Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

ReDirect Virus

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
MrBlondeOPS
Newbie


Joined: 05 Apr 2012
Last Visit: 06 Apr 2012
Posts: 2

PostPosted: Thu Apr 05, 2012 1:40 pm    Post subject: ReDirect Virus Reply with quote

Hi, I just registered to your forums because I am doing anything to find help to remove the virus I have on my computer. I definitely know that I have a redirect virus because every time I click a link on Google, it redirects me to some random website. When I first noticed this problem, I was always redirected to this Happili.com website, but now it goes to many different websites.

Here is my DDS attachment. Please tell me if I didn't attach them correctly. Also if I need to do something else let me know.

Quote:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by MrBlonde at 16:27:16 on 2012-04-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3884.2077 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\Explorer.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\MrBlonde\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\MrBlonde\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\MrBlonde\Downloads\hijackthis-s32-downloader.exe
C:\Users\MrBlonde\AppData\Local\Temp\asc5-setup-s3.exe
C:\Users\MrBlonde\AppData\Local\Temp\is-T8FPN.tmp\asc5-setup-s3.tmp
C:\Program Files (x86)\IObit\Advanced SystemCare 5\Wizard.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASC.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={F2EDB629-5925-4B02-BF47-BF2FC5BA674C}&mid=a53bea0b276f47d68fa7f1867692918a-2e92c956c95185db973f66a1c30dd242aa949b2f&lang=en&ds=ft011&pr=sa&d=2012-04-05 15:42:05&v=10.2.0.3&sap=hp
uDefault_Page_URL = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: FCToolbarURLSearchHook Class: {2b2505fa-fd68-0144-9128-cd617bdca8c2} - C:\Program Files (x86)\SocialRibbons LP2\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120217174013.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: SocialRibbons LP2: {ae92e5de-20f7-9934-d515-7be13880a842} - C:\Program Files (x86)\SocialRibbons LP2\Toolbar.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Akamai NetSession Interface] "C:\Users\MrBlonde\AppData\Local\Akamai\netsession_win.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0883A993-9741-4EFD-9FCB-4A1F866B8752} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0883A993-9741-4EFD-9FCB-4A1F866B8752}\16C62796368616D275962756C6563737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0883A993-9741-4EFD-9FCB-4A1F866B8752}\2375942554736363 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0883A993-9741-4EFD-9FCB-4A1F866B8752}\37861677E6379737D223E243 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{0883A993-9741-4EFD-9FCB-4A1F866B8752}\6696562736562656162746 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0883A993-9741-4EFD-9FCB-4A1F866B8752}\E4544574541425 : DhcpNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
AppInit_DLLs: c:\windows\syswow64\nvinit.dll, C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do-Not-Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120217174013.dll
BHO-X64: scriptproxy - No File
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO-X64: SocialRibbons LP2: {AE92E5DE-20F7-9934-D515-7BE13880A842} - C:\Program Files (x86)\SocialRibbons LP2\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
BHO-X64: DCA - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
AppInit_DLLs-X64: c:\windows\syswow64\nvinit.dll, C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MrBlonde\AppData\Roaming\Mozilla\Firefox\Profiles\n45acsvx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2878731&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bb7ad8a29-6bdb-446c-b45f-e3310342db83%7D&mid=a53bea0b276f47d68fa7f1867692918a-2e92c956c95185db973f66a1c30dd242aa949b2f&ds=ft011&v=10.2.0.3&lang=en&pr=sa&d=2012-04-05%2015%3A42%3A05
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb7ad8a29-6bdb-446c-b45f-e3310342db83%7D&mid=a53bea0b276f47d68fa7f1867692918a-2e92c956c95185db973f66a1c30dd242aa949b2f&ds=ft011&v=10.2.0.3&lang=en&pr=sa&d=2012-04-05%2015%3A42%3A05&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\avgidseha.sys --> C:\Windows\system32\DRIVERS\avgidseha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 SaiH8000;SaiH8000;C:\Windows\system32\DRIVERS\SaiH8000.sys --> C:\Windows\system32\DRIVERS\SaiH8000.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2012-04-05 20:55:05 388096 ----a-r- C:\Users\MrBlonde\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-05 20:55:00 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-05 20:42:09 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-04-05 20:42:04 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-04-05 20:42:04 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-04-04 19:22:22 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-04-04 19:22:21 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-04-04 19:22:18 331368 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-04-04 19:22:18 136168 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-04-04 19:22:06 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-04-04 19:21:42 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-04-04 19:21:17 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-04-04 19:21:16 -------- d-----w- C:\Users\MrBlonde\AppData\Roaming\PC Tools
2012-04-04 19:21:16 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2012-04-04 04:33:10 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys
2012-04-03 06:00:47 -------- d-----w- C:\Users\MrBlonde\AppData\Roaming\SUPERAntiSpyware.com
2012-04-03 05:59:15 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-04-03 05:59:15 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-04-03 05:34:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-03 04:27:34 110080 ----a-r- C:\Users\MrBlonde\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\IconF7A21AF7.exe
2012-04-03 04:27:34 110080 ----a-r- C:\Users\MrBlonde\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\IconD7F16134.exe
2012-04-03 04:27:34 110080 ----a-r- C:\Users\MrBlonde\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\Icon1226A4C5.exe
2012-04-03 04:27:33 -------- d-----w- C:\sh4ldr
2012-04-03 04:27:33 -------- d-----w- C:\Program Files\Enigma Software Group
2012-04-03 04:26:07 -------- d-----w- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-02 21:51:18 -------- d-----w- C:\Users\MrBlonde\AppData\Roaming\Nucuy
2012-04-02 21:51:18 -------- d-----w- C:\Users\MrBlonde\AppData\Roaming\Adihog
2012-04-02 21:51:15 -------- d-----w- C:\Users\MrBlonde\AppData\Roaming\Directory
2012-03-30 02:59:01 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-14 19:22:05 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 19:22:04 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 19:22:03 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 19:05:26 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 19:05:25 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 19:05:20 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 19:05:02 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 19:05:02 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 19:05:02 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 19:05:00 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 19:04:58 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 19:04:57 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 19:04:57 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-09 21:26:49 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs
2012-03-08 04:11:30 -------- d-----w- C:\ProgramData\SplitMediaLabs
2012-03-08 04:10:17 -------- d-----w- C:\Users\MrBlonde\AppData\Roaming\SplitMediaLabs
.
==================== Find3M ====================
.
2012-03-30 02:59:01 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-22 11:25:50 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-02-22 11:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-02-04 22:52:31 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-31 10:46:48 36944 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-01-19 15:22:08 45936 ----a-r- C:\Windows\System32\SBBD.EXE
.
============= FINISH: 16:29:47.94 ===============


I also have the "attach" notepad file if needed.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Apr 2014
Posts: 4559
Location: Land Of The Leprechauns

PostPosted: Fri Apr 06, 2012 9:02 am    Post subject: Reply with quote

Hi and welcome to Spyware Warrior Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.
Quote:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start

Quote:
I also have the "attach" notepad file if needed.

Please copy/paste the attach.txt log in your next reply.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
MrBlondeOPS
Newbie


Joined: 05 Apr 2012
Last Visit: 06 Apr 2012
Posts: 2

PostPosted: Fri Apr 06, 2012 11:13 am    Post subject: Reply with quote

Quote:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/19/2011 4:14:52 AM
System Uptime: 4/5/2012 3:44:11 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | U35JC
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | Socket 989 | 1583/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 33.971 GiB free.
D: is FIXED (NTFS) - 330 GiB total, 329.678 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP214: 11/16/2010 1:32:00 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP215: 11/16/2010 1:41:32 AM - Removed HiJackThis
RP216: 11/16/2010 3:33:44 AM - Installed AVG 2012
RP217: 11/16/2010 3:34:16 AM - Installed AVG 2012
RP218: 4/5/2012 3:51:55 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
Acrobat.com
Active@ ISO Burner
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Media Player
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
Advanced SystemCare 5
Akamai NetSession Interface
Akamai NetSession Interface Service
Alcor Micro USB Card Reader
Apple Application Support
Apple Software Update
ASUS AI Recovery
ASUS AP Bank
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
Asus Screensaver
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
ATK Package
AVG Security Toolbar
Boingo Wi-Fi
Choice Guard
Citrix online plug-in (Web)
CMN3 4.0
ControlDeck
Counter-Strike: Source
CyberLink LabelPrint
CyberLink Power2Go
Day of Defeat: Source
Default Tab
eReg
ESET Online Scanner v3
Express Gate
Fraps
Google Chrome
Google Update Helper
HiJackThis
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 6 Update 29
LabSim
Left 4 Dead 2
LG USB Modem driver
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee AntiVirus Plus
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
mIRC
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT Redists
MSXML 4.0 SP3 Parser (KB973685)
Mumble 1.2.3
MyScribe
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Updatus
Origin
PAYDAY: The Heist
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype™ 5.5
SocialRibbons LP2
Spyware Doctor 8.0
Steam
syncables desktop SE
System Requirements Lab
System Requirements Lab CYRI
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio 2008 x64 Redistributables
WinFlash
Wireless Console 3
XSplit
.
==== Event Viewer Messages From Past Week ========
.
4/5/2012 3:54:48 PM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 5 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/5/2012 3:47:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
4/5/2012 3:47:29 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/5/2012 3:45:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
4/5/2012 3:44:49 PM, Error: nvlddmkm [14] -
4/5/2012 3:43:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 3:29:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/5/2012 2:47:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
4/5/2012 2:45:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
4/5/2012 2:44:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/5/2012 2:41:27 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2012 2:41:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/5/2012 2:41:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/5/2012 2:41:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/5/2012 2:41:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/5/2012 2:41:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 cdrom discache SASDIFSV SASKUTIL spldr sptd Wanarpv6
4/5/2012 2:40:22 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
4/4/2012 12:19:08 AM, Error: Service Control Manager [7034] - The STOPzilla Service service terminated unexpectedly. It has done this 1 time(s).
4/4/2012 12:12:29 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom is3srv
4/4/2012 12:12:06 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800043787da, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040412-28017-01.
4/3/2012 11:54:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
4/3/2012 11:48:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaSvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
4/3/2012 11:48:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache is3srv spldr sptd Wanarpv6
4/3/2012 11:48:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800040a632f, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040312-37081-01.
4/2/2012 9:23:19 PM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
4/2/2012 11:27:53 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
.
==== End Of File ===========================
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Apr 2014
Posts: 4559
Location: Land Of The Leprechauns

PostPosted: Sat Apr 07, 2012 2:59 am    Post subject: Reply with quote

Hi MrBlondeOPS,

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Quote:
Advanced SystemCare 5
AVG Anti-Virus Free Edition
Java(TM) 6 Update 29
Spyware Doctor

Next.

Please download TDSSKiller.exe and save it to your Desktop.
  • Right click on TDSSKiller.exe and select " Run as administrator " to run it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Next.

Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


Logs/Information to Post in your Next Reply
  • TDSSKiller log.
  • OTL.txt and Extra.txt contents.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 24 Apr 2014
Posts: 4559
Location: Land Of The Leprechauns

PostPosted: Tue Apr 10, 2012 7:35 am    Post subject: Reply with quote

Quote:
Due to a lack of response this topic is now closed.

If you still need help you must open a new thread in the Help with spyware removal forum, post a new set of DDS logs, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group