Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

funmoods nightmare

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

funmoods nightmare

Unread postby wildflowas » June 23rd, 2012, 8:35 am

Trying to get funmoods off my machine!

HERE IS MY DDS FILE:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Donda at 8:03:56 on 2012-06-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3824.1240 [GMT -4:00]
.
AV: Microsoft Forefront Client Security *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Forefront Client Security *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Users\Donda\Documents\FFOutput\ADVWindowsClientService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
C:\Users\Donda\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Donda\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Donda\Downloads\hijackthis setup.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\system32\SnippingTool.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\windows\splwow64.exe
C:\windows\system32\notepad.exe
C:\windows\system32\taskeng.exe
C:\Users\Donda\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\windows\system32\conhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Users\Donda\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=axl&ch ... =749087589
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSND
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSND
mStart Page = hxxp://start.funmoods.com/?f=1&a=axl&ch ... =749087589
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {FFA0793E-3980-4BE4-8234-048FA665F700} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
uRun: [PCShowServer] "C:\Users\Donda\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{9847B419-6792-48AA-8EC3-F49DFB4CBCE8} : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{9B8378AD-5C15-4228-9958-110002F8226E} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{9B8378AD-5C15-4228-9958-110002F8226E}\24F44545C44434146594 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{9B8378AD-5C15-4228-9958-110002F8226E}\34869636B6D26696C6D2140275966496 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{9B8378AD-5C15-4228-9958-110002F8226E}\37F6E696367716C6C6D223E6460264C6F6F627 : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{9B8378AD-5C15-4228-9958-110002F8226E}\44F4E44414 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9B8378AD-5C15-4228-9958-110002F8226E}\44F4E44414D494E4940534F5E4564777F627B6 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{9B8378AD-5C15-4228-9958-110002F8226E}\8656C656E616D20534D275962756C6563737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9B8378AD-5C15-4228-9958-110002F8226E}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB-X64: {FFA0793E-3980-4BE4-8234-048FA665F700} - No File
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Donda\AppData\Roaming\Mozilla\Firefox\Profiles\fbsfnbrs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Donda\AppData\Local\DIRECTV Player\npPCShowPlugin.dll
FF - plugin: C:\Users\Donda\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
FF - plugin: C:\Users\Donda\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Donda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Donda\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Donda\AppData\Roaming\Mozilla\Firefox\Profiles\fbsfnbrs.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dll
FF - plugin: C:\Users\Donda\AppData\Roaming\Mozilla\Firefox\Profiles\fbsfnbrs.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Users\Donda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Donda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\system32\TVUAx\npTVUAx.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&ch ... =749087589
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&ch ... =749087589
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - 369eac3e00000000000064d4da1981fc
FF - user.js: extensions.funmoods.instlDay - 15511
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2221:53:15
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [2010-7-20 16384]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [2007-4-5 77216]
R2 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\windows\system32\drivers\LMIRfsDriver.sys --> C:\windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MSSQL$SOSHOME309;SQL Server (SOSHOME309);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 risdpcie;risdpcie;C:\windows\system32\DRIVERS\risdpe64.sys --> C:\windows\system32\DRIVERS\risdpe64.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-21 1153368]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 bpenum;bpenum;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\windows\system32\DRIVERS\e1k62x64.sys --> C:\windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
R4 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 375176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 257696]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\windows\system32\drivers\BVRPMPR5a64.SYS --> C:\windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-19 135664]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-19 135664]
.
=============== Created Last 30 ================
.
2012-06-23 11:59:55 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{3FAF50DC-BEA5-45C5-8C7B-6CBE826E224B}\mpengine.dll
2012-06-23 11:55:22 -------- d-----w- C:\Users\Donda\AppData\Local\{AB7E08E7-2645-4571-A5A9-90EFD6A73440}
2012-06-23 00:07:12 388096 ----a-r- C:\Users\Donda\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-23 00:07:11 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-06-22 22:46:51 -------- d-----w- C:\Users\Donda\AppData\Local\{F00F9A4E-D71D-4141-9CD2-0E2D5F64ABA2}
2012-06-22 22:46:27 -------- d-----w- C:\Users\Donda\AppData\Local\{E381FD2A-54B7-4E15-8150-0D26BB05535C}
2012-06-22 01:26:49 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-22 01:26:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-22 00:29:18 -------- d-----w- C:\Users\Donda\AppData\Roaming\SUPERAntiSpyware.com
2012-06-22 00:28:35 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-22 00:28:35 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-22 00:27:02 63080 ----a-r- C:\Users\Donda\AppData\Roaming\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe
2012-06-22 00:26:59 -------- d-----w- C:\Users\Donda\AppData\Local\DIRECTV Player
2012-06-21 22:33:31 -------- d-----w- C:\Program Files\CCleaner
2012-06-21 21:59:51 -------- d-----w- C:\Users\Donda\AppData\Local\{B26D134C-2DB1-493A-A259-333FF8B36DE3}
2012-06-21 21:59:40 -------- d-----w- C:\Users\Donda\AppData\Local\{C85D8514-390D-4154-AB37-AB7A5B75CF8B}
