lajekahr

Members
  • Content count

    26
  • Joined

  • Last visited

About lajekahr

  • Rank
    New Member
  1. Okay, I do this but when I log the new standard user it doesn't ask me for credentials to reset to defaults. It just gives me dialog boxes and I hit okay. No errors. I try to go to allowed apps, but it doesn't like that address, so I tried Advanced Features, but the just pops an error that I don't have sufficient privileges. No option to move up a level. So I logged onto the new admin account. From there I checked alllowed programs and advanced features, but on both of those I don't see anything like your list, just my various browsers and a couple games...
  2. As noted in my post. The malware has already been removed. I'm trying to recover from possible after effects. If you note my post again, you'll see that there is even a link to the malware removal forum. Thanks for the suggestion truth realm I'll give that a whirl.
  3. To be specific its the same thing I got in the malware forum post: Windows Firewall is incorrectly configured. Not fixed. You are not connected to a homegroup. Not fixed.
  4. resetting everything didn't work. I've run the microsoft fixit program many times in the course of working on this problem, but I'm giving it another whirl on a hope. ... Yup, as before fixit detects there are problems, but can't figure out what they are. sigh. Thanks for the suggestions, though!
  5. Uh oh, I hope this doesn't mean I'm going to have to re-install.
  6. Cool created new topic: http://forums.malwarebytes.org/index.php?showtopic=111817 I'll run that uninstaller in just a minute.
  7. My wife's computer got a nasty bug. With the help of the malware forums, we've got the malware fully removed, but the unfortunately, it looks like something got corrupted and I can't figure out how to fix it. The malware thread is here: http://forums.malwarebytes.org/index.php?showtopic=110620&st=0 My current problems are: Can't join the homegroup: There is an active homegroup running on the network and her computer cannot even see it, let alone connect. Can't share or discover: When I go to advanced sharing settings, and click "turn on network discovery" and "share files" and hit okay. It accepts it, but when I re-open the advanced settings it shows it as still off. Can't share attached printers over the network: When I plug our printer into this comp, I can't print or share it. (I'm least worried about this problem, the printer has wi-fi so I put in on the wi-fi and can print on it from any computer on the network now.) Short version of the steps I took to fix the malware: Found infection, updated anti malware software, ran and purged. Found secondary infection, due to constant shutdown, I had to jimmy a fix. I found the infected file (system32/services.exe) and copied the one from my computer onto her computer. (We're both running win 7.) That stopped the constant shutdowns so I ran antivirus software and got rid of the infected services.exe file. I'm hoping yall can help me figure out how to fix the network issue. Thanks!
  8. Whoa, finally recreated the windows firewall error thing: http://lukes.pbworks.com/w/file/fetch/54918241/win%20firewall%20incorrectly%20configured.PNG Unfortunately, that didn't work. I'll post on the PC Help forum. Can I just reference this thread or will I need to copypasta the relevant info?
  9. What about the strange changes to my network? I really don't care about the printer thing. I'm concerned that this computer can't rejoin the homegroup at all. Can't share files at all. That those things might be lingering effects of the malware.
  10. Ok. Replugged the Printer in just to give it a whirl. Here is the error message when trying to share it: http://lukes.pbworks.com/w/file/fetch/54648118/Sharing%20Not%20Savable.PNG I can't seem to recreate the error where it blaims it on Windows Firewall at this point, but like I said, printer is wi-fi and working over wi-fi so I'm not worried about that anymore.
  11. I'm not really concerned about the printer at this point. The Samsung CLX-3185 is a network printer, I just enabled the wi-fi and am printing that way. I'm more concerned with the idea that Windows Firewall might be compromised along with the inability to join the homegroup. This makes me paranoid the computer might still be infected. At minimum something setting's wise is corrupted.
  12. Okay, run both: ComboFix 12-06-16.02 - Shyla 06/18/2012 7:11.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8123.6642 [GMT -7:00] Running from: c:\users\Shyla\Downloads\Stuff from trying to fix compy\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\advanc~1\wh_exec.exe c:\users\Shyla\AppData\Roaming\orean.dll c:\users\Shyla\Documents\~WRL0751.tmp . . ((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 ))))))))))))))))))))))))))))))) . . 2012-06-18 14:15 . 2012-06-18 14:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-06-18 14:15 . 2012-06-18 14:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-18 14:07 . 2012-05-15 08:41 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FCB566C7-51C4-4032-94B9-E85B75D3C316}\mpengine.dll 2012-06-16 22:42 . 2012-05-15 08:41 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-14 13:41 . 2012-06-14 13:42 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-06-14 13:41 . 2012-06-14 13:41 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-06-14 13:41 . 2012-06-14 13:41 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-06-13 13:10 . 2012-02-09 20:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-06-13 13:10 . 2012-02-09 20:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E08FBAE3-9553-4EC1-AB10-1231AAC2993D}\gapaengine.dll 2012-06-13 13:06 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 13:06 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 13:06 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 13:06 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-13 13:06 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-13 13:06 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-13 13:06 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 13:06 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-08 23:34 . 2011-04-19 10:37 36864 ----a-w- c:\windows\system32\Spool\prtprocs\x64\spd__pc.dll 2012-06-08 23:33 . 2011-12-02 03:12 164432 ----a-w- c:\windows\system32\SUPDSvcA2.dll 2012-06-08 23:33 . 2011-12-02 03:12 437328 ----a-w- c:\windows\system32\UPDIO2.dll 2012-06-08 23:33 . 2011-04-11 05:26 34304 ----a-w- c:\windows\system32\spd__l.dll 2012-06-08 23:33 . 2011-12-02 03:12 165456 ----a-w- c:\windows\system32\SUPDSvc2.exe 2012-06-08 23:33 . 2010-10-20 08:46 89600 ----a-w- c:\windows\system32\spd__ci.dll 2012-06-08 23:33 . 2011-12-02 03:12 260688 ----a-w- c:\windows\SUPDRun.exe 2012-06-08 23:33 . 2010-05-11 05:28 151552 ----a-w- c:\windows\system32\spd__ci.exe 2012-06-06 02:45 . 2012-06-06 02:45 -------- d-----w- c:\users\Shyla\AppData\Local\{A353CF3E-AF81-11E1-8270-B8AC6F996F26} 2012-06-06 02:45 . 2012-06-06 02:45 -------- d-----w- c:\users\Shyla\AppData\Local\{A3539DED-AF81-11E1-8270-B8AC6F996F26} 2012-06-02 22:14 . 2012-06-02 22:14 -------- d-----w- c:\program files\CCleaner 2012-06-02 19:07 . 2012-06-02 19:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-06-02 19:07 . 2012-06-02 19:07 -------- d-----w- c:\program files\Microsoft Security Client 2012-06-02 18:23 . 2012-06-02 18:23 -------- d-----w- c:\users\Shyla\AppData\Roaming\Malwarebytes 2012-06-02 18:23 . 2012-06-02 18:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-02 18:23 . 2012-06-02 18:23 -------- d-----w- c:\programdata\Malwarebytes 2012-06-02 18:23 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-02 16:46 . 2012-06-02 18:19 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer 2012-06-02 16:15 . 2012-06-02 19:05 -------- d-----w- c:\program files (x86)\Common Files\Registry 2012-06-02 16:15 . 2012-06-02 17:05 -------- d-----w- c:\programdata\B7E8586B00018429000C18D2B4EB2367 2012-06-02 12:52 . 2012-06-02 13:20 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-12 02:01 . 2012-03-31 14:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-12 02:01 . 2011-07-04 05:42 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 09:05 . 2012-03-31 15:05 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-01 18:46 . 2012-04-01 18:09 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2012-03-30 11:35 . 2012-05-09 16:20 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-28 00:03 . 2012-04-01 21:07 4015592 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys 2012-03-21 22:55 . 2012-04-01 21:07 2886656 ----a-w- c:\windows\system32\RCoRes64.dat 2012-03-21 03:44 . 2012-03-21 03:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-03-21 03:44 . 2012-03-21 03:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-03-20 17:47 . 2012-04-01 21:07 3608680 ----a-w- c:\windows\system32\RtkAPO64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496] "CLX3180_Scan2Pc"="c:\windows\Twain_32\Samsung\CLX3180\Scan2pc.exe" [2011-04-29 1990144] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "3180 Scan2PC"="c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [2011-04-29 1990144] . c:\users\Shyla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2011-8-19 2278240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 257224] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 129976] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696] R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe [x] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-07-13 11576] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2000-01-01 2533400] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 02:01] . 2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3585574457-1094471380-1151442140-1001Core.job - c:\users\Shyla\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-04 01:09] . 2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3585574457-1094471380-1151442140-1001UA.job - c:\users\Shyla\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-04 01:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-28 12459112] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.air1.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Shyla\AppData\Roaming\Mozilla\Firefox\Profiles\ogbkyqp4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms} FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDman000&ptb=24192582-3A92-4F71-9204-9C23E1E9694C&ind=2011110611&ptnrS=CDman000&si=&n=77df1cd3&psa=&st=kwd&searchfor= . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-WheelMouse - c:\advanc~1\wh_exec.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3585574457-1094471380-1151442140-1001\Software\SecuROM\License information*] "datasecu"=hex:d5,15,1b,07,a6,1b,55,6a,82,0e,85,73,b3,d6,d2,c9,17,81,6b,55,63, a2,4d,1d,e4,ec,b5,68,85,07,99,e2,14,d2,82,a1,75,a1,17,03,dd,d6,21,eb,67,c2,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-06-18 07:25:12 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-18 14:25 . Pre-Run: 11,200,307,200 bytes free Post-Run: 11,053,633,536 bytes free . - - End Of File - - 446B605915AC8F9527268A3328B882A6 . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Shyla at 7:40:50 on 2012-06-18 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8123.6533 [GMT -7:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Trillian\trillian.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.air1.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun mRun: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" StartupFolder: C:\Users\Shyla\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{54CFC942-C632-492F-9D12-C842779661E6} : DhcpNameServer = 192.168.0.1 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun mRun-x64: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Shyla\AppData\Roaming\Mozilla\Firefox\Profiles\ogbkyqp4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms} FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDman000&ptb=24192582-3A92-4F71-9204-9C23E1E9694C&ind=2011110611&ptnrS=CDman000&si=&n=77df1cd3&psa=&st=kwd&searchfor= FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Users\Shyla\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Users\Shyla\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-1 2348352] R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2011-9-20 11576] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-1 2533400] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 whfltr2k;WheelMouse USB Lower Filter Driver;C:\Windows\system32\DRIVERS\whfltr2k.sys --> C:\Windows\system32\DRIVERS\whfltr2k.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 257224] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-14 129976] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 Samsung UPD Service2;Samsung UPD Service2;"C:\Windows\System32\SUPDSvc2.exe" --> C:\Windows\System32\SUPDSvc2.exe [?] S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-06-18 14:09:43 98816 ----a-w- C:\Windows\sed.exe 2012-06-18 14:09:43 518144 ----a-w- C:\Windows\SWREG.exe 2012-06-18 14:09:43 256000 ----a-w- C:\Windows\PEV.exe 2012-06-18 14:09:43 208896 ----a-w- C:\Windows\MBR.exe 2012-06-18 14:07:40 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FCB566C7-51C4-4032-94B9-E85B75D3C316}\mpengine.dll 2012-06-16 22:42:19 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-14 13:41:41 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-06-14 13:41:33 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-06-14 13:41:33 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-06-13 13:10:55 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-06-13 13:10:55 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E08FBAE3-9553-4EC1-AB10-1231AAC2993D}\gapaengine.dll 2012-06-13 13:06:19 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-13 13:06:19 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-13 13:06:19 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-13 13:06:12 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-13 13:06:11 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-13 13:06:11 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-13 13:06:10 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-06-13 13:06:09 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-08 23:34:01 36864 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\spd__pc.dll 2012-06-08 23:33:24 437328 ----a-w- C:\Windows\System32\UPDIO2.dll 2012-06-08 23:33:24 164432 ----a-w- C:\Windows\System32\SUPDSvcA2.dll 2012-06-08 23:33:23 34304 ----a-w- C:\Windows\System32\spd__l.dll 2012-06-08 23:33:22 89600 ----a-w- C:\Windows\System32\spd__ci.dll 2012-06-08 23:33:22 165456 ----a-w- C:\Windows\System32\SUPDSvc2.exe 2012-06-08 23:33:21 260688 ----a-w- C:\Windows\SUPDRun.exe 2012-06-08 23:33:21 151552 ----a-w- C:\Windows\System32\spd__ci.exe 2012-06-06 02:45:13 -------- d-----w- C:\Users\Shyla\AppData\Local\{A353CF3E-AF81-11E1-8270-B8AC6F996F26} 2012-06-06 02:45:13 -------- d-----w- C:\Users\Shyla\AppData\Local\{A3539DED-AF81-11E1-8270-B8AC6F996F26} 2012-06-02 22:14:14 -------- d-----w- C:\Program Files\CCleaner 2012-06-02 19:07:11 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-06-02 19:07:09 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-06-02 18:23:34 -------- d-----w- C:\Users\Shyla\AppData\Roaming\Malwarebytes 2012-06-02 18:23:30 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-02 18:23:30 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-02 18:23:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-02 16:46:04 -------- d-----w- C:\Program Files (x86)\GridinSoft Trojan Killer 2012-06-02 16:15:04 -------- d-----w- C:\ProgramData\B7E8586B00018429000C18D2B4EB2367 2012-06-02 16:15:04 -------- d-----w- C:\Program Files (x86)\Common Files\Registry 2012-06-02 12:52:35 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 . ==================== Find3M ==================== . 2012-06-12 02:01:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-12 02:01:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-05 09:05:08 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-04-01 18:46:18 15672 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-03-28 00:03:36 4015592 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys 2012-03-21 22:55:16 2886656 ----a-w- C:\Windows\System32\RCoRes64.dat 2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2012-03-20 17:47:20 3608680 ----a-w- C:\Windows\System32\RtkAPO64.dll . ============= FINISH: 7:41:07.27 ===============
  13. Sorry about the delay left on a scout camping trip. No, not that i can't add a printer to Windows Firewall, but according to one of the links I posted, the error I was getting when trying to share the printer was that I couldn't save the settings to share it because something was wrong with Windows Firewall. When I ran the trouble shooter for sharing the printer it said that Windows Firewall was misconfigured. Will run Combofix shortly. (Booting her computer now.)
  14. Current state: Windows Firewall says it's running but cannot add printers and when I run the troubleshooter for joining a homegroup (windows claims there is no homegroup on the network) it tells me windows firewall is missconfigured but it can't fix it. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.14.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Shyla :: SHYLA777 [administrator] 6/14/2012 6:40:44 AM mbam-log-2012-06-14 (06-40-44).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 230424 Time elapsed: 7 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS.txt ====================================== . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Shyla at 6:45:24 on 2012-06-14 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8123.6335 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Trillian\trillian.exe C:\Advanced Wheel Mouse\wh_exec.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\Samsung\PanelMgr\caller64.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.air1.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun: [WheelMouse] C:\ADVANC~1\wh_exec.exe mRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun mRun: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" StartupFolder: C:\Users\Shyla\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{54CFC942-C632-492F-9D12-C842779661E6} : DhcpNameServer = 192.168.0.1 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [WheelMouse] C:\ADVANC~1\wh_exec.exe mRun-x64: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun mRun-x64: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Shyla\AppData\Roaming\Mozilla\Firefox\Profiles\ogbkyqp4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms} FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDman000&ptb=24192582-3A92-4F71-9204-9C23E1E9694C&ind=2011110611&ptnrS=CDman000&si=&n=77df1cd3&psa=&st=kwd&searchfor= FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Users\Shyla\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Users\Shyla\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-1 2348352] R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2011-9-20 11576] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-1 2533400] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 whfltr2k;WheelMouse USB Lower Filter Driver;C:\Windows\system32\DRIVERS\whfltr2k.sys --> C:\Windows\system32\DRIVERS\whfltr2k.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 257224] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-14 129976] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 Samsung UPD Service2;Samsung UPD Service2;"C:\Windows\System32\SUPDSvc2.exe" --> C:\Windows\System32\SUPDSvc2.exe [?] S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-06-14 13:41:41 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-06-14 13:41:33 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-06-14 13:41:33 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-06-14 13:34:53 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4BF44F4-8AFF-4C99-A4EF-FD3DBA1830D1}\offreg.dll 2012-06-13 13:10:55 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-06-13 13:10:55 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E08FBAE3-9553-4EC1-AB10-1231AAC2993D}\gapaengine.dll 2012-06-13 13:10:45 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4BF44F4-8AFF-4C99-A4EF-FD3DBA1830D1}\mpengine.dll 2012-06-13 13:06:19 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-13 13:06:19 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-13 13:06:19 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-13 13:06:12 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-13 13:06:11 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-13 13:06:11 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-13 13:06:10 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-06-13 13:06:09 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-11 15:37:26 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-08 23:34:01 36864 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\spd__pc.dll 2012-06-08 23:33:24 437328 ----a-w- C:\Windows\System32\UPDIO2.dll 2012-06-08 23:33:24 164432 ----a-w- C:\Windows\System32\SUPDSvcA2.dll 2012-06-08 23:33:23 34304 ----a-w- C:\Windows\System32\spd__l.dll 2012-06-08 23:33:22 89600 ----a-w- C:\Windows\System32\spd__ci.dll 2012-06-08 23:33:22 165456 ----a-w- C:\Windows\System32\SUPDSvc2.exe 2012-06-08 23:33:21 260688 ----a-w- C:\Windows\SUPDRun.exe 2012-06-08 23:33:21 151552 ----a-w- C:\Windows\System32\spd__ci.exe 2012-06-06 02:45:13 -------- d-----w- C:\Users\Shyla\AppData\Local\{A353CF3E-AF81-11E1-8270-B8AC6F996F26} 2012-06-06 02:45:13 -------- d-----w- C:\Users\Shyla\AppData\Local\{A3539DED-AF81-11E1-8270-B8AC6F996F26} 2012-06-06 02:45:11 271360 ----a-w- C:\Users\Shyla\AppData\Roaming\orean.dll 2012-06-02 22:14:14 -------- d-----w- C:\Program Files\CCleaner 2012-06-02 19:07:11 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-06-02 19:07:09 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-06-02 18:23:34 -------- d-----w- C:\Users\Shyla\AppData\Roaming\Malwarebytes 2012-06-02 18:23:30 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-02 18:23:30 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-02 18:23:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-02 16:46:04 -------- d-----w- C:\Program Files (x86)\GridinSoft Trojan Killer 2012-06-02 16:15:04 -------- d-----w- C:\ProgramData\B7E8586B00018429000C18D2B4EB2367 2012-06-02 16:15:04 -------- d-----w- C:\Program Files (x86)\Common Files\Registry 2012-06-02 12:52:35 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2012-05-16 20:44:39 -------- d-----w- C:\Program Files (x86)\Diablo III . ==================== Find3M ==================== . 2012-06-12 02:01:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-12 02:01:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-05 09:05:08 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-04-01 18:46:18 15672 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-03-28 00:03:36 4015592 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys 2012-03-21 22:55:16 2886656 ----a-w- C:\Windows\System32\RCoRes64.dat 2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2012-03-20 17:47:20 3608680 ----a-w- C:\Windows\System32\RtkAPO64.dll 2012-03-20 02:01:20 102504 ----a-w- C:\Windows\System32\RCoInstII64.dll 2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-03-16 23:25:58 2670696 ----a-w- C:\Windows\System32\RtPgEx64.dll . ============= FINISH: 6:47:05.08 ===============