2011 10:22:32 - Gepland controlepunt
RP225: 20-11-2011 19:00:28 - Windows Back-up
RP226: 21-11-2011 15:10:18 - Windows Back-up
.
==== Image File Execution Options =============
.
IFEO: backitup.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: connectify.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: fufaxcnt.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: installiqupdater.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: neroburnrights.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: neroscoutoptions.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: neroupgrade.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
IFEO: setupx.exe - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
.
==== Installed Programs ======================
.
7-Zip 4.65
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader X (10.0.1) - Nederlands
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Alien Swarm
Apple Application Support
Apple Mobile Device Support
Apple Software Update
appMobi XDK
µTorrent
Bonjour
ColorPic
Conduit Engine
Connect
Connectify
Crimecraft: BLEEDOUT 
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
Dropbox
EDGE
EPSON-printersoftware
EPSON Copy Utility 3
Epson Easy Photo Print 2
Epson Event Manager
Epson FAX Utility
EPSON PhotoQuicker3.5
EPSON PRINT Image Framer Tool2.1
Epson Printer Software Downloader
EPSON Scan
EPSON Smart Panel
Epson Stylus Office BX610FW_Office TX610FW_SX610FW Handboek
EPSON SX610FW Series Printer Uninstall
EPSON Web-To-Page
EpsonNet Print
EpsonNet Setup
ESCX3600 Gebruikershandleiding
ESCX3600 Softwarehandleiding
Everio MediaBrowser
Fraps (remove only)
Free Audio CD Burner version 1.4.7
Free Studio version 5.0.5
Free YouTube to MP3 Converter version 3.9.35.324
Frozen Synapse
Futuremark SystemInfo
GamersFirst LIVE!
Garry's Mod
GCFScape 1.8.2
GMail Drive Shell Extension
Google Chrome
Google Talk Plugin
Grand Theft Auto IV
Hema Fotoalbum
iCloud
InstallIQ Updater
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
kuler
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee AntiVirus Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended NLD Language Pack
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
MobileMe Control Panel
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero BackItUp 2 Essentials
neroxml
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 270.61
NVIDIA 3D Vision Driver 270.61
NVIDIA Control Panel 270.61
NVIDIA Graphics Driver 270.61
NVIDIA HD Audio Driver 1.2.22.1
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.1.34
NVIDIA Update Components
Orcs Must Die!
Pando Media Booster
Photoshop Camera Raw
PIF DESIGNER2.1
Portal
Portal 2
Portal 2 Authoring Tools - Beta
PowerISO
PunkBuster Services
QuickTime
RAD Video Tools
Raptr
RollerCoaster Tycoon 3
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Shadowgrounds
Shadowgrounds Editor
Shadowgrounds: Survivor
Skype™ 5.5
SlimDX Redistributable (June 2010)
Source SDK
Source SDK Base 2006
Source SDK Base 2007
SpaceChem
Spiral Knights
StarCraft II
Steam
Suite Shared Configuration CS4
System Requirements Lab CYRI
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
Team Fortress 2
TeamSpeak 3 Client
Terraria
TRAUMA
Trine
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Uninstall 1.0.0.1
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
USB PC Camera Plus
VC80CRTRedist - 8.0.50727.4053
Vegas Pro 10.0
Video Screensaver 1.0
VLC media player 1.1.9
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Xfire (remove only)
Yammm
.
==== Event Viewer Messages From Past Week ========
.
22-11-2011 18:05:31, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: account logon time restriction violation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
22-11-2011 18:05:31, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
22-11-2011 18:02:36, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
22-11-2011 18:01:04, Error: Service Control Manager [7000]  - The Peer Networking Grouping service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.
22-11-2011 18:00:49, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000024 (0x001904fb, 0xc15cf880, 0xc15cf460, 0x8c0a3777). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112211-53196-01.
21-11-2011 19:41:04, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
21-11-2011 19:39:34, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
21-11-2011 19:39:04, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
21-11-2011 19:36:06, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Service opnieuw starten) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error:  An instance of the service is already running.
21-11-2011 19:35:06, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Service opnieuw starten.
21-11-2011 19:34:24, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Service opnieuw starten.
21-11-2011 15:20:31, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR10.
21-11-2011 14:57:26, Error: Service Control Manager [7031]  - The McAfee McShield service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Service opnieuw starten.
21-11-2011 14:55:23, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
20-11-2011 21:01:31, Error: Microsoft-Windows-WER-SystemErrorReporting [1005]  - Unable to produce a minidump file from the full dump file.
20-11-2011 21:01:31, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007f (0x00000008, 0x8df39750, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
20-11-2011 20:51:06, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TuneUp.UtilitiesSvc service.
19-11-2011 9:57:54, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x00000003, 0x88542030, 0x83b73ae0, 0x8663a580). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111911-16848-01.
18-11-2011 15:37:34, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Scanner service to connect.
18-11-2011 15:37:34, Error: Service Control Manager [7000]  - The McAfee Scanner service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
18-11-2011 15:37:34, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service MCODS with arguments "" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
17-11-2011 20:32:23, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
17-11-2011 20:31:01, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
17-11-2011 20:27:11, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
17-11-2011 20:27:11, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
17-11-2011 20:27:10, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
17-11-2011 20:27:03, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
17-11-2011 20:26:59, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache SCDEmu spldr Wanarpv6
17-11-2011 20:16:49, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x00000003, 0x868c1030, 0x83b5eae0, 0x878f5da0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111711-20170-01.
17-11-2011 0:47:00, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
16-11-2011 17:36:22, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} as /. The error: "740" Happened while starting this command: "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" -Embedding
16-11-2011 14:55:26, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} as /. The error: "740" Happened while starting this command: "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" -Embedding
15-11-2011 16:11:40, Error: Service Control Manager [7001]  - The PNRP Machine Name Publication Service service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
15-11-2011 16:11:33, Error: Service Control Manager [7001]  - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
15-11-2011 16:10:29, Error: Service Control Manager [7030]  - The Peer Networking Grouping service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
15-11-2011 14:56:15, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error Access is denied..
.
==== End Of File ===========================

Edited by cascer1: quote tag fail

0

You may have uninstall the keygens but you did not uninstall the program, it still shows in the log
Vegas Pro 10.0

This is one program you attempted to install illegally, how many others do you have on there?

0

You may have uninstall the keygens but you did not uninstall the program, it still shows in the log
Vegas Pro 10.0

This is one program you attempted to install illegally, how many others do you have on there?

I only tried vegas illegal, but didnt work so i just use the trial version. I did install the adobe cs5 keygen but i never actually downloaded the program because my pc cant run it.

1

Anything else? Those trial versions are only temporary and good for a short time I believe, not illegal unless you illegally upgrade to the paid versions without paying for them.
How many other programs are on there that are not paid for but should have been?
Nearly every infected file found by MBA-M was on there because of the use of a keygen, possibly all of them since that is one of the easiest ways to get an infection, illegal use of what are supposed to be paid programs. Obviously those two are not the only ones on the system. There are four different PAID programs listed with infected files from the MBA-M log, with keygen related infections.All serious trojans.

sony vegas 10
vegas 9
adobe photoshop cs4 v11.0
propellerhead reason 4
Approximate value of all of the above in the U.S. is around $1000.00

I am possibly also questioning the legality of your system based on these notations in the log

c:\Windows.old\

Do you have another Windows operating system installed someplace?

At least one of the items found by MBA-M was the Boaxxe Trojan it installs other malicious programs on your computer that disable key security features and then attempt to steal any passwords you use, such as for your banking website. Another of the real "benefits" of trying to steal paid programs...the people who write these illegal cracks get your money anyway. It just goes to them and not the legal owners of the programs you steal. So you pay one way or the other, your system gets corrupted and ruined, your personal information is stolen but what the heck, you got a $500 piece of software for free.You eventually won't be able to use it because your system is so corrupted but have fun trying.

Edited by jholland1964: n/a

0

Vegas pro: tried to use keygen, but didn't work so now using trial,
Photoshop: same
Propellorhead reason: for as far as i know i don't even have this prigram installed on my pc.

For the c:\ i had windows vista before but included with my system was a coupon for a cheap upgrade to windows 7. And i never realy had the need to transfer all my files from the windows.old folder to the updated folders.

But i can assure you that for as far as i know all software on my system is aqquired completely legal.

0

I will take your word for this, however be aware, that if you have not been forthcoming with this and there are other cracked programs on there it is possible, even likely that any further fix steps will not work.

Do the following:
Go to the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14

* You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

Post back with that log.

0

so here is the scanlog of the eset online scanner.

log.txt

C:\Users\Cas\Videos\hele films\Bridesmaids (2011)\Bridesmaids (2011).avi	a variant of WMA/TrojanDownloader.GetCodec.gen trojan	unable to clean
C:\Windows.old\Documents and Settings\All Users\Application Data\Documenten\Server\hlp.dat	Win32/Bamital.EK trojan	cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Cas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\40d74897-7ffd63e9	probably a variant of Java/TrojanDownloader.Agent.AB trojan	cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Cas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\30503b65-7088f619	probably a variant of Java/TrojanDownloader.Agent.AB trojan	deleted - quarantined
C:\Windows.old\Documents and Settings\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\0uvh8ypp.default\extensions\{bbccc1f4-9f1e-47f3-8499-d751fe9d08a0}\chrome.manifest	Win32/TrojanDownloader.Tracur.F trojan	cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Cas\AppData\Roaming\Mozilla\Firefox\Profiles\0uvh8ypp.default\extensions\{bbccc1f4-9f1e-47f3-8499-d751fe9d08a0}\chrome\xulcache.jar	JS/Agent.NCP trojan	deleted - quarantined
C:\Windows.old\Program Files\Jumi\jumi.exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul	Win32/Dursg.C trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                                   .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                                  .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                                 .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                                .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                               .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                              .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                             .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                            .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                           .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                          .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                         .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                        .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                       .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                      .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                     .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                    .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                   .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                  .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                 .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask                .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask               .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask              .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask             .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask            .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask           .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask          .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask         .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask        .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask       .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask      .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask     .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask    .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask   .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask  .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Program Files\QuickTime\QTTask .exe	a variant of Win32/Kryptik.HVJ trojan	cleaned by deleting - quarantined
C:\Windows.old\Windows\Installer\b9e5a4.msi	Win32/TrojanDownloader.VB.OIC trojan	deleted - quarantined
C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\799a7c9d-5228de15	multiple threats	deleted - quarantined
C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\2d344264-6b2f9905	multiple threats	deleted - quarantined
C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\7a07332e-7d63945e	multiple threats	deleted - quarantined
C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\643391c8-763d61c7	multiple threats	deleted - quarantined
C:\Windows.old\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\58413909-3b7639af	multiple threats	deleted - quarantined

also, i'm running the GMER scan one more time, started it yesterday around 5pm and it's still going, it's now 3pm here. should this be happening?

and the QTTast.exe thing that keeps getting spaces under it was something i noticed when still using vista, and my virus scanner said it had been deleted, but apperantly it hasn't.

0

GMER should not be taking that long. Stop it. Are you actually posting from the infected computer or are you using a different computer? When doing any type of scan nothing else should be done. Are you using the computer for other things while attempting to clean?

Edited by jholland1964: n/a

0

GMER should not be taking that long. Stop it. Are you actually posting from the infected computer or are you using a different computer? When doing any type of scan nothing else should be done. Are you using the computer for other things while attempting to clean?

i am posting the regular posts from my phone but i do copy-paste the log files.

0

Ok, just wanted to be sure. Take a look at where most of those files found by ESET were located,

C:\Windows.old\Program Files\

This says that the upgrade from Vista to Windows 7 was done without first making absolutely certain that the computer was 100% clean and free of infection and it obviously was not clean. It also is very likely that the Vista operating system itself was not fully up to date before doing the upgrade to Windows 7, that is a must also. Those are the first two steps that must always be done when doing anything major on the computer, whether installing new Windows updates and service packs or upgrading the computer to a new operating system.

Some of these infections are very old infections, discovered back at least in 2008 or 2009 and all had removal and prevention steps almost immediately released at that time, but those obviously were not used before the upgrade was done because if they had been then there would have been no infected files in that Window.old folder. Most anti-virus and security programs today either prevent them entirely or at least scan for these and remove them. Most are rarely seen today, except in instances like this. There are also many system and program security updates that have been released in the last three years that would even protect against these getting onto the computer in the first place. This tells me that the computer itself was definitely not up to date when the upgrade was done. Upgrading to a new operating system doesn't remove infection, it just installs the upgrade on top of the infections and then they easily allow the upgraded system to also become infected.

I really think that this has become a never ending process. For one thing the McAfee program obviously isn't working because you said it found nothing. There are new infections on there so it isn't offering any protection either. It has been corrupted by one or more of these many infections.

Each and every additional scan done has found severe infections. Each time going farther and farther back in time and I am afraid that no matter how many additional removal programs you run that more and more will be found, a good indication also that there are likely seriously corrupted system files too.

If you look at the previous MBA-M scan it found 2 current infected files and the rest were found in that Windows.old folder. Now this ESET scan has found one current file, a downloaded video, which it was unable to clean, and all of the rest were also in the Windows.old folder.

You said in your original post that you were seriously thinking about reinstalling the operating system and this is now my recommendation. Not just a repair install, but a full reformat of ALL drives to be sure they all are completely wiped and 100% clean.

Because this is an upgraded version of Windows 7 Ultimate this means you will first have to reinstall Vista on the newly reformatted computer. Install all of your drivers and then update the Vista system to TODAY.

Only then should you upgrade to Windows 7 Ultimate. To do that you must first follow the two steps given here

http://windows.microsoft.com/en-US/windows7/help/upgrading-from-windows-vista-to-windows-7

You need to read the entire link and follow the steps EXACTLY.

I would also advise that before doing the upgrade you NOT install any other "outside" things, like printers, scanners, cameras, iPods, etc. Those ALL can wait until the upgrade is complete.

I also would advise that you NOT install any other 3rd party programs, just the Vista Operating system and the files needed to bring it up to TODAY. This would include waiting to install an antivirus program too. This way you will know that nothing is going to interfere with bringing the system 100% up to date.

Then, and only then, do the upgrade to Windows 7 Ultimate and all of it's current Windows updates to also bring it up to TODAY. This should give you what would essentially be considered a brand new computer as it comes from the factory. You then will likely have to get new drivers needed for Windows 7.

AFTER all of that would be when you could install your printer, scanner, etc. and then your programs, starting with a good anti-virus program and bring it completely up to date, followed by any other programs you use. Just like you would if you bought an new computer.

ALL 3rd party programs should be legal programs, no cracked or shared programs, no keygens ever or you will be right back where you began.

I honestly am somewhat leery of your backed up programs and documents and would be very hesitant about putting those back on the new clean computer. Since the computer is so severely infected there is no guarantee that any one of these will not contain infections.

0

so there is no way for me to fix the problem without completely re-installing windows?

0

I truly don't believe so. The original infected files are on that OLD install, new ones have appeared on the new install, telling me the entire computer is very infected. So essentially you have TWO operating system files on there with infections in each.
The GMER running for days is some indication of that. Several hours is what is listed as the longest time, not DAYS and that depends on the computer. Not the 50 hours & 20 hours as both of the runs you have done show...and you had to stop both of them in order to continue. That is nearly 3 days trying to scan with just one program and the scans never could complete, you had to physically stop them.
If you want to try I can give you other tools to use but as I said, the computer files are most likely damaged and running other tools could cause further damage.
As long as you have the Vista operating system disks a reformat/reload would take just a few hours. With all updates applied you could have the computer up and running Vista well by tonight, not several days from now.
You have been working on this well over three days here, that doesn't count the time spent before you came here and posted your question.

0

i am now looking for any files that i will need in the future (school work and such), running them through the malwarebyte's anti-malware and McAfee scans and then zipping them up and putting them on an USB stick, do you think a virus would still be on there after that?

just asking because i don't want to risk my new installation getting corrupted.

0

We KNOW that McAfee is not working so scanning with that is pointless. MBA-M was working but there is no guarantee that it truly still is working well.
Before putting them back onto a clean computer they most definitely should be scanned again with a brand new, fully updated copy of MBA-M and a brand new updated anti-virus program but honestly I cannot guarantee that they won't include infections. If any of these saved files are videos, music or games I would NOT back them up, I would get rid of them.
Neither of those programs should be kept for the new install. You will need to install brand new copies of each. They shouldn't be carried over to the new install.

Edited by jholland1964: n/a

0

these files are all either word documents or pdf files, and i will scan them using the new MBA-M as soon as my system upgrade is complete, i am now already formatting my hard drive.

0

Those types of files should be ok, but be sure to scan them first before putting them onto the newly formatted computer.

As I said, totally reformat the drives, wipe them clean. Then install Vista and all of your drivers. Of course if you have a router and modem those will have to be hooked up also so you can get online.Do that after the system reinstall. Then go online and thoroughly update the system with all Windows updates. Then you can go forward with the upgrade. Once that is done and fully updated then begin just as you would with a brand new computer installing everything else. Begin with the security programs, including the built in Windows 7 firewall. It is excellent.

If you have any further questions about all this just post right back here and I will try to find the answers for you if I don't know them.

Edited by jholland1964: n/a

0

ok, thanks!

i'll just keep the thread in the status unsolved until i'm completely done :)

thanks a lot for your help.

0

I am sorry we couldn't do it with just cleaning procedures but I do believe you will be much happier doing it this way...essentially you should end up with a new computer!

And, in the long run, it will be much faster than trying to find every little bit of infection.

Edited by jholland1964: n/a

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.