2012-06-21 21:11:47 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-21 21:11:30 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-21 21:10:55 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-21 21:10:55 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-21 09:59:12 -------- d-----w- C:\Users\Donda\AppData\Local\{E8F198EB-B6C3-435C-9893-2C5C4A5828AE}
2012-06-21 09:59:00 -------- d-----w- C:\Users\Donda\AppData\Local\{C98AD4B0-4E55-4E18-9CC4-B2885BEAE0DB}
2012-06-20 21:57:51 -------- d-----w- C:\Users\Donda\AppData\Local\{1B5178E0-E0BD-4CF4-8A58-CA82A61FC8A9}
2012-06-20 21:57:32 -------- d-----w- C:\Users\Donda\AppData\Local\{5348603E-EB6A-437F-948C-0FCF05293143}
2012-06-19 22:29:53 -------- d-----w- C:\Users\Donda\AppData\Local\{14999702-9F9F-441A-A145-8EF27312B925}
2012-06-19 22:29:33 -------- d-----w- C:\Users\Donda\AppData\Local\{4F10B7EF-5EBD-4734-BFF7-ACF7CE716961}
2012-06-19 00:23:40 -------- d-----w- C:\Users\Donda\AppData\Local\{C8B9ED25-22BA-410F-8B82-8B0C935899EF}
2012-06-19 00:23:04 -------- d-----w- C:\Users\Donda\AppData\Local\{2773CC76-A8B8-41FD-A952-7906C2B16381}
2012-06-18 01:13:57 -------- d-----w- C:\Users\Donda\AppData\Local\{F770FF53-8DE4-4303-8465-1629D24433F8}
2012-06-16 23:17:22 -------- d-----w- C:\Users\Donda\AppData\Local\{2CFDFE06-8E8B-40F4-9911-4183D12C1ABE}
2012-06-15 12:44:45 -------- d-----w- C:\Users\Donda\AppData\Local\{28BA9E6B-91B6-4B69-AA57-FCCACFECEB0F}
2012-06-15 01:52:49 -------- d-----w- C:\Users\Donda\AppData\Local\{7896B21C-85EB-4DB2-A875-E239A98D2F0A}
2012-06-14 01:08:10 -------- d-----w- C:\Users\Donda\AppData\Local\{26F1B73F-7816-46E8-A18F-F0761377759B}
2012-06-13 13:17:00 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-06-13 13:16:59 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-06-13 13:16:59 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-06-13 13:16:47 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-06-13 13:16:46 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 13:16:46 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-06-13 13:16:38 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-06-13 13:16:35 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-06-13 13:06:42 -------- d-----w- C:\Users\Donda\AppData\Local\{97F6F9E2-A1E8-4EF5-9A0E-AC10949782CE}
2012-06-13 13:06:19 -------- d-----w- C:\Users\Donda\AppData\Local\{D7808328-3D21-4BC9-AD5D-6A3244EC5884}
2012-06-13 00:29:29 -------- d-----w- C:\Users\Donda\AppData\Local\{64248E67-637E-41CB-82BC-EDF31AF60D13}
2012-06-12 12:29:02 -------- d-----w- C:\Users\Donda\AppData\Local\{2AEBA435-FC65-4A25-8D6E-7615C0D659CF}
2012-06-11 19:11:13 -------- d-----w- C:\Users\Donda\AppData\Local\{AA54BE69-A5C3-46C2-9C46-B34FD9B3227B}
2012-06-11 19:10:41 -------- d-----w- C:\Users\Donda\AppData\Local\{710C0C0C-8ABA-4688-BA69-13C560B24A51}
2012-06-11 00:53:11 -------- d-----w- C:\Users\Donda\AppData\Local\{A6968683-2B82-45E6-8220-D9FBFCE20708}
2012-06-11 00:53:00 -------- d-----w- C:\Users\Donda\AppData\Local\{490E7131-7C75-4201-BBA4-64DB85B38324}
2012-06-10 12:57:08 -------- d-----w- C:\Users\Donda\AppData\Local\Macromedia
2012-06-10 12:56:42 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-10 12:56:42 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-10 12:51:44 -------- d-----w- C:\Users\Donda\AppData\Local\{C136CF27-BF54-40F6-983D-D1DED5C474BF}
2012-06-10 12:51:13 -------- d-----w- C:\Users\Donda\AppData\Local\{88512898-ED88-4D39-891F-C133A07AFB3A}
2012-06-09 23:55:46 -------- d-----w- C:\Users\Donda\AppData\Local\{8940D8DB-A028-4AC4-B10D-C0C1D1B3B6C7}
2012-06-09 11:36:44 -------- d-----w- C:\Users\Donda\AppData\Local\{13BA04A6-676F-46E0-89BD-3E720009BD1E}
2012-06-08 22:07:51 -------- d-----w- C:\Users\Donda\AppData\Local\{2BB909C7-25E0-4FBD-99BE-31B5D0ED378D}
2012-06-08 22:07:31 -------- d-----w- C:\Users\Donda\AppData\Local\{450F0E1A-455B-4BEE-8DBB-B051D0E59693}
2012-06-07 23:56:23 -------- d-----w- C:\Users\Donda\AppData\Local\{123568D0-36C0-4C2A-A289-4700632C714B}
2012-06-07 23:56:12 -------- d-----w- C:\Users\Donda\AppData\Local\{EB7F0C70-2D17-4897-B8F4-7B0F3A990190}
2012-06-06 22:57:02 -------- d-----w- C:\Users\Donda\AppData\Local\{9874F73E-3E8D-4160-A40F-D332C053A115}
2012-06-06 22:56:50 -------- d-----w- C:\Users\Donda\AppData\Local\{93BA7063-EC38-4C42-BFDC-802FA4D169DD}
2012-06-05 23:51:01 -------- d-----w- C:\Users\Donda\AppData\Local\{ABE94F99-1F5E-4C6D-8539-515639C80BE3}
2012-06-05 23:50:39 -------- d-----w- C:\Users\Donda\AppData\Local\{D766AE7D-8566-402E-831E-000DDB50732C}
2012-06-02 18:19:31 -------- d-----w- C:\Users\Donda\AppData\Local\{1AEF1160-6913-46C2-B504-226CFF393BAB}
2012-06-02 18:19:00 -------- d-----w- C:\Users\Donda\AppData\Local\{B49E5678-206E-44DC-A4C4-943E0BB1EB15}
2012-05-31 00:04:51 -------- d-----w- C:\Users\Donda\AppData\Local\{C156608E-933E-49F1-A193-2BCEDDFFC725}
2012-05-31 00:04:33 -------- d-----w- C:\Users\Donda\AppData\Local\{88A3535F-F8FA-44E7-8A77-A157FCE085A7}
2012-05-30 00:17:45 -------- d-----w- C:\Users\Donda\AppData\Local\{C8864667-259B-4D99-AA01-5C68A90FB34A}
2012-05-30 00:17:27 -------- d-----w- C:\Users\Donda\AppData\Local\{0DAAB0B7-9072-4C57-8D76-D4207B15E44E}
2012-05-28 18:07:38 -------- d-----w- C:\Users\Donda\AppData\Local\{664411A2-1734-48C0-90C8-58EE7C174C37}
2012-05-27 11:40:25 -------- d-----w- C:\Users\Donda\AppData\Local\{83A1AA1D-B463-4132-A36E-D8F1E044FF40}
2012-05-27 11:40:07 -------- d-----w- C:\Users\Donda\AppData\Local\{A82EDF2C-93B0-413B-8950-224408A45BF0}
2012-05-26 23:24:42 -------- d-----w- C:\Users\Donda\AppData\Local\{1E5230A4-FD66-40B1-B5E7-DA72E82E9671}
2012-05-26 11:13:49 -------- d-----w- C:\Users\Donda\AppData\Local\{8E27A85F-EA9A-4F20-BECF-9EEA994998BF}
2012-05-26 11:13:32 -------- d-----w- C:\Users\Donda\AppData\Local\{23B92019-0258-4DFA-9E9E-333A00845B6A}
2012-05-25 20:18:12 -------- d-----w- C:\Users\Donda\AppData\Local\{BC65792F-BDE8-490D-9F49-D7A6DFF9CFA6}
2012-05-25 20:17:50 -------- d-----w- C:\Users\Donda\AppData\Local\{1B6E514A-3912-46F2-A2A4-F0B386A0EB65}
.
==================== Find3M ====================
.
2012-06-10 13:48:29 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-10 13:48:29 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-05-22 02:06:45 87456 ----a-w- C:\windows\System32\LMIRfsClientNP.dll
2012-05-22 02:06:44 80768 ----a-w- C:\windows\System32\LMIinit.dll
2012-05-22 02:06:44 34688 ----a-w- C:\windows\System32\LMIport.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-04-04 23:42:02 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-04-04 19:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 8:05:21.45 ===============


HERE IS MY ATTACH FILE:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/17/2011 9:05:30 AM
System Uptime: 6/23/2012 4:46:53 AM (4 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | rBGA1288 Socket | 911/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 320.687 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&BE28B39&0&02
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter #2
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&BE28B39&0&02
Service: vwifimp
.
==== System Restore Points ===================
.
RP348: 6/12/2012 8:33:49 AM - Windows Update
RP349: 6/13/2012 10:58:53 PM - Windows Update
RP350: 6/17/2012 9:14:30 AM - Windows Update
RP351: 6/20/2012 5:58:57 PM - Windows Update
RP352: 6/21/2012 5:10:19 PM - Windows Update
RP353: 6/22/2012 8:06:43 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat 8 Standard - English, Français, Deutsch
Adobe Acrobat 8.1.4 Standard
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Amazon Kindle
Amazon MP3 Downloader 1.0.15
Amazon MP3 Uploader
Amazon Unbox Video
Apple Application Support
Apple Software Update
ConvertHelper 2.2
Coupon Printer for Windows
Crystal Reports Basic Runtime for Visual Studio 2008
D3DX10
DIRECTV Player
Facebook Messenger 2.1.4520.0
Facebook Video Calling 1.2.0.159
FormatFactory 2.90
FoxTab PDF Converter
Google Chrome
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.8.0.723
HiJackThis
iLivid
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
LogMeIn
Malwarebytes Anti-Malware version 1.61.0.1400
Math 5 Teaching Textbook
Mesh Runtime
Messenger Companion
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SOSHOME309)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
NEC Electronics USB 3.0 Host Controller Driver
NETGEAR Live Parental Controls Management Utility 2.1.3
NETGEAR Live Parental Controls User Utility 1.0b40
OpenDNS Updater 2.2.1
PL-2303 USB-to-Serial
QuickTime
Realtek High Definition Audio Driver
RICOH R5U230 Media Driver ver.2.10.03.02
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
ShopAtHome.com Toolbar
Skype™ 5.9
Spybot - Search & Destroy
Switched-On Schoolhouse 2010 - Home Edition
Switched-On Schoolhouse 2010 - Home Edition Database
Switched-On Schoolhouse 2010 - Home Edition Tutorials
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnciper
TurboTax 2011 wrapper
TVUPlayer 2.5.3.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Center Add-in for Silverlight
Windows Media Player Firefox Plugin
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
6/22/2012 6:50:06 PM, Error: FcsSas [10006] - Forefront Client Security State Assessment Service policy applied with errors. Reverted to the following settings: Schedule Type: Interval Time: 12 Parameter:
6/22/2012 10:12:25 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 12.
6/22/2012 10:12:25 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
6/21/2012 5:55:06 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect.
6/21/2012 5:55:06 AM, Error: Service Control Manager [7000] - The Intuit Update Service v4 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/21/2012 12:57:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Amazon Unbox Video Service service to connect.
6/17/2012 9:42:58 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
6/16/2012 10:16:39 AM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
wildflowas
Active Member
 
Posts: 3
Joined: June 23rd, 2012, 8:10 am
Location: NC
Advertisement
Register to Remove

Re: funmoods nightmare

Unread postby Gary R » June 26th, 2012, 1:12 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: funmoods nightmare

Unread postby Gary R » June 26th, 2012, 1:24 am

Your choice of Anti-Virus and a few other things, would suggest that this is a business computer, can you confirm whether that is the case or not.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: funmoods nightmare

Unread postby wildflowas » June 27th, 2012, 9:15 pm

Sorry for the delay in my response. No, this is my personal computer.
wildflowas
Active Member
 
Posts: 3
Joined: June 23rd, 2012, 8:10 am
Location: NC

Re: funmoods nightmare

Unread postby wildflowas » June 27th, 2012, 9:24 pm

To further clarify, I use this computer for school - I'm an online student at well-known university. Now, I did do some work from home for my previous employer, but I own this computer, they do not and I no longer work for them. Hope that helps! Thanks!
wildflowas
Active Member
 
Posts: 3
Joined: June 23rd, 2012, 8:10 am
Location: NC

Re: funmoods nightmare

Unread postby Gary R » June 28th, 2012, 3:58 am

OK, then .....

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download SystemLook from one of the links below and save it to your Desktop.
Download links for 64 bit Windows:
Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *funmoods*
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *SweetIM*
    
    :folderfind
    *funmoods*
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *SweetIM*
    
    :Regfind
    funmoods
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    SweetIM
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • SystemLook.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: funmoods nightmare

Unread postby Gary R » July 1st, 2012, 1:33 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware