Laptop suffers from blue screen crashes and browser reroutes on occasion. Below are the required posts, please help asap. Thanks in advance.
Sysinfo
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz, x64 Family 6 Model 15 Stepping 6
Processor Count: 2
RAM: 2046 Mb
Graphics Card: NVIDIA Quadro NVS 110M, 64 Mb
Hard Drives: C: Total - 76216 MB, Free - 7819 MB;
Motherboard: Dell Inc.,
Antivirus: None
Hijack This
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:27:13 PM, on 10/19/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE
C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\IObit\Advanced SystemCare 4\free-software-downloader.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\user\Downloads\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: blekko search bar - {1be04434-6b9f-48c8-8675-94c640d5b293} - C:\Program Files\blekkotb_sa5\blekkotb_019X.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: blekko search bar - {1be04434-6b9f-48c8-8675-94c640d5b293} - C:\Program Files\blekkotb_sa5\blekkotb_019X.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [T-Mobile webConnect Manager] "C:\Program Files\T-Mobile\webConnect Manager\TMobileCM.exe" -a
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\user\AppData\Local\Akamai\netsession_win.exe"
O4 - Startup: Dropbox.lnk = user\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Fantapper - {AB745E88-1BAD-4B80-A83E-7C964EAC9804} - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{41B14D91-DA84-44E4-9C61-05AF25EC2834}: NameServer = 10.177.0.34 10.168.187.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FADE04F-3F10-4A97-B1E0-69DD80102ECE}: NameServer = 10.177.0.34 10.161.171.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD0A4693-C8DF-4B0E-B032-064D5C98FA51}: NameServer = 10.177.0.34 10.164.103.44
O17 - HKLM\System\CCS\Services\Tcpip\..\{E713BB66-CB1D-40BD-B561-3514CFAD31E2}: NameServer = 10.177.0.34 10.168.187.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{E894B967-EB02-4129-9133-C36FABC135A7}: NameServer = 10.177.0.34 10.168.187.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA66B9C7-50E8-4819-83D0-F3F7B3CC6EA2}: NameServer = 10.177.0.34 10.163.103.140
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Veoh Giraffic Video Accelerator (Giraffic) - Unknown owner - C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: lxci_device - - C:\Windows\system32\lxcicoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
--
End of file - 8215 bytes
DDS
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_18
Run by user at 18:31:17 on 2012-10-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2046.959 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files\Giraffic\Veoh_Giraffic.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE
C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\IObit\Advanced SystemCare 4\free-software-downloader.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\chcp.com
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\user\Downloads\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uProxyOverride = <local>
uURLSearchHooks: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: blekko search bar: {1be04434-6b9f-48c8-8675-94c640d5b293} - c:\program files\blekkotb_sa5\blekkotb_019X.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin .dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: blekko search bar: {1be04434-6b9f-48c8-8675-94c640d5b293} - c:\program files\blekkotb_sa5\blekkotb_019X.dll
EB: {32004B8A-44A9-43E7-84E9-808838809519} - <orphaned>
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Akamai NetSession Interface] "c:\users\user\appdata\local\akamai\netsession_win.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [nwiz] nwiz.exe /install
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [T-Mobile webConnect Manager] "c:\program files\t-mobile\webconnect manager\TMobileCM.exe" -a
mRun: [LXCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCItime.dll,_RunDLLEntry@16
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dr opbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\on enot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: NameServer = 192.168.5.1
TCP: Interfaces\{41B14D91-DA84-44E4-9C61-05AF25EC2834} : NameServer = 10.177.0.34 10.168.187.116
TCP: Interfaces\{8FADE04F-3F10-4A97-B1E0-69DD80102ECE} : NameServer = 10.177.0.34 10.161.171.220
TCP: Interfaces\{A3E094C8-2135-46A1-A7D5-F00E394CB70B} : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{A3E094C8-2135-46A1-A7D5-F00E394CB70B}\742716E646461646469737 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A3E094C8-2135-46A1-A7D5-F00E394CB70B}\75169707F62747F5143636563737 : DHCPNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{A3E094C8-2135-46A1-A7D5-F00E394CB70B}\94E6458656451627469637D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
TCP: Interfaces\{A3E094C8-2135-46A1-A7D5-F00E394CB70B}\C696E6B6379737 : DHCPNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{AD0A4693-C8DF-4B0E-B032-064D5C98FA51} : NameServer = 10.177.0.34 10.164.103.44
TCP: Interfaces\{E713BB66-CB1D-40BD-B561-3514CFAD31E2} : NameServer = 10.177.0.34 10.168.187.116
TCP: Interfaces\{E894B967-EB02-4129-9133-C36FABC135A7} : NameServer = 10.177.0.34 10.168.187.116
TCP: Interfaces\{EEB46195-4042-448B-BAE3-87990FA862F4} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{EEB46195-4042-448B-BAE3-87990FA862F4}\444434F42505 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{EEB46195-4042-448B-BAE3-87990FA862F4}\76C636963736F6 : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{EEB46195-4042-448B-BAE3-87990FA862F4}\8686F6E6F62737 : DHCPNameServer = 12.127.16.67 12.127.17.71
TCP: Interfaces\{EEB46195-4042-448B-BAE3-87990FA862F4}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FA66B9C7-50E8-4819-83D0-F3F7B3CC6EA2} : NameServer = 10.177.0.34 10.163.103.140
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\yrv21wc5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=f06b8e24&tbp=rbox&toolbarid=blekkotb_sa5&u=46448C307528036C0D314D50 611D7690&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5 videoshim.dll
FF - ExtSQL: 2012-09-24 21:57; {1be04434-6b9f-48c8-8675-94c640d5b293}; c:\users\user\appdata\roaming\mozilla\firefox\profiles\yrv21wc5.default\ext ensions\{1be04434-6b9f-48c8-8675-94c640d5b293}
FF - ExtSQL: !HIDDEN! 1970-01-16 08:50; {D8BA374F-0E93-11E2-8271-B8AC6F996F26}; c:\users\user\appdata\local\{D8BA374F-0E93-11E2-8271-B8AC6F996F26}
.
============= SERVICES / DRIVERS ===============
.
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-9-7 328536]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-9-19 795072]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\giraffic\veoh_girafficwatchdog.exe --service --> c:\program files\giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-9-7 821592]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-7-20 2337144]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2012-5-2 20336]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2012-5-2 30600]
R3 tmobile_mf691_dc_enum;tmobile_mf691_dc_enum;c:\windows\system32\drivers\tmo bile_mf691_dc_enum.sys [2010-4-9 61952]
R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2012-5-2 19792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-16 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2010-7-27 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbe numfilter.sys [2010-3-20 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-8-31 208896]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-16 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2009-10-12 101120]
S3 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2010-10-1 52096]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-16 113120]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-23 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-25 1343400]
.
=============== Created Last 30 ================
.
2012-10-19 23:19:10 -------- d-s---w- C:\ComboFix
2012-10-18 15:57:28 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{43e4ecb0-d186-44a3-bc1e-63c6c90e1af7}\mpengine.dll
2012-10-10 04:59:36 -------- d-----w- C:\e977ec64a0630f290ab1
2012-10-05 02:25:07 -------- d-----w- c:\users\user\appdata\local\{D8BA374F-0E93-11E2-8271-B8AC6F996F26}
2012-10-02 17:46:10 -------- d-----w- c:\program files\IObit Toolbar
2012-10-02 17:46:10 -------- d-----w- c:\program files\common files\Spigot
2012-10-02 17:46:10 -------- d-----w- c:\program files\Application Updater
2012-09-27 23:19:26 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-25 02:57:10 -------- d-----w- c:\programdata\blekko toolbars
2012-09-25 02:56:55 -------- d-----w- c:\program files\blekkotb_sa5
.
==================== Find3M ====================
.
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll
.
============= FINISH: 18:32:48.70 ===============
Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/24/2011 3:44:47 PM
System Uptime: 10/19/2012 3:25:58 PM (3 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 7.875 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl8af05910
Device ID: ROOT\LEGACY_MPKSL8AF05910\0000
Manufacturer:
Name: MpKsl8af05910
PNP Device ID: ROOT\LEGACY_MPKSL8AF05910\0000
Service: MpKsl8af05910
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl6230c1b4
Device ID: ROOT\LEGACY_MPKSL6230C1B4\0000
Manufacturer:
Name: MpKsl6230c1b4
PNP Device ID: ROOT\LEGACY_MPKSL6230C1B4\0000
Service: MpKsl6230c1b4
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl278c5822
Device ID: ROOT\LEGACY_MPKSL278C5822\0000
Manufacturer:
Name: MpKsl278c5822
PNP Device ID: ROOT\LEGACY_MPKSL278C5822\0000
Service: MpKsl278c5822
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslb608cb66
Device ID: ROOT\LEGACY_MPKSLB608CB66\0000
Manufacturer:
Name: MpKslb608cb66
PNP Device ID: ROOT\LEGACY_MPKSLB608CB66\0000
Service: MpKslb608cb66
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl8e0e3580
Device ID: ROOT\LEGACY_MPKSL8E0E3580\0000
Manufacturer:
Name: MpKsl8e0e3580
PNP Device ID: ROOT\LEGACY_MPKSL8E0E3580\0000
Service: MpKsl8e0e3580
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl65b2014f
Device ID: ROOT\LEGACY_MPKSL65B2014F\0000
Manufacturer:
Name: MpKsl65b2014f
PNP Device ID: ROOT\LEGACY_MPKSL65B2014F\0000
Service: MpKsl65b2014f
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslb8f042af
Device ID: ROOT\LEGACY_MPKSLB8F042AF\0000
Manufacturer:
Name: MpKslb8f042af
PNP Device ID: ROOT\LEGACY_MPKSLB8F042AF\0000
Service: MpKslb8f042af
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl91f8235a
Device ID: ROOT\LEGACY_MPKSL91F8235A\0000
Manufacturer:
Name: MpKsl91f8235a
PNP Device ID: ROOT\LEGACY_MPKSL91F8235A\0000
Service: MpKsl91f8235a
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl6a7568e4
Device ID: ROOT\LEGACY_MPKSL6A7568E4\0000
Manufacturer:
Name: MpKsl6a7568e4
PNP Device ID: ROOT\LEGACY_MPKSL6A7568E4\0000
Service: MpKsl6a7568e4
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl0aa7eb25
Device ID: ROOT\LEGACY_MPKSL0AA7EB25\0000
Manufacturer:
Name: MpKsl0aa7eb25
PNP Device ID: ROOT\LEGACY_MPKSL0AA7EB25\0000
Service: MpKsl0aa7eb25
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl9ab998da
Device ID: ROOT\LEGACY_MPKSL9AB998DA\0000
Manufacturer:
Name: MpKsl9ab998da
PNP Device ID: ROOT\LEGACY_MPKSL9AB998DA\0000
Service: MpKsl9ab998da
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl6ccb6fcf
Device ID: ROOT\LEGACY_MPKSL6CCB6FCF\0000
Manufacturer:
Name: MpKsl6ccb6fcf
PNP Device ID: ROOT\LEGACY_MPKSL6CCB6FCF\0000
Service: MpKsl6ccb6fcf
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl45a95b12
Device ID: ROOT\LEGACY_MPKSL45A95B12\0000
Manufacturer:
Name: MpKsl45a95b12
PNP Device ID: ROOT\LEGACY_MPKSL45A95B12\0000
Service: MpKsl45a95b12
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl0e72c21e
Device ID: ROOT\LEGACY_MPKSL0E72C21E\0000
Manufacturer:
Name: MpKsl0e72c21e
PNP Device ID: ROOT\LEGACY_MPKSL0E72C21E\0000
Service: MpKsl0e72c21e
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslbc3f31c2
Device ID: ROOT\LEGACY_MPKSLBC3F31C2\0000
Manufacturer:
Name: MpKslbc3f31c2
PNP Device ID: ROOT\LEGACY_MPKSLBC3F31C2\0000
Service: MpKslbc3f31c2
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsla15b0daf
Device ID: ROOT\LEGACY_MPKSLA15B0DAF\0000
Manufacturer:
Name: MpKsla15b0daf
PNP Device ID: ROOT\LEGACY_MPKSLA15B0DAF\0000
Service: MpKsla15b0daf
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsla30b832e
Device ID: ROOT\LEGACY_MPKSLA30B832E\0000
Manufacturer:
Name: MpKsla30b832e
PNP Device ID: ROOT\LEGACY_MPKSLA30B832E\0000
Service: MpKsla30b832e
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl777d85bf
Device ID: ROOT\LEGACY_MPKSL777D85BF\0000
Manufacturer:
Name: MpKsl777d85bf
PNP Device ID: ROOT\LEGACY_MPKSL777D85BF\0000
Service: MpKsl777d85bf
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl18d6e658
Device ID: ROOT\LEGACY_MPKSL18D6E658\0000
Manufacturer:
Name: MpKsl18d6e658
PNP Device ID: ROOT\LEGACY_MPKSL18D6E658\0000
Service: MpKsl18d6e658
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsla3621492
Device ID: ROOT\LEGACY_MPKSLA3621492\0000
Manufacturer:
Name: MpKsla3621492
PNP Device ID: ROOT\LEGACY_MPKSLA3621492\0000
Service: MpKsla3621492
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl4a315608
Device ID: ROOT\LEGACY_MPKSL4A315608\0000
Manufacturer:
Name: MpKsl4a315608
PNP Device ID: ROOT\LEGACY_MPKSL4A315608\0000
Service: MpKsl4a315608
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl538c0ce1
Device ID: ROOT\LEGACY_MPKSL538C0CE1\0000
Manufacturer:
Name: MpKsl538c0ce1
PNP Device ID: ROOT\LEGACY_MPKSL538C0CE1\0000
Service: MpKsl538c0ce1
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslc244c597
Device ID: ROOT\LEGACY_MPKSLC244C597\0000
Manufacturer:
Name: MpKslc244c597
PNP Device ID: ROOT\LEGACY_MPKSLC244C597\0000
Service: MpKslc244c597
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl7ec28285
Device ID: ROOT\LEGACY_MPKSL7EC28285\0000
Manufacturer:
Name: MpKsl7ec28285
PNP Device ID: ROOT\LEGACY_MPKSL7EC28285\0000
Service: MpKsl7ec28285
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsld3ad2e72
Device ID: ROOT\LEGACY_MPKSLD3AD2E72\0000
Manufacturer:
Name: MpKsld3ad2e72
PNP Device ID: ROOT\LEGACY_MPKSLD3AD2E72\0000
Service: MpKsld3ad2e72
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl2085cf18
Device ID: ROOT\LEGACY_MPKSL2085CF18\0000
Manufacturer:
Name: MpKsl2085cf18
PNP Device ID: ROOT\LEGACY_MPKSL2085CF18\0000
Service: MpKsl2085cf18
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsld59b470b
Device ID: ROOT\LEGACY_MPKSLD59B470B\0000
Manufacturer:
Name: MpKsld59b470b
PNP Device ID: ROOT\LEGACY_MPKSLD59B470B\0000
Service: MpKsld59b470b
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslda883722
Device ID: ROOT\LEGACY_MPKSLDA883722\0000
Manufacturer:
Name: MpKslda883722
PNP Device ID: ROOT\LEGACY_MPKSLDA883722\0000
Service: MpKslda883722
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslaf993431
Device ID: ROOT\LEGACY_MPKSLAF993431\0000
Manufacturer:
Name: MpKslaf993431
PNP Device ID: ROOT\LEGACY_MPKSLAF993431\0000
Service: MpKslaf993431
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl5e35fcf1
Device ID: ROOT\LEGACY_MPKSL5E35FCF1\0000
Manufacturer:
Name: MpKsl5e35fcf1
PNP Device ID: ROOT\LEGACY_MPKSL5E35FCF1\0000
Service: MpKsl5e35fcf1
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslddab54ce
Device ID: ROOT\LEGACY_MPKSLDDAB54CE\0000
Manufacturer:
Name: MpKslddab54ce
PNP Device ID: ROOT\LEGACY_MPKSLDDAB54CE\0000
Service: MpKslddab54ce
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl248a68a2
Device ID: ROOT\LEGACY_MPKSL248A68A2\0000
Manufacturer:
Name: MpKsl248a68a2
PNP Device ID: ROOT\LEGACY_MPKSL248A68A2\0000
Service: MpKsl248a68a2
.
==== System Restore Points ===================
.
RP323: 10/9/2012 11:56:16 PM - Windows Update
RP324: 10/16/2012 1:39:44 PM - ComboFix created restore point
RP325: 10/16/2012 2:15:45 PM - Windows Update
RP326: 10/18/2012 10:12:07 AM - Restore Operation
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Advanced SystemCare 4
AI Viewer
Akamai NetSession Interface
Amazon Kindle
blekko search bar
Carleton H. Sheets Real Estate ToolKit version 7.2
Conexant HDA D110 MDC V.92 Modem
Driver Manager
Dropbox
Fantapper Player
Fantapper Updater
Google Earth Plug-in
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
IObit Malware Fighter
IObit Toolbar v6.3
Java(TM) 6 Update 18
K-Lite Codec Pack 5.7.0 (Full)
Lexmark 7300 Series
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
neroxml
NVIDIA Drivers
NVIDIA nView Desktop Manager
PDFCreator
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Toolbars
Skype 5.10
SolveigMM AVI Trimmer
T-Mobile webConnect Manager
TeamViewer 6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Veoh Giraffic Video Accelerator
Veoh Web Player
VLC media player 1.1.10
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
10/19/2012 8:28:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
10/19/2012 8:14:10 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
10/19/2012 3:28:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: uksrwji
10/19/2012 3:28:13 PM, Error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The system cannot find the file specified.
10/19/2012 12:26:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
10/18/2012 9:56:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
10/18/2012 9:09:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
10/18/2012 9:09:39 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/18/2012 9:08:44 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
10/18/2012 9:08:44 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
10/18/2012 9:08:44 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
10/18/2012 9:08:42 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
10/18/2012 9:07:42 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
10/18/2012 9:06:43 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2012 9:06:43 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:43 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:43 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2012 9:06:43 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2012 9:06:43 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:43 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2012 9:06:43 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:43 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:42 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2012 9:06:42 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:42 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:42 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:42 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:42 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:42 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:42 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2012 4:13:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer6 service.
10/18/2012 10:48:04 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2012 10:48:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/18/2012 10:48:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/18/2012 10:47:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/18/2012 10:47:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/18/2012 10:47:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/18/2012 10:47:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/18/2012 10:47:25 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx uksrwji VWiFiFlt Wanarpv6 WfpLwf
10/18/2012 10:47:24 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2012 10:47:24 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2012 10:47:24 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2012 10:47:24 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2012 10:47:24 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2012 10:47:24 AM, Error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2012 10:47:17 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2012 10:47:17 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2012 10:47:17 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2012 10:47:17 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2012 10:47:17 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2012 10:05:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
10/18/2012 10:05:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
10/18/2012 10:04:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
10/17/2012 10:23:05 PM, Error: Serial [36] - While validating that \Device\Serial0 was really a serial port, the contents of the divisor latch register was identical to the interrupt enable and the receive registers. The device is assumed not to be a serial port and will be deleted.
10/17/2012 10:11:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
10/16/2012 1:54:13 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/15/2012 5:03:37 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{A3E094C8-2135-46A1-A7D5-F00E394CB70B} because another computer on the network has the same name. The server could not start.
10/15/2012 5:03:37 PM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 192.168.1.106. The computer with the IP address 192.168.1.103 did not allow the name to be claimed by this computer.
10/15/2012 5:03:37 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 192.168.1.106. The computer with the IP address 192.168.1.103 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================
GmrGMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-19 19:03:51
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD800BEVS-00VAT0 rev.11.01A11
Running: hokj3md0.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 832543C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8328DD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F43D340, 0x3EE2B7, 0xE8000020]
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\Users\user\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[944] ntdll.dll!NtWriteFile 77C36A68 5 Bytes JMP 00013D48
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!SetUnhandledExceptionFilter 779BF4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Windows\system32\svchost.exe[944] USER32.dll!GetCursorPos 7780A4B3 5 Bytes JMP 00014672
.text C:\Windows\system32\svchost.exe[944] USER32.dll!GetForegroundWindow 7781335D 5 Bytes JMP 00014743
.text C:\Windows\system32\svchost.exe[944] USER32.dll!IsWindowVisible 77814D69 5 Bytes JMP 00014776
.text C:\Windows\system32\svchost.exe[944] USER32.dll!WindowFromPoint 77836BE9 5 Bytes JMP 000146D3
.text C:\Windows\system32\svchost.exe[944] USER32.dll!MessageBoxIndirectW 7785E963 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
.text C:\Windows\system32\svchost.exe[944] WS2_32.dll!GetAddrInfoW 77D34889 5 Bytes JMP 000145D4
.text C:\Windows\system32\svchost.exe[944] ole32.dll!CoGetClassObject 762054AD 5 Bytes JMP 000148B2
.text C:\Windows\system32\svchost.exe[944] ole32.dll!CoCreateInstance 76219D0B 5 Bytes JMP 000148DC
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2588] kernel32.dll!SetUnhandledExceptionFilter 779BF4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE[5424] kernel32.dll!SetUnhandledExceptionFilter 779BF4FB 5 Bytes JMP 5F2350B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE[5424] ole32.dll!OleLoadFromStream 761D6143 5 Bytes JMP 5FCFE11A C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[8224] USER32.dll!RegisterMessagePumpHook + 2F1 77808B9E 7 Bytes JMP 63C8C453 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[8224] USER32.dll!IsDialogMessageW + 340 77814444 7 Bytes JMP 63C8C3E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[8224] USER32.dll!GetWindowInfo 77814B5E 5 Bytes JMP 63A4BACC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[8224] USER32.dll!ToUnicodeEx + 71 77822223 7 Bytes JMP 63A4C0F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[9400] ntdll.dll!LdrGetProcedureAddress + 26 77C52239 7 Bytes JMP 638CB52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[9400] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 779B93D6 7 Bytes JMP 63B7B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[9400] kernel32.dll!QueryPerformanceCounter + 13 779BC435 7 Bytes JMP 63B7B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[9400] GDI32.dll!GetViewportOrgEx + 26C 7707884B 7 Bytes JMP 63B7B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000006a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e37aee8a1
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 9402
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 27169
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A3E094C 8-2135-46A1-A7D5-F00E394CB70B}@LeaseObtainedTime 1350690187
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A3E094C 8-2135-46A1-A7D5-F00E394CB70B}@T1 1350691987
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A3E094C 8-2135-46A1-A7D5-F00E394CB70B}@T2 1350693337
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A3E094C 8-2135-46A1-A7D5-F00E394CB70B}@LeaseTerminatesTime 1350693787
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e37aee8a1 (not active ControlSet)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- EOF - GMER 1.0.15 ----
Sysinfo
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz, x64 Family 6 Model 15 Stepping 6
Processor Count: 2
RAM: 2046 Mb
Graphics Card: NVIDIA Quadro NVS 110M, 64 Mb
Hard Drives: C: Total - 76216 MB, Free - 7819 MB;
Motherboard: Dell Inc.,
Antivirus: None
Hijack This
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:27:13 PM, on 10/19/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE
C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\IObit\Advanced SystemCare 4\free-software-downloader.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\user\Downloads\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: blekko search bar - {1be04434-6b9f-48c8-8675-94c640d5b293} - C:\Program Files\blekkotb_sa5\blekkotb_019X.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: blekko search bar - {1be04434-6b9f-48c8-8675-94c640d5b293} - C:\Program Files\blekkotb_sa5\blekkotb_019X.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [T-Mobile webConnect Manager] "C:\Program Files\T-Mobile\webConnect Manager\TMobileCM.exe" -a
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\user\AppData\Local\Akamai\netsession_win.exe"
O4 - Startup: Dropbox.lnk = user\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Fantapper - {AB745E88-1BAD-4B80-A83E-7C964EAC9804} - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{41B14D91-DA84-44E4-9C61-05AF25EC2834}: NameServer = 10.177.0.34 10.168.187.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FADE04F-3F10-4A97-B1E0-69DD80102ECE}: NameServer = 10.177.0.34 10.161.171.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD0A4693-C8DF-4B0E-B032-064D5C98FA51}: NameServer = 10.177.0.34 10.164.103.44
O17 - HKLM\System\CCS\Services\Tcpip\..\{E713BB66-CB1D-40BD-B561-3514CFAD31E2}: NameServer = 10.177.0.34 10.168.187.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{E894B967-EB02-4129-9133-C36FABC135A7}: NameServer = 10.177.0.34 10.168.187.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA66B9C7-50E8-4819-83D0-F3F7B3CC6EA2}: NameServer = 10.177.0.34 10.163.103.140
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Veoh Giraffic Video Accelerator (Giraffic) - Unknown owner - C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: lxci_device - - C:\Windows\system32\lxcicoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
--
End of file - 8215 bytes
DDS
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_18
Run by user at 18:31:17 on 2012-10-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2046.959 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files\Giraffic\Veoh_Giraffic.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE
C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\IObit\Advanced SystemCare 4\free-software-downloader.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\chcp.com
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\user\Downloads\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uProxyOverride = <local>
uURLSearchHooks: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: blekko search bar: {1be04434-6b9f-48c8-8675-94c640d5b293} - c:\program files\blekkotb_sa5\blekkotb_019X.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin .dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: blekko search bar: {1be04434-6b9f-48c8-8675-94c640d5b293} - c:\program files\blekkotb_sa5\blekkotb_019X.dll
EB: {32004B8A-44A9-43E7-84E9-808838809519} - <orphaned>
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Akamai NetSession Interface] "c:\users\user\appdata\local\akamai\netsession_win.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [nwiz] nwiz.exe /install
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [T-Mobile webConnect Manager] "c:\program files\t-mobile\webconnect manager\TMobileCM.exe" -a
mRun: [LXCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCItime.dll,_RunDLLEntry@16
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dr opbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\on enot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: NameServer = 192.168.5.1
TCP: Interfaces\{41B14D91-DA84-44E4-9C61-05AF25EC2834} : NameServer = 10.177.0.34 10.168.187.116
TCP: Interfaces\{8FADE04F-3F10-4A97-B1E0-69DD80102ECE} : NameServer = 10.177.0.34 10.161.171.220
TCP: Interfaces\{A3E094C8-2135-46A1-A7D5-F00E394CB70B} : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{A3E094C8-2135-46A1-A7D5-F00E394CB70B}\742716E646461646469737 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A3E094C8-2135-46A1-A7D5-F00E394CB70B}\75169707F62747F5143636563737 : DHCPNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{A3E094C8-2135-46A1-A7D5-F00E394CB70B}\94E6458656451627469637D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
TCP: Interfaces\{A3E094C8-2135-46A1-A7D5-F00E394CB70B}\C696E6B6379737 : DHCPNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{AD0A4693-C8DF-4B0E-B032-064D5C98FA51} : NameServer = 10.177.0.34 10.164.103.44
TCP: Interfaces\{E713BB66-CB1D-40BD-B561-3514CFAD31E2} : NameServer = 10.177.0.34 10.168.187.116
TCP: Interfaces\{E894B967-EB02-4129-9133-C36FABC135A7} : NameServer = 10.177.0.34 10.168.187.116
TCP: Interfaces\{EEB46195-4042-448B-BAE3-87990FA862F4} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{EEB46195-4042-448B-BAE3-87990FA862F4}\444434F42505 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{EEB46195-4042-448B-BAE3-87990FA862F4}\76C636963736F6 : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{EEB46195-4042-448B-BAE3-87990FA862F4}\8686F6E6F62737 : DHCPNameServer = 12.127.16.67 12.127.17.71
TCP: Interfaces\{EEB46195-4042-448B-BAE3-87990FA862F4}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FA66B9C7-50E8-4819-83D0-F3F7B3CC6EA2} : NameServer = 10.177.0.34 10.163.103.140
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\yrv21wc5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=f06b8e24&tbp=rbox&toolbarid=blekkotb_sa5&u=46448C307528036C0D314D50 611D7690&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5 videoshim.dll
FF - ExtSQL: 2012-09-24 21:57; {1be04434-6b9f-48c8-8675-94c640d5b293}; c:\users\user\appdata\roaming\mozilla\firefox\profiles\yrv21wc5.default\ext ensions\{1be04434-6b9f-48c8-8675-94c640d5b293}
FF - ExtSQL: !HIDDEN! 1970-01-16 08:50; {D8BA374F-0E93-11E2-8271-B8AC6F996F26}; c:\users\user\appdata\local\{D8BA374F-0E93-11E2-8271-B8AC6F996F26}
.
