Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virus removal

Unread postby linerider69 » June 7th, 2012, 11:12 pm

How can i remove a virus if malewarebytes and microsoft security essentials keeps finding it but they don't remove it.
linerider69
Active Member
 
Posts: 4
Joined: June 7th, 2012, 10:53 pm
Advertisement
Register to Remove

Re: Virus removal

Unread postby pgmigg » June 7th, 2012, 11:45 pm

Hello linerider69,

Welcome to the forum! :)

My name is pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start

In the meantime...
How can i remove a virus if malewarebytes and microsoft security essentials keeps finding it but they don't remove it.
You provided no information at all about any details of your problems.
So, to start the process please do the following:

Step 1.
Initial DDS Scan
  1. Please download DDS ... by sUBs. Save it to your desktop. Alternate download links here or here.
    Please disable any Antivirus or Firewall you have active, as shown in this topic before running DDS.
  2. Please double click dds.com to run the tool. (File name will be different if alternate download used).
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    A black window will open with some instructions/comments...
  3. When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
    Caution: The above logs will NOT be saved, so you must save them to your desktop.
  4. Please post both the DDS.txt and Attach.txt files in your next reply.

Please note: If DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.

Step 2.
You mentioned that you run Malwarebytes' Anti-Malware (MBAM) Scan. I would like to see the most recent report from it, which can be found in
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the DDS.txt log file
  3. Contents of the Attach.txt log file
  4. Contents of the most resent MBAM scan report

Thanks,
pgmigg


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Virus removal

Unread postby linerider69 » June 8th, 2012, 1:49 am

Well let me explain first i got a microsoft security essential message come up saying potentialy harmful or unwanted material has been detected cleaning system no action required.After it cleaned the file every time i started up the computer it would say the same thing and i noticed i could not access the guest account and my browser loaded slow so i downloaded malewarebytes and ran it after quarentine and deletion of the files it kept finding the same thing with every scan.alwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.07.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
ghost :: GHOST-PC [administrator]

Protection: Disabled

6/7/2012 9:36:03 PM
mbam-log-2012-06-07 (21-36-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222461
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Detected: 1
C:\Users\Guest\Documents\DCSCMIN\IMDCSC.exe (Backdoor.Agent.DC) -> 4544 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Skila (Backdoor.Agent.DC) -> Data: C:\Users\ghost\Documents\DCSCMIN\IMDCSC.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\ghost\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.

Files Detected: 7
C:\Users\ghost\AppData\Local\Temp\2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\ghost\AppData\Roaming\dclogs\2012-06-03-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\ghost\AppData\Roaming\dclogs\2012-06-04-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\ghost\AppData\Roaming\dclogs\2012-06-05-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Guest\AppData\Roaming\dclogs\2012-06-07-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\ghost\Documents\DCSCMIN\IMDCSC.exe (Backdoor.Agent.DC) -> Quarantined and deleted successfully.
C:\Users\Guest\Documents\DCSCMIN\IMDCSC.exe (Backdoor.Agent.DC) -> Quarantined and deleted successfully.

(end)DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.0
Run by ghost at 1:34:36 on 2012-06-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8106.6318 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Realtek\RtLED\RtLEDService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
C:\Program Files\Realtek\RtLED\RtLED.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\System32\rundll32.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
C:\Program Files (x86)\Lenovo\PlayMovie\PMVService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\explorer.exe
C:\windows\splwow64.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=109928 ... def1885671
uDefault_Page_URL = hxxp://www.lenovo.com
uInternet Settings,ProxyServer = http=;ftp=;https=;
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Easy-Hide-IP] C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe
uRun: [Skila] C:\Users\ghost\Documents\DCSCMIN\IMDCSC.exe
mRun: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe
mRun: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [Lenovo SplitScreen] "C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe"
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [PlayMovie] "C:\Program Files (x86)\Lenovo\PlayMovie\PMVService.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\ghost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\ghost\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA}\0596E6B644F6C6078696E6D27657563747 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA}\0596E6B644F6C6078696E6D27657563747 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA}\2343D273024527166756C6023547F62756 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA}\2343D273024527166756C6023547F62756 : DhcpNameServer = 192.168.1.3 24.225.5.2 24.225.0.1
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA}\355707562783 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA}\355707562783 : DhcpNameServer = 50.57.99.138 66.180.96.12
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA}\C4574716 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{88FE7B3C-96F3-42B3-92BE-17640C0180DA}\C4574716 : DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe
mRun-x64: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun-x64: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun-x64: [Lenovo SplitScreen] "C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe"
mRun-x64: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun-x64: [PlayMovie] "C:\Program Files (x86)\Lenovo\PlayMovie\PMVService.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ghost\AppData\Roaming\Mozilla\Firefox\Profiles\3ogqljg1.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109928 ... 1885671&q=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109928&tt=100512_3_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 78790f23000000000000f0def1885671
FF - user.js: extensions.BabylonToolbar_i.hardId - 78790f23000000000000f0def1885671
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15474
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:42:04
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?]
R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2012/05/13 20:49:28];C:\Program Files (x86)\Lenovo\PlayMovie\000.fcl [2012-5-13 146928]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-7 654408]
R2 RtLedService;RtLedService Installer;C:\Program Files\Realtek\RtLED\RtLEDService.exe [2010-9-30 311296]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-4-9 3063968]
R2 Slidebar Notifier Service;Slidebar Notifier Service;C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [2012-5-13 69568]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-13 2655768]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdmirror;wdmirror;C:\windows\system32\DRIVERS\WDMirror.sys --> C:\windows\system32\DRIVERS\WDMirror.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-13 257696]
S3 Bridge0;Bridge0;C:\windows\system32\drivers\WDBridge.sys --> C:\windows\system32\drivers\WDBridge.sys [?]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-15 38152]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2012-5-13 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2012-5-13 575304]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-13 129976]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 pneteth;PdaNet Broadband;C:\windows\system32\DRIVERS\pneteth.sys --> C:\windows\system32\DRIVERS\pneteth.sys [?]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\system32\DRIVERS\ssadbus.sys --> C:\windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\system32\DRIVERS\ssadmdfl.sys --> C:\windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\system32\DRIVERS\ssadmdm.sys --> C:\windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\windows\system32\DRIVERS\ssadserd.sys --> C:\windows\system32\DRIVERS\ssadserd.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
.
=============== Created Last 30 ================
.
2012-06-08 04:01:18 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1CEB8208-15A0-46D4-BB1E-DDDFEC644472}\offreg.dll
2012-06-08 02:46:47 -------- d-----w- C:\Program Files\CCleaner
2012-06-08 02:17:59 -------- d-----w- C:\Users\ghost\AppData\Roaming\dclogs
2012-06-08 01:35:58 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1CEB8208-15A0-46D4-BB1E-DDDFEC644472}\mpengine.dll
2012-06-08 01:34:34 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-08 01:34:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-08 01:25:25 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-05 18:17:38 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-05 18:17:15 772552 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-06-05 18:17:15 687560 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-06-03 22:37:55 500552 ----a-w- C:\windows\System32\EasyRedirect64.dll
2012-06-03 22:37:55 360264 ----a-w- C:\windows\SysWow64\EasyRedirect.dll
2012-06-03 20:29:02 660480 ----a-w- C:\Users\ghost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1.exe
2012-06-03 20:28:26 -------- d-----w- C:\Users\ghost\AppData\Roaming\C__Users_ghost_Documents_Vuze Downloads_SuperHideIP-3.2.1.6_Crack.exe
2012-06-03 20:28:26 -------- d-----w- C:\ProgramData\C__Users_ghost_Documents_Vuze Downloads_SuperHideIP-3.2.1.6_Crack.exe
2012-06-03 19:07:19 -------- d-----w- C:\Users\ghost\AppData\Roaming\Malwarebytes
2012-06-03 19:06:40 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-27 17:34:22 -------- d-----w- C:\Users\ghost\AppData\Local\Diagnostics
2012-05-21 18:41:12 -------- d-----w- C:\Users\ghost\AppData\Local\Apple Computer
2012-05-21 18:40:31 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-05-21 18:40:31 126312 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-05-21 18:40:31 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2012-05-21 18:39:43 -------- d-----w- C:\Program Files\iPod
2012-05-21 18:39:42 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-21 18:39:42 -------- d-----w- C:\Program Files\iTunes
2012-05-21 18:39:42 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-21 18:39:08 -------- d-----w- C:\Users\ghost\AppData\Local\Apple
2012-05-21 18:38:42 -------- d-----w- C:\Program Files\Bonjour
2012-05-21 18:38:42 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-05-18 16:37:37 708168 ----a-w- C:\windows\System32\WinUSBCoInstaller.dll
2012-05-18 16:37:37 157160 ----a-w- C:\windows\System32\drivers\ssadbus.sys
2012-05-18 16:37:37 15360 ----a-w- C:\windows\System32\drivers\pneteth.sys
2012-05-18 16:37:37 1490656 ----a-w- C:\windows\System32\WdfCoInstaller01007.dll
2012-05-18 16:37:37 13800 ----a-w- C:\windows\System32\drivers\ssadwhnt.sys
2012-05-18 16:37:37 13800 ----a-w- C:\windows\System32\drivers\ssadwh.sys
2012-05-18 16:37:36 -------- d-----w- C:\Program Files (x86)\PdaNet for Android
2012-05-18 12:15:55 -------- d-----w- C:\Users\ghost\AppData\Local\Adobe
2012-05-18 12:10:03 446258 ----a-w- C:\windows\AutoKMS.exe
2012-05-18 12:07:05 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-05-18 12:06:44 -------- d-----w- C:\windows\PCHEALTH
2012-05-18 12:06:44 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-05-18 12:05:07 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-05-18 12:04:26 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-05-18 12:04:09 -------- d-----w- C:\Users\ghost\AppData\Local\Microsoft Help
2012-05-17 15:30:24 295936 ----a-w- C:\windows\SysWow64\appmgr.dll
2012-05-17 15:30:24 -------- d-----w- C:\windows\SysWow64\GPBAK
2012-05-17 14:59:36 369152 ----a-w- C:\windows\System32\hpbrprtmon.dll
2012-05-17 14:59:36 207872 ----a-w- C:\windows\System32\hpbprtmon.dll
2012-05-17 14:59:36 167424 ----a-w- C:\windows\System32\hpbprtmonui.dll
2012-05-17 14:59:33 1654784 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpbfpp1101.dll
2012-05-17 14:58:20 -------- d-----w- C:\ePrint Mobil
2012-05-17 14:58:02 750440 ------w- C:\windows\System32\HPDiscoPM8e11.dll
2012-05-17 14:57:49 -------- d-----w- C:\Program Files (x86)\HP
2012-05-17 14:57:47 -------- d-----w- C:\Program Files\HP
2012-05-17 14:57:39 -------- d-----w- C:\Users\ghost\AppData\Local\HP
2012-05-17 03:08:13 -------- d-----w- C:\windows\SysWow64\sda
2012-05-17 03:07:56 9888360 ----a-w- C:\windows\SysWow64\RtsUVStoricon.dll
2012-05-17 03:07:56 307304 ----a-w- C:\windows\System32\drivers\rtsuvstor.sys
2012-05-17 03:07:56 17512 ----a-w- C:\windows\System32\drivers\diskperf64.sys
2012-05-17 02:59:01 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-05-17 02:59:01 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-17 02:59:01 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-05-17 02:59:01 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-05-17 02:59:01 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-05-17 02:59:01 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-17 02:59:01 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-17 00:27:07 -------- d-----w- C:\Users\ghost\AppData\Roaming\OpenCandy
2012-05-17 00:26:51 -------- d-----w- C:\Users\ghost\AppData\Roaming\DVDVideoSoftIEHelpers
2012-05-17 00:26:49 2557952 ----a-w- C:\windows\SysWow64\QtCore4.dll
2012-05-17 00:26:46 405176 ----a-w- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-05-17 00:26:40 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
2012-05-17 00:26:40 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
2012-05-17 00:25:57 -------- d-----w- C:\Users\ghost\AppData\Roaming\DVDVideoSoft
2012-05-17 00:05:29 -------- d-----w- C:\Users\ghost\AppData\Roaming\SplitScreen
2012-05-16 15:22:58 1251944 ----a-w- C:\windows\RtlExUpd.dll
2012-05-16 15:22:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-05-14 20:34:51 -------- d-----w- C:\Users\ghost\AppData\Local\CyberLink
2012-05-14 19:38:06 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-05-14 19:38:06 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-05-14 18:54:00 -------- d-----w- C:\windows\System32\SPReview
2012-05-14 18:53:39 -------- d-----w- C:\windows\System32\EventProviders
2012-05-14 18:41:59 762880 ----a-w- C:\windows\SysWow64\azroles.dll
2012-05-14 18:40:59 978944 ----a-w- C:\windows\System32\WMSPDMOD.DLL
2012-05-14 18:12:44 2565632 ----a-w- C:\windows\System32\esent.dll
2012-05-14 18:12:44 1699328 ----a-w- C:\windows\SysWow64\esent.dll
2012-05-14 18:12:44 1659776 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-05-14 18:12:43 96768 ----a-w- C:\windows\System32\fsutil.exe
2012-05-14 18:12:43 410496 ----a-w- C:\windows\System32\drivers\iaStorV.sys
2012-05-14 18:12:43 27008 ----a-w- C:\windows\System32\drivers\amdxata.sys
2012-05-14 18:12:43 189824 ----a-w- C:\windows\System32\drivers\storport.sys
2012-05-14 18:12:43 166272 ----a-w- C:\windows\System32\drivers\nvstor.sys
2012-05-14 18:12:43 148352 ----a-w- C:\windows\System32\drivers\nvraid.sys
2012-05-14 18:12:43 107904 ----a-w- C:\windows\System32\drivers\amdsata.sys
2012-05-14 18:12:42 74240 ----a-w- C:\windows\SysWow64\fsutil.exe
2012-05-14 18:11:36 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys
2012-05-14 18:11:36 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
2012-05-14 18:11:35 98816 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2012-05-14 18:11:35 7936 ----a-w- C:\windows\System32\drivers\usbd.sys
2012-05-14 18:11:35 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2012-05-14 18:11:35 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2012-05-14 18:11:35 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2012-05-14 18:11:32 80384 ----a-w- C:\windows\System32\drivers\BTHUSB.SYS
2012-05-14 18:11:32 552960 ----a-w- C:\windows\System32\drivers\bthport.sys
2012-05-14 18:11:32 229376 ----a-w- C:\windows\System32\fsquirt.exe
2012-05-14 04:39:36 57952 ----a-w- C:\windows\System32\drivers\fbfmon.sys
2012-05-14 04:39:36 44896 ----a-w- C:\windows\System32\FbDefrag.exe
2012-05-14 04:39:36 23120 ----a-w- C:\windows\System32\drivers\BootVid.dll
2012-05-14 04:39:36 15968 ----a-w- C:\windows\System32\NFbfmon.dll
2012-05-14 04:39:36 13408 ----a-w- C:\windows\System32\drivers\BPntDrv.sys
2012-05-14 04:32:53 -------- d-----w- C:\Users\ghost\AppData\Roaming\Lenovo
2012-05-14 03:59:25 -------- d-----w- C:\Program Files\Intel Corporation
2012-05-14 03:57:55 468480 ----a-w- C:\windows\System32\deployJava1.dll
2012-05-14 03:54:36 -------- d-----w- C:\ProgramData\boost_interprocess
2012-05-14 03:54:08 -------- d-----r- C:\Program Files (x86)\Skype
2012-05-14 03:40:43 97208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-05-14 03:32:35 -------- d-----w- C:\windows\SysWow64\Wat
2012-05-14 03:32:34 -------- d-----w- C:\windows\System32\Wat
2012-05-14 03:31:27 902656 ----a-w- C:\windows\System32\d2d1.dll
2012-05-14 03:31:27 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
2012-05-14 03:31:27 1139200 ----a-w- C:\windows\System32\FntCache.dll
2012-05-14 03:15:31 -------- d-----w- C:\Users\ghost\.swt
2012-05-14 03:15:30 -------- d-----w- C:\Users\ghost\AppData\Roaming\Azureus
2012-05-14 03:14:20 -------- d-----w- C:\Program Files (x86)\Vuze
2012-05-14 03:04:08 -------- d-----w- C:\windows\SysWow64\Adobe
2012-05-14 03:02:59 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-14 03:02:59 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-05-14 02:42:10 -------- d-----w- C:\Program Files (x86)\Essentials Codec Pack
2012-05-14 02:41:51 -------- d-----w- C:\Users\ghost\AppData\Local\Babylon
2012-05-14 02:41:49 -------- d-----w- C:\Users\ghost\AppData\Roaming\Babylon
2012-05-14 02:41:49 -------- d-----w- C:\ProgramData\Babylon
2012-05-14 02:26:29 -------- d-----w- C:\Program Files (x86)\RocketDock
2012-05-14 02:16:35 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-05-14 02:16:35 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-05-14 02:16:35 5120 ----a-w- C:\windows\System32\wmi.dll
2012-05-14 02:16:35 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-05-14 02:16:35 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-05-14 02:16:35 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-05-14 02:16:35 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-05-14 02:09:08 961024 ----a-w- C:\windows\System32\CPFilters.dll
2012-05-14 02:09:07 850944 ----a-w- C:\windows\SysWow64\sbe.dll
2012-05-14 02:09:07 642048 ----a-w- C:\windows\SysWow64\CPFilters.dll
2012-05-14 02:09:07 259072 ----a-w- C:\windows\System32\mpg2splt.ax
2012-05-14 02:09:07 199680 ----a-w- C:\windows\SysWow64\mpg2splt.ax
2012-05-14 02:09:07 1118720 ----a-w- C:\windows\System32\sbe.dll
2012-05-14 02:07:59 212992 ----a-w- C:\windows\System32\odbctrac.dll
2012-05-14 02:06:44 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2012-05-14 02:03:49 421888 ----a-w- C:\windows\System32\KernelBase.dll
2012-05-14 02:02:42 1731920 ----a-w- C:\windows\System32\ntdll.dll
2012-05-14 02:02:42 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll
2012-05-14 02:00:08 -------- d-----w- C:\Program Files\Common Files\Intel
2012-05-14 02:00:07 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-05-14 01:57:50 -------- d-----w- C:\Program Files\Synaptics
2012-05-14 01:57:33 -------- d-----w- C:\Drivers
2012-05-14 01:43:22 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E569D58A-9F92-4299-9005-FE498005F6A0}\gapaengine.dll
2012-05-14 01:42:43 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-05-14 01:36:07 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-14 01:36:05 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-14 01:23:57 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-05-14 01:23:55 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-05-14 01:23:55 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-05-14 01:23:55 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-05-14 01:23:54 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-05-14 01:22:46 -------- d-----w- C:\Users\ghost\AppData\Local\PlayMovie
2012-05-13 20:50:36 -------- d-----w- C:\windows\sysprep32
2012-05-13 20:47:50 79376 ----a-w- C:\windows\System32\drivers\WDBridge.sys
2012-05-13 20:47:50 22344 ----a-w- C:\windows\System32\WDMirror.dll
2012-05-13 20:47:50 11280 ----a-w- C:\windows\System32\drivers\WDMirror.sys
2012-05-13 20:47:48 16648 ----a-r- C:\windows\SysWow64\LogAPI.dll
2012-05-13 20:47:02 509224 ----a-w- C:\windows\SysWow64\msvcp71.dll
2012-05-13 20:47:02 353576 ----a-w- C:\windows\SysWow64\msvcr71.dll
2012-05-13 20:47:02 1066280 ----a-w- C:\windows\SysWow64\mfc71.dll
2012-05-13 20:46:53 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-05-13 20:46:53 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-05-13 20:46:53 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-05-13 20:46:53 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-05-13 20:46:53 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-05-13 20:46:26 -------- d-----w- C:\ProgramData\Lenovo
2012-05-13 20:45:15 39008 ----a-w- C:\windows\System32\drivers\LhdX64.sys
2012-05-13 20:45:13 28176 ----a-w- C:\windows\System32\drivers\AcpiVpc.sys
2012-05-13 20:43:35 279968 ----a-w- C:\windows\System32\LenovoSdk.OKTDLL.dll
2012-05-13 20:35:55 -------- d-----w- C:\Program Files\Desktop
2012-05-13 20:35:54 136704 ----a-w- C:\windows\System32\LenovoRecycleIcon.dll
2012-05-13 20:35:51 -------- d-----w- C:\Temp
2012-05-13 20:35:51 -------- d-----w- C:\Program Files\Lenovo
2012-05-13 20:34:52 8192 ----a-w- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
2012-05-13 20:34:52 8192 ----a-w- C:\windows\System32\drivers\IntelMEFWVer.dll
2012-05-13 20:34:49 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-05-13 20:30:46 -------- d-----w- C:\Program Files (x86)\Lenovo
2012-05-13 20:30:41 -------- d-sh--w- C:\windows\Installer
2012-05-13 20:28:20 -------- d-----w- C:\Intel
2012-05-13 20:28:19 438808 ----a-w- C:\windows\System32\drivers\iaStor.sys
2012-05-13 20:26:49 53248 ----a-w- C:\windows\SysWow64\CSVer.dll
2012-05-13 20:26:06 488 ----a-w- C:\windows\s.bat
.
==================== Find3M ====================
.
2012-05-14 19:11:24 175616 ----a-w- C:\windows\System32\msclmd.dll
2012-05-14 19:11:24 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2012-03-31 06:05:57 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-03-21 00:44:12 98688 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-03-21 00:44:12 203888 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-03-20 03:44:20 5888792 ----a-w- C:\windows\System32\GfxUI.exe
2012-03-20 03:44:20 509720 ----a-w- C:\windows\System32\igfxsrvc.exe
2012-03-20 03:44:20 439064 ----a-w- C:\windows\System32\igfxpers.exe
2012-03-20 03:44:20 398616 ----a-w- C:\windows\System32\hkcmd.exe
2012-03-20 03:44:20 276248 ----a-w- C:\windows\SysWow64\IntelCpHeciSvc.exe
2012-03-20 03:44:20 250136 ----a-w- C:\windows\System32\igfxext.exe
2012-03-20 03:44:20 184600 ----a-w- C:\windows\System32\difx64.exe
2012-03-20 03:44:20 170264 ----a-w- C:\windows\System32\igfxtray.exe
2012-03-20 03:42:08 90112 ----a-w- C:\windows\System32\igfxCoIn_v2696.dll
2012-03-20 03:32:04 14745600 ----a-w- C:\windows\System32\drivers\igdkmd64.sys
2012-03-20 03:31:56 8087040 ----a-w- C:\windows\System32\igdumd64.dll
2012-03-20 03:31:16 963912 ----a-w- C:\windows\SysWow64\igkrng600.bin
2012-03-20 03:31:16 963912 ----a-w- C:\windows\System32\igkrng600.bin
2012-03-20 03:31:16 261208 ----a-w- C:\windows\SysWow64\igfcg600m.bin
2012-03-20 03:31:16 261208 ----a-w- C:\windows\System32\igfcg600m.bin
2012-03-20 03:31:14 79360 ----a-w- C:\windows\System32\igdde64.dll
2012-03-20 03:26:56 6120960 ----a-w- C:\windows\SysWow64\igdumd32.dll
2012-03-20 03:25:58 58880 ----a-w- C:\windows\SysWow64\igdde32.dll
2012-03-20 03:22:10 9605632 ----a-w- C:\windows\System32\igd10umd64.dll
2012-03-20 03:11:38 7795200 ----a-w- C:\windows\SysWow64\igd10umd32.dll
2012-03-20 02:31:14 18137088 ----a-w- C:\windows\System32\ig4icd64.dll
2012-03-20 02:21:14 13212672 ----a-w- C:\windows\SysWow64\ig4icd32.dll
2012-03-20 02:17:56 28672 ----a-w- C:\windows\System32\igfxexps.dll
2012-03-20 02:17:46 63488 ----a-w- C:\windows\System32\igfxsrvc.dll
2012-03-20 02:17:22 110592 ----a-w- C:\windows\System32\hccutils.dll
2012-03-20 02:17:14 9216 ----a-w- C:\windows\System32\IGFXDEVLib.dll
2012-03-20 02:17:14 434688 ----a-w- C:\windows\System32\igfxdev.dll
2012-03-20 02:17:14 172032 ----a-w- C:\windows\System32\gfxSrvc.dll
2012-03-20 02:16:40 286208 ----a-w- C:\windows\System32\igfxrenu.lrc
2012-03-20 02:16:38 142336 ----a-w- C:\windows\System32\igfxdo.dll
2012-03-20 02:16:36 9007616 ----a-w- C:\windows\System32\igfxress.dll
2012-03-20 02:12:06 25088 ----a-w- C:\windows\SysWow64\igfxexps32.dll
2012-03-20 02:11:22 325120 ----a-w- C:\windows\SysWow64\igfxdv32.dll
2012-03-20 02:09:08 524800 ----a-w- C:\windows\System32\iglhsip64.dll
2012-03-20 02:09:08 519680 ----a-w- C:\windows\SysWow64\iglhsip32.dll
2012-03-20 02:09:08 2967040 ----a-w- C:\windows\System32\igfxcmjit64.dll
2012-03-20 02:09:08 237056 ----a-w- C:\windows\SysWow64\igfxcmrt32.dll
2012-03-20 02:09:08 2321408 ----a-w- C:\windows\SysWow64\igfxcmjit32.dll
2012-03-20 02:09:08 213504 ----a-w- C:\windows\System32\iglhcp64.dll
2012-03-20 02:09:08 193024 ----a-w- C:\windows\System32\igfxcmrt64.dll
2012-03-20 02:09:08 177152 ----a-w- C:\windows\SysWow64\iglhcp32.dll
2012-03-17 07:58:57 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
.
============= FINISH: 1:35:05.27 ===============
NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/13/2012 9:21:29 PM
System Uptime: 6/7/2012 11:59:29 PM (2 hours ago)
.
Motherboard: LENOVO | | Emerald Lake
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU | 2100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 655 GiB total, 603.782 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 27.566 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP28: 6/1/2012 1:47:12 AM - Windows Update
RP29: 6/4/2012 3:04:18 PM - Windows Update
RP30: 6/5/2012 10:01:40 AM - Windows Update
RP31: 6/5/2012 2:16:36 PM - Installed Java(TM) 7 Update 4
RP32: 6/5/2012 2:17:18 PM - Installed JavaFX 2.1.0
RP33: 6/7/2012 9:23:00 PM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
AviSynth 2.5
CyberLink YouCam
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Energy Management
ffdshow [rev 2583] [2009-01-05]
Free Video to MP3 Converter version 5.0.11.508
Free YouTube to MP3 Converter version 3.11.22.508
Haali Media Splitter
HP ePrint Mobile
HP Photosmart Plus B210 series Help
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java(TM) 7 Update 4
JMicron Flash Media Controller Driver
Lenovo DirectShare
Lenovo Games Console
Lenovo MuteSync
Lenovo OneKey Recovery
Lenovo ReadyComm 5
Lenovo ReadyComm 5.0 Service
Lenovo SlideNav
Lenovo SplitScreen
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
Onekey Theater
Play Movie
Power2Go
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
RocketDock 1.3.5
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype Click to Call
Skype™ 5.5
Sothink Movie DVD Maker
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Windows Essentials Media Codec Pack 4.0 [64-Bit]
.
==== Event Viewer Messages From Past Week ========
.
6/8/2012 12:01:58 AM, Error: Service Control Manager [7000] - The ReadyComm.DirectRouter service failed to start due to the following error: The system cannot find the file specified.
6/7/2012 9:26:55 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user ghost-PC\Guest SID (S-1-5-21-3892480797-2785981906-2625351531-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/7/2012 9:25:25 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.127.1325.0;1.127.1325.0 Engine version: 1.1.8403.0
6/5/2012 2:01:07 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
6/1/2012 8:07:02 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume E:.
6/1/2012 8:04:06 AM, Error: Microsoft Antimalware [1005] - Microsoft Antimalware scan has encountered an error and terminated. Scan ID: {97E16A85-115E-4F2D-A7F9-E6812190F764} Scan Type: Antimalware Scan Parameters: Custom Scan User: ghost-PC\ghost Error Code: 0x80508023 Error description: The program could not find the malware and other potentially unwanted software on this computer.
6/1/2012 8:03:47 AM, Error: Microsoft Antimalware [1005] - Microsoft Antimalware scan has encountered an error and terminated. Scan ID: {7889F855-3A45-439A-A726-6614B032DB21} Scan Type: Antimalware Scan Parameters: Custom Scan User: ghost-PC\ghost Error Code: 0x80508023 Error description: The program could not find the malware and other potentially unwanted software on this computer.
.
==== End Of File ===========================
linerider69
Active Member
 
