Crucible

Members
  • Content count

    1
  • Joined

  • Last visited

About Crucible

  • Rank
    New Member
  1. I poked around the forums and tried combofix.exe. However the problem persists, any help would be greatly appreciated. Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 2/25/2011 2:56:11 PM System Uptime: 12/16/2011 8:51:28 PM (1 hours ago) . Motherboard: FOXCONN | | 2AB1 Processor: AMD Phenom II X4 945 Processor | CPU 1 | 3000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 919 GiB total, 776.873 GiB free. D: is FIXED (NTFS) - 12 GiB total, 1.478 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . ==== System Restore Points =================== . RP181: 12/11/2011 7:00:11 PM - Windows Backup RP182: 12/11/2011 10:13:31 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later. RP183: 12/11/2011 10:26:56 PM - StopZILLA! Restore Point. RP184: 12/11/2011 11:07:06 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later. RP185: 12/11/2011 11:10:56 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later. RP186: 12/11/2011 11:14:11 PM - Removed Zinio Reader 4 RP187: 12/11/2011 11:14:40 PM - Removed PressReader. RP188: 12/11/2011 11:26:09 PM - HPSF Restore Point RP189: 12/11/2011 11:27:59 PM - HPSF Restore Point RP190: 12/12/2011 11:45:27 PM - PreToR Release RP191: 12/13/2011 6:46:53 AM - Installed Ventrilo Client for Windows x64 RP192: 12/14/2011 8:21:55 PM - Windows Update RP193: 12/14/2011 8:32:28 PM - Windows Update RP194: 12/14/2011 9:57:01 PM - Windows Modules Installer . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Amazon MP3 Downloader 1.0.15 Apple Application Support Apple Software Update Avira Free Antivirus Bejeweled 2 Deluxe Bing Bar Blackhawk Striker 2 Build-a-lot 2 Catalyst Control Center InstallProxy Chuzzle Deluxe CinemaNow Media Manager Command & Conquerâ„¢ Red Alertâ„¢ 3 CyberLink DVD Suite Deluxe Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition Diner Dash 2 Restaurant Rescue Dora's Carnival Adventure DVD Menu Pack for HP MediaSmart Video Escape Rosecliff Island FATE Final Drive Nitro Heroes of Hellas 2 - Olympia Hewlett-Packard ACLM.NET v1.1.1.0 HP Advisor HP Customer Experience Enhancements HP Game Console HP Games HP MediaSmart CinemaNow 2.0 HP MediaSmart DVD HP MediaSmart Music HP MediaSmart Photo HP MediaSmart Video HP MediaSmart/TouchSmart Netflix HP Odometer HP Setup HP Support Assistant HP Support Information HP Update Hulu Desktop Java Auto Updater Java 6 Update 26 Java 6 Update 3 Jewel Quest 3 Jewel Quest Solitaire 2 Junk Mail filter update Kobo LabelPrint LightScribe System Software Linksys EasyLink Advisor Malwarebytes' Anti-Malware version 1.51.2.1300 Microsoft Choice Guard Microsoft Default Manager Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Movie Theme Pack for HP MediaSmart Video Mozilla Firefox 8.0 (x86 en-US) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA 3D Vision Controller Driver NVIDIA PhysX NVIDIA Stereoscopic 3D Driver Origin PDF Complete Special Edition Penguins! PhotoNow! PictureMover Plants vs. Zombies Poker Superstars III Polar Bowler Polar Golfer Power2Go PowerDirector Pure Networks Platform QuickTime Ralink RT2860 Wireless LAN Card RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Recovery Manager Roxio CinemaNow 2.0 Seagate Dashboard Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Spybot - Search & Destroy Star Trek Online Star Wars: The Old Republic StarCraft II Steam TomTom HOME 2.8.1.2218 TomTom HOME Visual Studio Merge Modules Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) Virtual Families Virtual Villagers - The Secret City WebEx Support Manager for Internet Explorer Wheel of Fortune 2 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sync Windows Live Upload Tool Windows Live Writer World of Warcraft Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 12/16/2011 9:52:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C} 12/16/2011 9:52:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 12/16/2011 8:54:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 12/16/2011 8:52:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 12/16/2011 8:52:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 12/16/2011 8:52:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 12/16/2011 8:52:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12/16/2011 8:52:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 12/16/2011 8:52:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 12/16/2011 8:51:59 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 12/16/2011 8:51:59 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 12/16/2011 8:51:59 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 12/16/2011 8:51:59 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 12/16/2011 8:51:59 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 12/16/2011 8:51:59 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 12/16/2011 8:51:59 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 12/16/2011 8:51:59 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 12/16/2011 8:51:59 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 12/16/2011 8:51:59 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 12/16/2011 3:27:04 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the WerSvc service. 12/13/2011 12:55:03 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{ea543124-b7a1-11df-b118-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{12564F16-9935-40B4-8ABF-DA9826DAEDE7}' was corrupted and it has been recovered. Some data might have been lost. 12/13/2011 12:54:25 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{ea543124-b7a1-11df-b118-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{96650687-7A06-4590-BD49-B546B73119FD}' was corrupted and it has been recovered. Some data might have been lost. 12/13/2011 12:53:35 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{ea543124-b7a1-11df-b118-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{1A33F2E0-8128-4227-9732-C90DBCD33B45}' was corrupted and it has been recovered. Some data might have been lost. 12/13/2011 12:52:58 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{ea543124-b7a1-11df-b118-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6DCF5D66-6AE4-410A-BF5D-8D263A131383}' was corrupted and it has been recovered. Some data might have been lost. 12/13/2011 12:52:07 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{ea543124-b7a1-11df-b118-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{C44C125A-96E0-4D02-9D66-4BAB84B6D14E}' was corrupted and it has been recovered. Some data might have been lost. 12/13/2011 12:51:29 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{ea543124-b7a1-11df-b118-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{98BE4FCD-8F1B-48F4-B2FF-B73FBF4E6D82}' was corrupted and it has been recovered. Some data might have been lost. 12/12/2011 12:56:54 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ebeab5, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\Minidump\121211-33805-01.dmp. Report Id: 121211-33805-01. 12/11/2011 7:49:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 12/11/2011 6:06:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002eb4f6b, 0x0000000000000000, 0x000000007ef90000). A dump was saved in: C:\Windows\Minidump\121111-25708-01.dmp. Report Id: 121111-25708-01. 12/11/2011 12:14:21 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107. 12/11/2011 12:14:21 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. 12/11/2011 11:04:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv 12/11/2011 10:31:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 12/11/2011 10:29:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr DfsC discache is3srv NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 12/11/2011 10:29:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002eaef6b, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\Minidump\121111-28298-01.dmp. Report Id: 121111-28298-01. 12/10/2011 12:06:20 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf . ==== End Of File =========================== DDS.txt: . DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Blasiman at 21:52:26 on 2011-12-16 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6999 [GMT -5:00] . AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS -netsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\conhost.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.cnn.com/ mWinlogon: Userinit=userinit.exe, BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{5D43E61D-20E4-49C6-A4A4-E512498A483C} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{A599950E-6CFB-44DD-94FF-077611F3D490} : DhcpNameServer = 209.18.47.61 209.18.47.62 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Blasiman\AppData\Roaming\Mozilla\Firefox\Profiles\5kyk68yy.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|http://digg.com/news FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Blasiman\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-10 86224] S2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-12-10 110032] S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] S2 LinksysUpdater;Linksys Updater;C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-11 366152] S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-31 2253120] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-25 1153368] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560] S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 SSMO3v2Filter;MMO3v2 Mouse;C:\Windows\system32\drivers\MO3v2Driver.sys --> C:\Windows\system32\drivers\MO3v2Driver.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368] S4 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-9-3 635416] S4 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-7-6 14088] S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-3-9 92592] . =============== Created Last 30 ================ . 2011-12-17 01:54:01 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0B5851DA-4B5A-43AC-B7D8-9DF21D2DF371}\offreg.dll 2011-12-16 19:58:26 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0B5851DA-4B5A-43AC-B7D8-9DF21D2DF371}\mpengine.dll 2011-12-15 01:28:49 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2011-12-15 01:28:48 3145216 ----a-w- C:\Windows\System32\win32k.sys 2011-12-15 01:28:46 723456 ----a-w- C:\Windows\System32\EncDec.dll 2011-12-15 01:28:46 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2011-12-15 01:28:43 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-12-15 01:28:43 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-12-13 21:37:13 -------- d-sh--w- C:\Windows\SysWow64\%USERPROFILE% 2011-12-13 20:49:07 -------- d-----w- C:\Users\Blasiman\AppData\Local\SWTOR 2011-12-12 19:27:55 -------- d-----w- C:\ProgramData\Recovery 2011-12-12 04:15:03 -------- d-----w- C:\Users\Blasiman\AppData\Roaming\NewspaperDirect 2011-12-12 03:19:07 -------- d-----w- C:\TDSSKiller_Quarantine 2011-12-12 03:15:49 -------- d-----w- C:\Users\Blasiman\AppData\Local\Soft32 2011-12-11 03:05:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-12-10 06:49:04 -------- d-----w- C:\Program Files\Ventrilo 2011-12-10 06:48:34 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2011-12-10 05:47:39 -------- d--h--w- C:\Users\Blasiman\AppData\Roaming\Avira 2011-12-10 05:44:02 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys 2011-12-10 05:44:02 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys 2011-12-10 05:43:59 -------- d-----w- C:\ProgramData\Avira 2011-12-10 05:43:59 -------- d-----w- C:\Program Files (x86)\Avira 2011-12-10 05:36:16 20480 ----a-w- C:\Windows\svchost.exe . ==================== Find3M ==================== . 2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll 2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll 2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-10-15 05:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 21:52:58.90 =============== There also appears to be about 14 instances of svchost.exe running in the background.