============= SERVICES / DRIVERS ===============
.
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-9-7 328536]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-9-19 795072]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\giraffic\veoh_girafficwatchdog.exe --service --> c:\program files\giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-9-7 821592]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-7-20 2337144]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2012-5-2 20336]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2012-5-2 30600]
R3 tmobile_mf691_dc_enum;tmobile_mf691_dc_enum;c:\windows\system32\drivers\tmo bile_mf691_dc_enum.sys [2010-4-9 61952]
R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2012-5-2 19792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-16 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2010-7-27 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbe numfilter.sys [2010-3-20 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-8-31 208896]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-16 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2009-10-12 101120]
S3 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2010-10-1 52096]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-16 113120]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-23 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-25 1343400]
.
=============== Created Last 30 ================
.
2012-10-19 23:19:10 -------- d-s---w- C:\ComboFix
2012-10-18 15:57:28 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{43e4ecb0-d186-44a3-bc1e-63c6c90e1af7}\mpengine.dll
2012-10-10 04:59:36 -------- d-----w- C:\e977ec64a0630f290ab1
2012-10-05 02:25:07 -------- d-----w- c:\users\user\appdata\local\{D8BA374F-0E93-11E2-8271-B8AC6F996F26}
2012-10-02 17:46:10 -------- d-----w- c:\program files\IObit Toolbar
2012-10-02 17:46:10 -------- d-----w- c:\program files\common files\Spigot
2012-10-02 17:46:10 -------- d-----w- c:\program files\Application Updater
2012-09-27 23:19:26 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-25 02:57:10 -------- d-----w- c:\programdata\blekko toolbars
2012-09-25 02:56:55 -------- d-----w- c:\program files\blekkotb_sa5
.
==================== Find3M ====================
.
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll
.
============= FINISH: 18:32:48.70 ===============
Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/24/2011 3:44:47 PM
System Uptime: 10/19/2012 3:25:58 PM (3 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 7.875 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl8af05910
Device ID: ROOT\LEGACY_MPKSL8AF05910\0000
Manufacturer:
Name: MpKsl8af05910
PNP Device ID: ROOT\LEGACY_MPKSL8AF05910\0000
Service: MpKsl8af05910
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl6230c1b4
Device ID: ROOT\LEGACY_MPKSL6230C1B4\0000
Manufacturer:
Name: MpKsl6230c1b4
PNP Device ID: ROOT\LEGACY_MPKSL6230C1B4\0000
Service: MpKsl6230c1b4
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl278c5822
Device ID: ROOT\LEGACY_MPKSL278C5822\0000
Manufacturer:
Name: MpKsl278c5822
PNP Device ID: ROOT\LEGACY_MPKSL278C5822\0000
Service: MpKsl278c5822
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslb608cb66
Device ID: ROOT\LEGACY_MPKSLB608CB66\0000
Manufacturer:
Name: MpKslb608cb66
PNP Device ID: ROOT\LEGACY_MPKSLB608CB66\0000
Service: MpKslb608cb66
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl8e0e3580
Device ID: ROOT\LEGACY_MPKSL8E0E3580\0000
Manufacturer:
Name: MpKsl8e0e3580
PNP Device ID: ROOT\LEGACY_MPKSL8E0E3580\0000
Service: MpKsl8e0e3580
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl65b2014f
Device ID: ROOT\LEGACY_MPKSL65B2014F\0000
Manufacturer:
Name: MpKsl65b2014f
PNP Device ID: ROOT\LEGACY_MPKSL65B2014F\0000
Service: MpKsl65b2014f
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslb8f042af
Device ID: ROOT\LEGACY_MPKSLB8F042AF\0000
Manufacturer:
Name: MpKslb8f042af
PNP Device ID: ROOT\LEGACY_MPKSLB8F042AF\0000
Service: MpKslb8f042af
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl91f8235a
Device ID: ROOT\LEGACY_MPKSL91F8235A\0000
Manufacturer:
Name: MpKsl91f8235a
PNP Device ID: ROOT\LEGACY_MPKSL91F8235A\0000
Service: MpKsl91f8235a
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl6a7568e4
Device ID: ROOT\LEGACY_MPKSL6A7568E4\0000
Manufacturer:
Name: MpKsl6a7568e4
PNP Device ID: ROOT\LEGACY_MPKSL6A7568E4\0000
Service: MpKsl6a7568e4
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl0aa7eb25
Device ID: ROOT\LEGACY_MPKSL0AA7EB25\0000
Manufacturer:
Name: MpKsl0aa7eb25
PNP Device ID: ROOT\LEGACY_MPKSL0AA7EB25\0000
Service: MpKsl0aa7eb25
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl9ab998da
Device ID: ROOT\LEGACY_MPKSL9AB998DA\0000
Manufacturer:
Name: MpKsl9ab998da
PNP Device ID: ROOT\LEGACY_MPKSL9AB998DA\0000
Service: MpKsl9ab998da
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl6ccb6fcf
Device ID: ROOT\LEGACY_MPKSL6CCB6FCF\0000
Manufacturer:
Name: MpKsl6ccb6fcf
PNP Device ID: ROOT\LEGACY_MPKSL6CCB6FCF\0000
Service: MpKsl6ccb6fcf
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl45a95b12
Device ID: ROOT\LEGACY_MPKSL45A95B12\0000
Manufacturer:
Name: MpKsl45a95b12
PNP Device ID: ROOT\LEGACY_MPKSL45A95B12\0000
Service: MpKsl45a95b12
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl0e72c21e
Device ID: ROOT\LEGACY_MPKSL0E72C21E\0000
Manufacturer:
Name: MpKsl0e72c21e
PNP Device ID: ROOT\LEGACY_MPKSL0E72C21E\0000
Service: MpKsl0e72c21e
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslbc3f31c2
Device ID: ROOT\LEGACY_MPKSLBC3F31C2\0000
Manufacturer:
Name: MpKslbc3f31c2
PNP Device ID: ROOT\LEGACY_MPKSLBC3F31C2\0000
Service: MpKslbc3f31c2
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsla15b0daf
Device ID: ROOT\LEGACY_MPKSLA15B0DAF\0000
Manufacturer:
Name: MpKsla15b0daf
PNP Device ID: ROOT\LEGACY_MPKSLA15B0DAF\0000
Service: MpKsla15b0daf
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsla30b832e
Device ID: ROOT\LEGACY_MPKSLA30B832E\0000
Manufacturer:
Name: MpKsla30b832e
PNP Device ID: ROOT\LEGACY_MPKSLA30B832E\0000
Service: MpKsla30b832e
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl777d85bf
Device ID: ROOT\LEGACY_MPKSL777D85BF\0000
Manufacturer:
Name: MpKsl777d85bf
PNP Device ID: ROOT\LEGACY_MPKSL777D85BF\0000
Service: MpKsl777d85bf
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl18d6e658
Device ID: ROOT\LEGACY_MPKSL18D6E658\0000
Manufacturer:
Name: MpKsl18d6e658
PNP Device ID: ROOT\LEGACY_MPKSL18D6E658\0000
Service: MpKsl18d6e658
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsla3621492
Device ID: ROOT\LEGACY_MPKSLA3621492\0000
Manufacturer:
Name: MpKsla3621492
PNP Device ID: ROOT\LEGACY_MPKSLA3621492\0000
Service: MpKsla3621492
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl4a315608
Device ID: ROOT\LEGACY_MPKSL4A315608\0000
Manufacturer:
Name: MpKsl4a315608
PNP Device ID: ROOT\LEGACY_MPKSL4A315608\0000
Service: MpKsl4a315608
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl538c0ce1
Device ID: ROOT\LEGACY_MPKSL538C0CE1\0000
Manufacturer:
Name: MpKsl538c0ce1
PNP Device ID: ROOT\LEGACY_MPKSL538C0CE1\0000
Service: MpKsl538c0ce1
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslc244c597
Device ID: ROOT\LEGACY_MPKSLC244C597\0000
Manufacturer:
Name: MpKslc244c597
PNP Device ID: ROOT\LEGACY_MPKSLC244C597\0000
Service: MpKslc244c597
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl7ec28285
Device ID: ROOT\LEGACY_MPKSL7EC28285\0000
Manufacturer:
Name: MpKsl7ec28285
PNP Device ID: ROOT\LEGACY_MPKSL7EC28285\0000
Service: MpKsl7ec28285
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsld3ad2e72
Device ID: ROOT\LEGACY_MPKSLD3AD2E72\0000
Manufacturer:
Name: MpKsld3ad2e72
PNP Device ID: ROOT\LEGACY_MPKSLD3AD2E72\0000
Service: MpKsld3ad2e72
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl2085cf18
Device ID: ROOT\LEGACY_MPKSL2085CF18\0000
Manufacturer:
Name: MpKsl2085cf18
PNP Device ID: ROOT\LEGACY_MPKSL2085CF18\0000
Service: MpKsl2085cf18
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsld59b470b
Device ID: ROOT\LEGACY_MPKSLD59B470B\0000
Manufacturer:
Name: MpKsld59b470b
PNP Device ID: ROOT\LEGACY_MPKSLD59B470B\0000
Service: MpKsld59b470b
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslda883722
Device ID: ROOT\LEGACY_MPKSLDA883722\0000
Manufacturer:
Name: MpKslda883722
PNP Device ID: ROOT\LEGACY_MPKSLDA883722\0000
Service: MpKslda883722
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslaf993431
Device ID: ROOT\LEGACY_MPKSLAF993431\0000
Manufacturer:
Name: MpKslaf993431
PNP Device ID: ROOT\LEGACY_MPKSLAF993431\0000
Service: MpKslaf993431
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl5e35fcf1
Device ID: ROOT\LEGACY_MPKSL5E35FCF1\0000
Manufacturer:
Name: MpKsl5e35fcf1
PNP Device ID: ROOT\LEGACY_MPKSL5E35FCF1\0000
Service: MpKsl5e35fcf1
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslddab54ce
Device ID: ROOT\LEGACY_MPKSLDDAB54CE\0000
Manufacturer:
Name: MpKslddab54ce
PNP Device ID: ROOT\LEGACY_MPKSLDDAB54CE\0000
Service: MpKslddab54ce
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl248a68a2
Device ID: ROOT\LEGACY_MPKSL248A68A2\0000
Manufacturer:
Name: MpKsl248a68a2
PNP Device ID: ROOT\LEGACY_MPKSL248A68A2\0000
Service: MpKsl248a68a2
.
==== System Restore Points ===================
.
RP323: 10/9/2012 11:56:16 PM - Windows Update
RP324: 10/16/2012 1:39:44 PM - ComboFix created restore point
RP325: 10/16/2012 2:15:45 PM - Windows Update
RP326: 10/18/2012 10:12:07 AM - Restore Operation
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Advanced SystemCare 4
AI Viewer
Akamai NetSession Interface
Amazon Kindle
blekko search bar
Carleton H. Sheets Real Estate ToolKit version 7.2
Conexant HDA D110 MDC V.92 Modem
Driver Manager
Dropbox
Fantapper Player
Fantapper Updater
Google Earth Plug-in
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
IObit Malware Fighter
IObit Toolbar v6.3
Java(TM) 6 Update 18
K-Lite Codec Pack 5.7.0 (Full)
Lexmark 7300 Series
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
neroxml
NVIDIA Drivers
NVIDIA nView Desktop Manager
PDFCreator
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Toolbars
Skype 5.10
SolveigMM AVI Trimmer
T-Mobile webConnect Manager
TeamViewer 6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Veoh Giraffic Video Accelerator
Veoh Web Player
VLC media player 1.1.10
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
10/19/2012 8:28:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
10/19/2012 8:14:10 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
10/19/2012 3:28:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: uksrwji
10/19/2012 3:28:13 PM, Error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The system cannot find the file specified.
10/19/2012 12:26:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
10/18/2012 9:56:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
10/18/2012 9:09:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
10/18/2012 9:09:39 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/18/2012 9:08:44 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
10/18/2012 9:08:44 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
10/18/2012 9:08:44 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
10/18/2012 9:08:42 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
10/18/2012 9:07:42 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
10/18/2012 9:06:43 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2012 9:06:43 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:43 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:43 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2012 9:06:43 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2012 9:06:43 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:43 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2012 9:06:43 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:43 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:42 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2012 9:06:42 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:42 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:42 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:42 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:42 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:42 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2012 9:06:42 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2012 4:13:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer6 service.
10/18/2012 10:48:04 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2012 10:48:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/18/2012 10:48:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/18/2012 10:47:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/18/2012 10:47:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/18/2012 10:47:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/18/2012 10:47:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/18/2012 10:47:25 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx uksrwji VWiFiFlt Wanarpv6 WfpLwf
10/18/2012 10:47:24 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2012 10:47:24 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2012 10:47:24 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2012 10:47:24 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2012 10:47:24 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2012 10:47:24 AM, Error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2012 10:47:17 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2012 10:47:17 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2012 10:47:17 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/18/2012 10:47:17 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2012 10:47:17 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2012 10:05:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
10/18/2012 10:05:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
10/18/2012 10:04:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
10/17/2012 10:23:05 PM, Error: Serial [36] - While validating that \Device\Serial0 was really a serial port, the contents of the divisor latch register was identical to the interrupt enable and the receive registers. The device is assumed not to be a serial port and will be deleted.
10/17/2012 10:11:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
10/16/2012 1:54:13 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/15/2012 5:03:37 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{A3E094C8-2135-46A1-A7D5-F00E394CB70B} because another computer on the network has the same name. The server could not start.
10/15/2012 5:03:37 PM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 192.168.1.106. The computer with the IP address 192.168.1.103 did not allow the name to be claimed by this computer.
10/15/2012 5:03:37 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 192.168.1.106. The computer with the IP address 192.168.1.103 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================
GmrGMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-19 19:03:51
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD800BEVS-00VAT0 rev.11.01A11
Running: hokj3md0.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 832543C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8328DD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F43D340, 0x3EE2B7, 0xE8000020]
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\Users\user\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[944] ntdll.dll!NtWriteFile 77C36A68 5 Bytes JMP 00013D48
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!SetUnhandledExceptionFilter 779BF4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Windows\system32\svchost.exe[944] USER32.dll!GetCursorPos 7780A4B3 5 Bytes JMP 00014672
.text C:\Windows\system32\svchost.exe[944] USER32.dll!GetForegroundWindow 7781335D 5 Bytes JMP 00014743
.text C:\Windows\system32\svchost.exe[944] USER32.dll!IsWindowVisible 77814D69 5 Bytes JMP 00014776
.text C:\Windows\system32\svchost.exe[944] USER32.dll!WindowFromPoint 77836BE9 5 Bytes JMP 000146D3
.text C:\Windows\system32\svchost.exe[944] USER32.dll!MessageBoxIndirectW 7785E963 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
.text C:\Windows\system32\svchost.exe[944] WS2_32.dll!GetAddrInfoW 77D34889 5 Bytes JMP 000145D4
.text C:\Windows\system32\svchost.exe[944] ole32.dll!CoGetClassObject 762054AD 5 Bytes JMP 000148B2
.text C:\Windows\system32\svchost.exe[944] ole32.dll!CoCreateInstance 76219D0B 5 Bytes JMP 000148DC
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2588] kernel32.dll!SetUnhandledExceptionFilter 779BF4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE[5424] kernel32.dll!SetUnhandledExceptionFilter 779BF4FB 5 Bytes JMP 5F2350B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE[5424] ole32.dll!OleLoadFromStream 761D6143 5 Bytes JMP 5FCFE11A C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[8224] USER32.dll!RegisterMessagePumpHook + 2F1 77808B9E 7 Bytes JMP 63C8C453 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[8224] USER32.dll!IsDialogMessageW + 340 77814444 7 Bytes JMP 63C8C3E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[8224] USER32.dll!GetWindowInfo 77814B5E 5 Bytes JMP 63A4BACC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[8224] USER32.dll!ToUnicodeEx + 71 77822223 7 Bytes JMP 63A4C0F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[9400] ntdll.dll!LdrGetProcedureAddress + 26 77C52239 7 Bytes JMP 638CB52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[9400] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 779B93D6 7 Bytes JMP 63B7B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[9400] kernel32.dll!QueryPerformanceCounter + 13 779BC435 7 Bytes JMP 63B7B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[9400] GDI32.dll!GetViewportOrgEx + 26C 7707884B 7 Bytes JMP 63B7B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000006a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e37aee8a1
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 9402
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 27169
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A3E094C 8-2135-46A1-A7D5-F00E394CB70B}@LeaseObtainedTime 1350690187
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A3E094C 8-2135-46A1-A7D5-F00E394CB70B}@T1 1350691987
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A3E094C 8-2135-46A1-A7D5-F00E394CB70B}@T2 1350693337
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A3E094C 8-2135-46A1-A7D5-F00E394CB70B}@LeaseTerminatesTime 1350693787
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e37aee8a1 (not active ControlSet)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- EOF - GMER 1.0.15 ----