Posts: 4
Joined: June 7th, 2012, 10:53 pm

Re: Virus removal

Unread postby pgmigg » June 8th, 2012, 2:09 pm

Hello linerider69,

Thank you for logs - I am currently reviewing them and will return, as soon as possible, with additional instructions. In the meantime...

Please tell me, is this computer used for business purposes or connected to any business or educational networks?
I need to know it - so I can provide the proper instructions.

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Virus removal

Unread postby linerider69 » June 8th, 2012, 9:03 pm

Sorry it took me so long to reply.No it is not connected to any educational networks just used for personal use and alot for my kids school work and my brother is on it sometimes.I have not had a virus since i have downloaded Microsoft security essentials 3 years ago.I had some other problems with the computer earlier and decided i would just pull the hard drive and format it and start all over I thank you for your help.I do respect the work you all do on this site and think you all are doing an amazing job thank you for your patience and knowledge. Sincerely. Thomas Rodriguez
linerider69
Active Member
 
Posts: 4
Joined: June 7th, 2012, 10:53 pm

Re: Virus removal

Unread postby pgmigg » June 9th, 2012, 1:16 pm

You are welcome Thomas! :)

If you would like to reformat/reinstall, I will recommend you the following:

For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive.
The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

Please read the following:

Please don't hesitate to ask any questions related to this action. I will be happy to help you...

Please click HERE to find a short guide to staying safer online.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Virus removal

Unread postby linerider69 » June 9th, 2012, 7:46 pm

Thank you yes all i backed up was my photos and music i had copied from discs then formatted my hd with a kit i had bought at comp usa that attaches to my other computer so i think i am safe thank again.
linerider69
Active Member
 
Posts: 4
Joined: June 7th, 2012, 10:53 pm

Re: Virus removal

Unread postby NonSuch » June 13th, 2012, 12:59 am

As this issue appears to be resolved, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27301
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware