Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

lots or ???? this is what to do

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

lots or ???? this is what to do

Unread postby ddshadydd » December 4th, 2011, 5:33 am

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Open at 3:59:19 on 2011-12-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2668.1462 [GMT -5:00]
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\S-Bar\MSIService.exe
C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
C:\Program Files (x86)\MSI Game Corner\Game Console\OberonGameConsoleService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
============== Pseudo HJT Report ===============
mStart Page = hxxp://msi.msn.com
mURLSearchHooks: Winamp Toolbar Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: GetDislike: {f0e15660-5be6-48b9-8ed6-f8c1643bd6b8} - C:\Program Files (x86)\getdislike\ie\211221920getdisike.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
uRun: [RDReminder]
uRun: [HijackThis startup scan] C:\Users\Open\AppData\Local\Temp\HBCD\HijackThis.exe /startupscan
mRun: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
mRun: [Cinema ProII Controler] C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: DhcpNameServer =
TCP: Interfaces\{7E846249-6D0B-4BA9-9078-777476784380} : DhcpNameServer =
TCP: Interfaces\{8CA9679E-DB27-4761-B2A5-C023E7F9749B} : DhcpNameServer =
TCP: Interfaces\{8CA9679E-DB27-4761-B2A5-C023E7F9749B}\37475677 : DhcpNameServer =
TCP: Interfaces\{8CA9679E-DB27-4761-B2A5-C023E7F9749B}\A657E676C6562377962756 : DhcpNameServer =
TCP: Interfaces\{8CA9679E-DB27-4761-B2A5-C023E7F9749B}\C696E6B6379737 : DhcpNameServer =
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
BHO-X64: Winamp Toolbar Loader - No File
BHO-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
BHO-X64: XFINITY Toolbar - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNowToolbarHelper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
BHO-X64: Constant Guard Protection Suite (COM) - No File
BHO-X64: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO-X64: Updater For XFIN_PORTAL - No File
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: GetDislike: {F0E15660-5BE6-48b9-8ED6-F8C1643BD6B8} - C:\Program Files (x86)\getdislike\ie\211221920getdisike.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
TB-X64: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
mRun-x64: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
mRun-x64: [Cinema ProII Controler] C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Open\AppData\Roaming\Mozilla\Firefox\Profiles\w87ol4iw.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.startnow.com/?src=startpage& ... .1-x64-SP1
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar& ... x64-SP1&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Open\AppData\Local\Google\Update\\npGoogleUpdate3.dll
FF - plugin: C:\Users\Open\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Open\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
============= SERVICES / DRIVERS ===============
R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]
R1 GIDv2;GIDv2;C:\windows\system32\drivers\GIDv2.sys --> C:\windows\system32\drivers\GIDv2.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2011-11-18 63048]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-9-5 393648]
R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\S-Bar\MSIService.exe [2011-1-21 160768]
R2 MSI Foundation Service;MSI Foundation Service;C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-7-16 12800]
R2 OberonGameConsoleService;Oberon Media Game Console service;C:\Program Files (x86)\MSI Game Corner\Game Console\OberonGameConsoleService.exe [2011-1-25 44432]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]
R2 vseamps;vseamps;C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-4-8 149544]
R2 vsedsps;vsedsps;C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-4-8 148008]
R2 vseqrts;vseqrts;C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-4-8 205352]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\windows\system32\DRIVERS\usbfilter.sys --> C:\windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-23 136176]
S3 cpuz134;cpuz134;C:\Users\Open\AppData\Local\Temp\HBCD\PCWizard\pcwiz_x64.sys [2011-12-4 21480]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-23 136176]
S3 pwdrvio;pwdrvio;\??\C:\windows\system32\pwdrvio.sys --> C:\windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\windows\system32\pwdspio.sys --> C:\windows\system32\pwdspio.sys [?]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
=============== Created Last 30 ================
2011-12-04 08:24:56 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA9C7F32-E518-41F5-B554-337B83063CC0}\offreg.dll
2011-12-04 07:52:25 -------- d-----w- C:\Users\Open\AppData\Local\Adobe
2011-12-04 06:01:24 801352 ----a-w- C:\windows\System32\pwNative.exe
2011-12-04 06:01:23 19936 ------w- C:\windows\System32\pwdrvio.sys
2011-12-04 06:01:22 13280 ------w- C:\windows\System32\pwdspio.sys
2011-12-04 05:02:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-04 05:02:52 -------- d-----w- C:\Users\Open\AppData\Roaming\SUPERAntiSpyware.com
2011-12-04 04:58:48 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-04 04:45:09 -------- d-----w- C:\Users\Open\AppData\Roaming\dll-files.com
2011-12-04 04:44:57 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2011-12-04 04:44:57 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2011-12-04 04:44:57 1060864 ----a-w- C:\windows\SysWow64\mfc71.dll
2011-12-04 04:44:55 -------- d-----w- C:\Program Files (x86)\Dll-Files.com Fixer
2011-12-04 04:27:45 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-12-03 04:20:28 -------- d-----w- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2011-12-03 03:54:15 -------- d-----w- C:\Users\Open\AppData\Roaming\VUPlayer
2011-12-03 03:53:51 -------- d-----w- C:\Program Files (x86)\VUPlayer
2011-12-03 01:12:11 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA9C7F32-E518-41F5-B554-337B83063CC0}\mpengine.dll
2011-11-29 07:42:33 -------- d-----w- C:\windows\CheckSur
2011-11-29 06:08:27 -------- d-----w- C:\Users\Open\AppData\Local\Winamp Toolbar
2011-11-29 05:13:10 -------- d-----w- C:\Users\Open\Tracing
2011-11-29 05:12:29 -------- d-----w- C:\Program Files (x86)\getdislike
2011-11-29 04:41:55 1892184 ----a-w- C:\windows\SysWow64\D3DX9_42.dll
2011-11-29 04:41:54 2414360 ----a-w- C:\windows\SysWow64\d3dx9_31.dll
2011-11-29 04:41:01 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2011-11-29 04:40:54 -------- d-----w- C:\ProgramData\Winamp Toolbar
2011-11-29 04:40:54 -------- d-----w- C:\Program Files (x86)\Winamp Toolbar
2011-11-29 04:40:49 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
2011-11-29 04:40:32 -------- d-----w- C:\ProgramData\WeCareReminder
2011-11-29 04:39:47 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-11-29 04:39:44 -------- d-----w- C:\Users\Open\AppData\Roaming\OpenCandy
2011-11-28 05:16:11 -------- d-----w- C:\Users\Open\AppData\Roaming\GameConsole
2011-11-28 05:16:04 -------- d-sh--w- C:\Users\Open\AppData\Roaming\.#
2011-11-28 04:10:19 -------- d-----w- C:\Users\Open\AppData\Local\ID Vault
2011-11-28 04:10:19 -------- d-----w- C:\ProgramData\IsolatedStorage
2011-11-28 04:09:23 91720 ----a-w- C:\Program Files (x86)\Mozilla Firefox\IdVaultCore.XmlSerializers.dll
2011-11-28 04:09:23 8007680 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Microsoft.mshtml.dll
2011-11-28 04:09:23 1642056 ----a-w- C:\Program Files (x86)\Mozilla Firefox\IdVaultCore.dll
2011-11-28 04:09:23 135240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\CommonDotNET.dll
2011-11-28 04:09:18 -------- d-----w- C:\Users\Open\AppData\Roaming\ID Vault
2011-11-28 04:08:47 29288 ------w- C:\windows\System32\drivers\gidv2.sys
2011-11-28 04:08:44 65816 ------w- C:\windows\System32\GIDLogonCP64.dll
2011-11-28 04:08:44 467224 ------w- C:\windows\System32\GIDHOOK64.DLL
2011-11-28 04:08:44 446752 ------w- C:\windows\System32\GIDHookLogon64.dll
2011-11-28 04:08:44 206608 ------w- C:\windows\System32\GIDBIN1.DLL
2011-11-28 04:08:44 109064 ------w- C:\windows\System32\EasyHook64.dll
2011-11-28 04:08:44 102160 ------w- C:\windows\System32\GIDBIN3.DLL
2011-11-28 04:08:22 -------- d-----w- C:\ProgramData\GID
2011-11-28 04:08:19 -------- d-----w- C:\Program Files (x86)\SFT
2011-11-28 04:07:57 -------- d-----w- C:\Program Files (x86)\Common Files\scanner
2011-11-28 04:07:57 -------- d-----w- C:\Program Files (x86)\comcasttb
2011-11-28 04:07:47 -------- d-----w- C:\Program Files (x86)\CA
2011-11-28 04:07:45 -------- d-----w- C:\windows\Downloaded Installations
2011-11-28 04:07:03 -------- d-----w- C:\Program Files (x86)\xfin_portal
2011-11-28 04:06:49 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite
2011-11-28 04:06:35 -------- d-----w- C:\ProgramData\White Sky, Inc
2011-11-28 03:37:10 -------- d-----w- C:\Users\Open\AppData\Roaming\FLEXnet
2011-11-27 13:37:17 -------- d-----w- C:\Program Files (x86)\Systweak Photoalbum
2011-11-27 13:37:04 -------- d-----w- C:\Program Files (x86)\ADLSoft PhotoAlbum
2011-11-27 13:36:57 -------- d-----w- C:\Program Files (x86)\StartNow Toolbar
2011-11-27 11:09:50 -------- d-----w- C:\ProgramData\ClubSanDisk
2011-11-27 10:50:02 -------- d-----w- C:\inetpub
2011-11-24 08:04:41 -------- d-----w- C:\windows\pss
2011-11-14 03:47:00 -------- d-----w- C:\Users\Open\AppData\Roaming\Temp
2011-11-12 21:09:53 -------- d-----w- C:\Users\Open\AppData\Local\Eastman_Kodak_Company
2011-11-09 02:57:42 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 02:57:42 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 02:57:39 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys
2011-11-09 02:57:35 3144704 ----a-w- C:\windows\System32\win32k.sys
==================== Find3M ====================
Code: Select all

2011-12-02 19:10:30 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-23 12:07:57 78376 ----a-w- C:\windows\System32\drivers\CDAVFS.sys
2011-10-23 08:35:29 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2011-10-23 08:35:28 175616 ----a-w- C:\windows\System32\msclmd.dll
2011-10-20 01:59:11 6 ----a-w- C:\windows\silentOnce.tmp
2011-10-01 03:25:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
============= FINISH: 4:00:14.42 ===============
Active Member
Posts: 1
Joined: December 4th, 2011, 5:21 am
Register to Remove

Re: lots or ???? this is what to do

Unread postby Scolabar » December 4th, 2011, 4:41 pm

Hi ddshadydd,

Firstly, welcome to the Malware Removal Forum. :)
My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.

I am currently working under the guidance of the MRU teachers, everything I post to you, will need to be reviewed by them.
This additional review process can add some extra time to my responses, but hopefully not too much.

Please note the following important guidelines before proceeding:
  1. The instructions that will be provided are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable
  2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
  3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
    Absence of symptoms does not necessarily mean that everything is clear.
  5. DO NOT run any other fix or removal tools unless instructed to do so!
  6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Please Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Windows 7 Advice:
Please Note: The programs I ask you to use will need to be run in Administrator Mode.
In order to do this Right-click on the program file and select the Run as Administrator option.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
If prompted, please click on the Allow button.
Reference: User Account Control (UAC) and Running as Administrator

Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.

If you follow these guidelines, things should proceed smoothly. :)
I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.

User avatar
MRU Honors Grad Emeritus
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: lots or ???? this is what to do

Unread postby Scolabar » December 8th, 2011, 1:07 pm

Hi ddshadydd,

Thank you again for your patience. :)

Please read these instructions carefully before executing and perform the steps, in the order given.
lf you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Computer Problem(s) - Details

Please explain in more detail what the computer problem(s) are that you are encountering.
The description does not need to be technically detailed, but if your computer has given you any Error Codes or flashed up any messages, then the exact wording of them can be very useful. Please provide the description in your next post.

Step 2:
OTL - Scan

Next we need to run an OTL scan.

  1. Please download OTL by Old Timer. Save it to your Desktop.
  2. Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
  3. Under Output, ensure that the Standard Output option is selected.
  4. Under the Extra Registry section, select the Use SafeList option.
  5. Click the Scan All Users checkbox.
    Note: Please leave the remaining selections on the default settings.
  6. Click on the Run Scan button (- top left hand corner).
  7. When done, two Notepad files will automatically open:
    • OTL.txt <-- Will be opened, maximized.
    • Extras.txt <-- Will be minimized on task bar.
  8. Please Copy and Paste the entire contents of both OTL.txt and Extras.txt files into your next reply.

Step 3:
Security Check

  1. Please download Security Check by screen317 and Save it to your Desktop.
    Alternate download site: Link 2
  2. Right-click on SecurityCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
  3. Press the Space Bar when you see the Press any key to continue... message.
    Please Note: This scan will take a short while to complete, so please be patient.
  4. When the scan has completed, a Notepad file will automatically open called checkup.txt.
  5. Save the file checkup.txt to your Desktop.
    Please Note: This output file is NOT automatically saved!
  6. Then Copy and Paste the entire contents of the checkup.txt file into your next reply.

Step 4:
Include in Next Post

  1. Did you have any problems carrying out the instructions?
  2. Please provide a description of the computer problem(s) you have been encountering.
  3. OTL.txt.
  4. Extras.txt.
  5. checkup.txt.
  6. Do you have the original Windows installation media for your PC?

User avatar
MRU Honors Grad Emeritus
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: lots or ???? this is what to do

Unread postby Scolabar » December 10th, 2011, 6:39 pm

Hi ddshadydd,

It has been over 48 hours since my last post.

  1. Do you still need help?
  2. Do you need more time?
  3. Are you having problems following my instructions?
  4. In line with Malware Removal's latest policy, topics will be closed after 3 days without a response.
  5. If you do not reply within the next 24 hours, this topic will be closed.

No Reply Within 3 Days Will Result In Your Topic Being Closed
User avatar
MRU Honors Grad Emeritus
Posts: 1172
Joined: April 22nd, 2009, 3:10 pm

Re: lots or ???? this is what to do

Unread postby Cypher » December 11th, 2011, 1:11 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Posts: 14936
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Register to Remove

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware