# Please HELP!! Virus keeps sending emails to Outlook Contacts



## MKANET (Mar 21, 2012)

I depirately need help! I have a HUGE Windows Outlook 2010 email contact list; and, hundreds of people are complaining about my computer sending emails such as:

"how are things going this method is almost guaranteed to work even my mom is doing it and she just got a computer a few months ago http://www.cnbc22.com/ get back to me"

Please find all the information necessary to identify the virus included in this forum post. I am posting ALL INFORMATION requested by this forum except for GMER since it have a 64bit OS.

--- Hijackthis.log ---
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:32:47 AM, on 4/30/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\SUA\usr\sbin\init
C:\Windows\SUA\usr\sbin\inetd
C:\Windows\SUA\usr\sbin\cron
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\Promixis\Girder\girder.exe
C:\Program Files (x86)\Posibolt Software\Clock-on-Tray\ClockOnTray.exe
C:\Program Files (x86)\Hot Keyboard Pro\HotKeyb.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\FirefoxPreloader\FirefoxPreloader.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\watchDirectory\wdRun.exe
C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe
C:\Program Files (x86)\watchDirectory\wdRun.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\dvbdream\dvbdream.exe
C:\Program Files (x86)\dvbdream-2\dvbdream-2.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Sick Beard\SickBeard.exe
C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
C:\Program Files (x86)\R5000HD\r5000hd.exe
C:\PROGRA~2\SQUEEZ~1\server\SQUEEZ~3.EXE
C:\Program Files (x86)\R5000HD\r5000monitor.exe
C:\Program Files (x86)\R5000HD\r5000hd.exe
C:\Program Files (x86)\R5000HD\r5000hd.exe
C:\Program Files (x86)\R5000HD\r5000hd.exe
C:\Program Files (x86)\SageTV\SageTV\SageTV.exe
C:\Program Files (x86)\SageTV\SageTV\SageTV.exe
C:\Users\Michael\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NetDrive] "C:\Program Files\NetDrive\netdrive.exe" -tray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Nextcom R5000-HD DVR] "C:\Program Files (x86)\R5000HD\r5000monitor.exe"-d -s
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Girder4] C:\Program Files (x86)\Promixis\Girder\girder.exe
O4 - HKCU\..\Run: [Clock-on-Tray] C:\Program Files (x86)\Posibolt Software\Clock-on-Tray\Clock-on-Tray.lnk
O4 - HKCU\..\Run: [Hot Keyboard] C:\Program Files (x86)\Hot Keyboard Pro\HotKeyb.exe -minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user')
O4 - Startup: Cam-1-Notify.lnk = C:\Program Files (x86)\watchDirectory\wdRun.exe
O4 - Startup: CrystalDiskInfo.lnk = C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe
O4 - Startup: front-door-email.lnk = C:\Program Files (x86)\watchDirectory\wdRun.exe
O4 - Startup: Microsoft Outlook 2010.lnk = ?
O4 - Startup: Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe
O4 - Startup: ZMover.lnk = C:\Program Files\Basta Computing\ZMover\ZMover.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: eFax 4.4.lnk = C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
O4 - Global Startup: Firefox Preloader.lnk = C:\Program Files (x86)\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Media Server Tray Tool.lnk = C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
O4 - Global Startup: Sick Beard.lnk = C:\Program Files (x86)\Sick Beard\SickBeard.exe
O4 - Global Startup: Start.lnk = C:\Program Files (x86)\SageTV\SageTV\Start.cmd
O8 - Extra context menu item: Assign &hot key - C:\Program Files (x86)\Hot Keyboard Pro\IEScript.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} (AudioClient Control) - http://www.mka.net:8070/SysCamInst.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: prio32.dll
O23 - Service: ArcSoft Exchange Service (ADExchange) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HDHomeRun Service - Silicondust USA Inc - C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NetDrive Service (ndsvc) - Bdrive Inc. - C:\Program Files\NetDrive\ndsvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Prio Service (prio_svc) - Unknown owner - C:\Program Files\Prio\prio_svc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: R5000-HD (managed by AlwaysUpService) - Core Technologies Consulting, LLC - C:\Program Files (x86)\AlwaysUp\AlwaysUpService.exe
O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - LogMeIn, Inc. - C:\Program Files (x86)\RemotelyAnywhere\x64\RaMaint.exe
O23 - Service: RemotelyAnywhere - LogMeIn, Inc. - C:\Program Files (x86)\RemotelyAnywhere\x64\RemotelyAnywhere.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: SageTV - SageTV, LLC - C:\Program Files (x86)\SageTV\SageTV\SageTVService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: watchDirectoryownloads-Cleanup - GdP Software - C:\Program Files (x86)\watchDirectory\wdRun.exe
O23 - Service: watchDirectory:SageTV-Autoscan - GdP Software - C:\Program Files (x86)\watchDirectory\wdRun.exe
O23 - Service: watchDirectory:SageTV-Autoscan2 - GdP Software - C:\Program Files (x86)\watchDirectory\wdRun.exe
O23 - Service: watchDirectory:SageTV-Autoscan3 - GdP Software - C:\Program Files (x86)\watchDirectory\wdRun.exe
O23 - Service: watchDirectory:SageTV-Autoscan4 - GdP Software - C:\Program Files (x86)\watchDirectory\wdRun.exe
O23 - Service: watchDirectory:SageTV-Autoscan5 - GdP Software - C:\Program Files (x86)\watchDirectory\wdRun.exe
O23 - Service: watchDirectory:Temp-Dir-Cleanup - GdP Software - C:\Program Files (x86)\watchDirectory\wdRun.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: wdPostMan - GdP Software - C:\Program Files (x86)\watchDirectory\wdPostMan.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
O23 - Service: WinSSHD - Bitvise - C:\Program Files (x86)\Bitvise WinSSHD\WinSSHD.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18133 bytes
--- Hijackthis.log ---

--- DDS.txt ---
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by Michael at 8:40:25 on 2012-04-30
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8190.4260 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\psxss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\SUA\usr\sbin\init
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SUA\usr\sbin\inetd
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\NetDrive\ndsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Prio\prio_svc.exe
C:\Windows\SUA\usr\sbin\cron
C:\Program Files (x86)\RemotelyAnywhere\x64\RaMaint.exe
C:\Program Files (x86)\RemotelyAnywhere\x64\RemotelyAnywhere.exe
C:\Program Files (x86)\RemotelyAnywhere\x64\LMIGuardian.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\watchDirectory\wdPostMan.exe
C:\Program Files (x86)\Bitvise WinSSHD\WinSSHD.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\watchDirectory\wdRun.exe
C:\Program Files (x86)\watchDirectory\wdRun.exe
C:\Program Files (x86)\watchDirectory\wdRun.exe
C:\Program Files (x86)\watchDirectory\wdRun.exe
C:\Program Files (x86)\watchDirectory\wdRun.exe
C:\Program Files (x86)\watchDirectory\wdRun.exe
C:\Program Files (x86)\watchDirectory\wdRun.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WBVista.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\RemotelyAnywhere\x64\RAGui.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\Promixis\Girder\girder.exe
C:\Program Files (x86)\Posibolt Software\Clock-on-Tray\ClockOnTray.exe
C:\Program Files (x86)\Hot Keyboard Pro\HotKeyb.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\RemotelyAnywhere\x64\LMIGuardian.exe
C:\Program Files (x86)\FirefoxPreloader\FirefoxPreloader.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NetDrive\netdrive.exe
C:\Program Files (x86)\watchDirectory\wdRun.exe
C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe
C:\Program Files (x86)\watchDirectory\wdRun.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files\Basta Computing\ZMover\ZMover.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Posibolt Software\Clock-on-Tray\x64\ClockProcess.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\R5000HD\R5000HDProxy.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\R5000HD\R5000HDProxy.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\R5000HD\R5000HDProxy.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\R5000HD\R5000HDProxy.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\dvbdream\dvbdream.exe
C:\Program Files (x86)\dvbdream-2\dvbdream-2.exe
C:\Program Files\Newsbin\newsbinpro64.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Sick Beard\SickBeard.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
C:\Program Files (x86)\AlwaysUp\AlwaysUpService.exe
C:\Program Files (x86)\R5000HD\r5000hd.exe
C:\PROGRA~2\SQUEEZ~1\server\SQUEEZ~3.EXE
C:\Program Files (x86)\R5000HD\r5000monitor.exe
C:\Program Files (x86)\R5000HD\r5000hd.exe
C:\Program Files (x86)\R5000HD\r5000hd.exe
C:\Program Files (x86)\R5000HD\r5000hd.exe
C:\Program Files (x86)\SageTV\SageTV\SageTVService.exe
C:\Program Files (x86)\SageTV\SageTV\SageTVService.exe
C:\Program Files (x86)\SageTV\SageTV\SageTV.exe
C:\Program Files (x86)\SageTV\SageTV\SageTV.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\WBVista.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\rdpclip.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Program Files (x86)\Hot Keyboard Pro\HKHook64.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [Girder4] C:\Program Files (x86)\Promixis\Girder\girder.exe
uRun: [Clock-on-Tray] C:\Program Files (x86)\Posibolt Software\Clock-on-Tray\Clock-on-Tray.lnk
uRun: [Hot Keyboard] C:\Program Files (x86)\Hot Keyboard Pro\HotKeyb.exe -minimized
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [<NO NAME>] 
mRun: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [NetDrive] "C:\Program Files\NetDrive\netdrive.exe" -tray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Nextcom R5000-HD DVR] "C:\Program Files (x86)\R5000HD\r5000monitor.exe"-d -s
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
StartupFolder: C:\Users\Michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CAM-1-~1.LNK - C:\Program Files (x86)\watchDirectory\wdRun.exe
StartupFolder: C:\Users\Michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CRYSTA~1.LNK - C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe
StartupFolder: C:\Users\Michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FRONT-~1.LNK - C:\Program Files (x86)\watchDirectory\wdRun.exe
StartupFolder: C:\Users\Michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\outicon.exe
StartupFolder: C:\Users\Michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
StartupFolder: C:\Users\Michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZMover.lnk - C:\Program Files (x86)\Basta Computing\ZMover\ZMover.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EFAX44~1.LNK - C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FIREFO~1.LNK - C:\Program Files (x86)\FirefoxPreloader\FirefoxPreloader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SICKBE~1.LNK - C:\Program Files (x86)\Sick Beard\SickBeard.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Start.lnk - C:\Program Files (x86)\SageTV\SageTV\Start.cmd
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Assign &hot key - C:\Program Files (x86)\Hot Keyboard Pro\IEScript.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} - hxxp://www.mka.net:8070/SysCamInst.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7B9B0D2A-3C29-42DF-AD4F-AD7055227D6B} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: WBSrv - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
AppInit_DLLs: prio32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [(Default)] 
mRun-x64: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [NetDrive] "C:\Program Files\NetDrive\netdrive.exe" -tray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [CTHelper] CTHELPER.EXE
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [Nextcom R5000-HD DVR] "C:\Program Files (x86)\R5000HD\r5000monitor.exe"-d -s
mRun-x64: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun-x64: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: prio32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\sab30v61.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 161263770000000000000018bd5dc09d
FF - user.js: extensions.BabylonToolbar_i.hardId - 161263770000000000000018bd5dc09d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15363
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:41:51
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=107763
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 ArcSec;ArcSec;C:\Windows\system32\drivers\ArcSec.sys --> C:\Windows\system32\drivers\ArcSec.sys [?]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\rsdrvx64.sys --> C:\Windows\system32\drivers\rsdrvx64.sys [?]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2011-9-16 39528]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 DVBUSB_2104_Sevice;USB 2104 DVB-S2 Device;C:\Windows\system32\DRIVERS\usb_2104.sys --> C:\Windows\system32\DRIVERS\usb_2104.sys [?]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 ftpsvc;Microsoft FTP Service;C:\Windows\system32\svchost.exe -k ftpsvc [2009-7-13 20992]
R2 HDHomeRun Service;HDHomeRun Service;C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [2011-8-4 15360]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-21 13592]
R2 ndsvc;NetDrive Service;C:\Program Files\NetDrive\ndsvc.exe [2011-8-31 2789888]
R2 prio_svc;Prio Service;C:\Program Files\Prio\prio_svc.exe [2011-10-7 11184]
R2 R5000-HD (managed by AlwaysUpService);R5000-HD (managed by AlwaysUpService);C:\Program Files (x86)\AlwaysUp\AlwaysUpService.exe [2011-9-21 669488]
R2 RAInfo;RemotelyAnywhere Kernel Information Provider;C:\Program Files (x86)\RemotelyAnywhere\x64\rainfo.sys [2010-1-27 15928]
R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;\??\C:\Windows\system32\drivers\RARfsDriver.sys --> C:\Windows\system32\drivers\RARfsDriver.sys [?]
R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R2 SageTV;SageTV;C:\Program Files (x86)\SageTV\SageTV\SageTVService.exe [2011-6-15 1110016]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-12-17 381248]
R2 watchDirectoryownloads-Cleanup;watchDirectoryownloads-Cleanup;C:\Program Files (x86)\watchDirectory\wdRun.exe [2011-9-24 2547496]
R2 watchDirectory:SageTV-Autoscan;watchDirectory:SageTV-Autoscan;C:\Program Files (x86)\watchDirectory\wdRun.exe [2011-9-24 2547496]
R2 watchDirectory:SageTV-Autoscan2;watchDirectory:SageTV-Autoscan2;C:\Program Files (x86)\watchDirectory\wdRun.exe [2011-9-24 2547496]
R2 watchDirectory:SageTV-Autoscan3;watchDirectory:SageTV-Autoscan3;C:\Program Files (x86)\watchDirectory\wdRun.exe [2011-9-24 2547496]
R2 watchDirectory:SageTV-Autoscan4;watchDirectory:SageTV-Autoscan4;C:\Program Files (x86)\watchDirectory\wdRun.exe [2011-9-24 2547496]
R2 watchDirectory:SageTV-Autoscan5;watchDirectory:SageTV-Autoscan5;C:\Program Files (x86)\watchDirectory\wdRun.exe [2011-9-24 2547496]
R2 watchDirectory:Temp-Dir-Cleanup;watchDirectory:Temp-Dir-Cleanup;C:\Program Files (x86)\watchDirectory\wdRun.exe [2011-9-24 2547496]
R2 wdPostMan;wdPostMan;C:\Program Files (x86)\watchDirectory\wdPostman.exe [2011-9-24 237352]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;C:\Windows\system32\DRIVERS\hcw72ADFilter.sys --> C:\Windows\system32\DRIVERS\hcw72ADFilter.sys [?]
R3 hcw72ATV;WinTV HVR-950 NTSC;C:\Windows\system32\DRIVERS\hcw72ATV.sys --> C:\Windows\system32\DRIVERS\hcw72ATV.sys [?]
R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;C:\Windows\system32\DRIVERS\hcw72DTV.sys --> C:\Windows\system32\DRIVERS\hcw72DTV.sys [?]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech QuickCam Ultra Vision(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 ndfs;ndfs;C:\Program Files\NetDrive\NDFS.sys [2011-3-25 64792]
R3 NxtcmUSB;Nextcom Generic USB Driver;C:\Windows\system32\Drivers\NxtcmUSB.sys --> C:\Windows\system32\Drivers\NxtcmUSB.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PsxDrv;PsxDrv;C:\Windows\system32\drivers\psxdrv.sys --> C:\Windows\system32\drivers\psxdrv.sys [?]
R3 ramirr;ramirr;C:\Windows\system32\DRIVERS\ramirr.sys --> C:\Windows\system32\DRIVERS\ramirr.sys [?]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
S1 DVBNet;DVB Net ETAdapter Service;C:\Windows\system32\DRIVERS\DVBNet.sys --> C:\Windows\system32\DRIVERS\DVBNet.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-15 253088]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-12-12 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-12 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-12-12 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S4 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2011-8-24 21880]
S4 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
S4 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
.
=============== Created Last 30 ================
.
2012-04-30 14:31:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-29 07:43:13 -------- d-----w- C:\ApcTempReg
2012-04-29 07:13:24 587776 ----a-w- C:\Users\Michael\AppData\Local\7za.exe
2012-04-29 07:13:24 381816 ----a-w- C:\Users\Michael\AppData\Local\PsExec.exe
2012-04-29 07:13:24 35115 ----a-w- C:\Users\Michael\AppData\Local\~~.cmd
2012-04-29 07:13:24 34943 ----a-w- C:\Users\Michael\AppData\Local\~.cmd
2012-04-29 07:13:24 301967 ----a-w- C:\Users\Michael\AppData\Local\skeys.exe
2012-04-29 07:13:24 28160 ----a-w- C:\Users\Michael\AppData\Local\echo.exe
2012-04-29 07:13:24 11264 ----a-w- C:\Users\Michael\AppData\Local\mtee.exe
2012-04-26 14:36:46 -------- d-----w- C:\Users\Michael\AppData\Roaming\QuickScan
2012-04-23 01:17:12 1878528 ----a-w- C:\Users\Michael\AppData\Local\Ultralog.exe
2012-04-23 00:51:03 7722 ----a-w- C:\Users\Michael\AppData\Local\`.cmd
2012-04-21 00:01:59 -------- d-----w- C:\Program Files\UltraBac Software
2012-04-20 23:58:25 -------- d-----w- C:\Program Files\CrystalDiskMark
2012-04-20 23:41:14 -------- d-----w- C:\Program Files (x86)\CrystalDiskInfo
2012-04-15 21:54:15 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-15 21:21:21 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-11 10:04:24 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-11 10:04:22 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-11 10:04:21 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-11 10:00:13 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 10:00:13 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 10:00:13 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 10:00:13 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 10:00:13 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 10:00:13 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 10:00:13 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-08 17:30:05 -------- d-----w- C:\Program Files (x86)\Resource Kit
2012-04-07 23:34:08 -------- d-----w- C:\Windows\WICCodecs
2012-04-07 23:34:08 -------- d-----w- C:\ProgramData\FastPictureViewer
2012-04-07 23:34:07 -------- d-----w- C:\Program Files\FastPictureViewer
.
==================== Find3M ====================
.
2012-04-15 21:54:17 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-26 23:42:14 138360 ----a-w- C:\Windows\SysWow64\drivers\AnyDVD.sys
2012-03-26 23:42:14 138360 ----a-w- C:\Windows\System32\drivers\AnyDVD.sys
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-22 18:41:59 73216 ----a-w- C:\Windows\ODEUNST.EXE
2012-02-22 18:41:59 327680 ------w- C:\Windows\Setup1.exe
2012-02-22 18:41:59 198656 ------w- C:\Windows\SysWow64\comdlg32.ocx
2012-02-22 18:41:59 151622 ------w- C:\Windows\modcas.dll
2012-02-22 18:41:59 1388544 ------w- C:\Windows\msvbvm60.dll
2012-02-22 18:41:59 101888 ------w- C:\Windows\odestkit.dll
2012-02-17 06:38:27 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 8:41:05.54 ===============
--- DDS.txt ---


----------



## MKANET (Mar 21, 2012)

I realize that in big red letters it says for me to be patient. However, I am getting hassled by several phone calls and emails requesting me to stop sending emails. I unfortunately have no idea how to stop this; and, I can't turn off my PC either since it's my only PC 

I'm crossing my fingers someone will see my plea for help and help


----------



## dvk01 (Dec 14, 2002)

Delete any existing version of ComboFix you have sitting on your desktop
*Please read and follow all these instructions very carefully*​* Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.  *

Download ComboFix from *Here* or * Here*to your Desktop.
*As you download it rename it to username123.exe*

***Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer***
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


*Very Important!* *Temporarily disable* your *anti-virus* and *anti-malware* real-time protection and any *script blocking components of them or your firewall*_* before* _performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results" or stop combofix running at all_
Click on *THIS LINK * to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re enable the protection again after combofix has finished*
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running 
Double click on *renamed combofix.exe* & follow the prompts.​If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. 
Please post the *"C:\ComboFix.txt" * for further review

*****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze *****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read  HERE  why we disable autoruns

*Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. *

Please tell us if it has cured the problems or if there are any outstanding issues


----------



## MKANET (Mar 21, 2012)

I followed instructions perfectly. However, almost all the files it detected as viruses ARE legitimate files I compiled/created myself or downloaded from a safe source. The below files are all safe. I included an unaltered copy of ComboFix log; however, I am hoping, for my sake, ComboFix did a better job than I think it did 

Hopefully Between all the log files I posted something other than the files below is the cause to the actual virus I have. PLEASE let me know what the next step is...

*Safe Files:*
2012-04-29 07:13:24 . 2012-04-29 07:13:24 301,967 ----a-w- C:\Qoobox\Quarantine\C\Users\Michael\AppData\Local\skeys.exe.vir
2012-04-29 07:13:24 . 2012-04-29 07:13:24 823 ----a-w- C:\Qoobox\Quarantine\C\Users\Michael\AppData\Local\servers.txt.vir
2012-04-29 07:13:24 . 2012-04-29 07:13:24 381,816 ----a-w- C:\Qoobox\Quarantine\C\Users\Michael\AppData\Local\PsExec.exe.vir
2012-04-29 07:13:24 . 2012-04-29 07:13:24 11,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Michael\AppData\Local\mtee.exe.vir
2012-04-29 07:13:24 . 2012-04-29 07:13:24 28,160 ----a-w- C:\Qoobox\Quarantine\C\Users\Michael\AppData\Local\echo.exe.vir
2012-04-29 07:13:24 . 2012-04-29 07:13:24 587,776 ----a-w- C:\Qoobox\Quarantine\C\Users\Michael\AppData\Local\7za.exe.vir
2012-04-23 01:17:12 . 2012-04-23 01:17:12 1,878,528 ----a-w- C:\Qoobox\Quarantine\C\Users\Michael\AppData\Local\Ultralog.exe.vir


----------



## dvk01 (Dec 14, 2002)

we can restore those a bit later, if you are sure they are safe
the reason combofix deleted them was the location
executable files are not supposed to run from root of appdata/local that folder should have subfolders with files inside it and normally only malware puts files in the root folder

there are some suspicious files still listed so we need copies to check them

Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press *SAVE * and choose desktop in the list of selections in that window & press save)
*Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished *
Close any open browsers 
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply

*Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum *

This will create a zip file inside C:\QooBox\quarantine named something like [38][email protected]

at the end it will pop up an alert & open your browser and ask you to send the zip file

please follow those instructions. We need to see the zip file before we can carry on with the fix

If there is no pop up alert or open browser then

please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:
the zip file inside C:\QooBox\quarantine created by combofix named something like [38][email protected]

or to 
http://www.bleepingcomputer.com/submit-malware.php?channel=38


----------



## MKANET (Mar 21, 2012)

What are the chances that there is no virus on my computer anymore; yet people that are in my Outlook contacts are still getting emails? Is that possible? I didn't change my email password until just now. I will still continue with the next step (as mentioned above) however, I would like to know the answer to my question in this post as well please.


----------



## MKANET (Mar 21, 2012)

It looks like the second time combofix ran, it didn't find anything except for the code my scripts. The first time combofix ran, it found the compiled code from my scripts. The the executables in the root of %LOCALAPPDATA% are part of my program; which get automatically deleted; however since this is a development machine, they stay there by design.
skeys.exe code (AutoIt compiled script):
If $CmdLine[0] = 0 Then Exit (1)
WinActivate($CmdLine[1])
If Not WinWaitActive($CmdLine[1], "", 3) Then Exit
Send("^{NUMPADADD}")
Exit

Ultralog.exe is my application which is contains ~.cmd, ~~.cmd, and `.cmd, mtree.exe (md5sum verified as authentic), PsExec.exe (md5sum verified as authentic)

R5000 related software is part of my HDTV tuner streaming software; which has been on my machine for years.

Remotely Anywhere is what I use to get my remote desktop. As far as i know there, are no known exploits for that.

Please let me know what you find out beside what I mentioned above.


----------



## dvk01 (Dec 14, 2002)

So far nothing is showing in the logs as malicious. 
I have no way of telling if there is stiil a virus on the computer of if there ever was 
do you know what these are
C:\Windows\SUA\usr\sbin\init
C:\Windows\SUA\usr\sbin\inetd
C:\Windows\SUA\usr\sbin\cron

are they part of your programs 

it is unusual to see linux folders on a windows computer

post the ComboFix-quarantined-files.txt from inside C:\qoobox so we can set up to restore the wrongly deleted files from earlier


----------



## MKANET (Mar 21, 2012)

That gets installed by default with Microsoft's SUA install (UNIX subsystem). See attached for the quarantined files.

My friends said that they received emails from my email account this morning (after I had run the first part of Combofix). I changed my email password using a different PC just a little while ago. I haven't done anything else except for run the second part of ComboFix.

Im very curious to know where those emails were physically sent from (if its my machine or stored somewhere remotely). I guess, it's preferable for the virus to be gone off my machine; where it's has a copy of my old password. If it's on my machine, I'm not sure how it's able to avoid every single thing I throw at it.


----------



## dvk01 (Dec 14, 2002)

I don't think that there is a virus on your machine and the likely possibilty is that one of your remote access programs has been compromised or the server you are running is compromised allowing an attacker total access to your machine

are the file combofix deleted on the second run in the z:\temp folder part of your programming as well 
if so we will restore those as well. In fact I think we should restore everythjng combofix has deleted 
Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press *SAVE * and choose desktop in the list of selections in that window & press save)

*Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished *

Close any open browsers 
Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again and restore the file that was placed in quarantine Post the contents of the combofix-dequarantine.txt in your next reply .

*Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum *


----------



## MKANET (Mar 21, 2012)

Hi, actually I seriously doubt its at all related to remotely anywhere or ssh2; both of which have no known vulnerabilities yet. Plus, these emails didn't start happening with 12 hours after I started testing different command-line key remapping tools; all of which I deleted. However, I thought they may have implanted a seed on my machine which I can't find. Any other suggestions on causes?


----------



## dvk01 (Dec 14, 2002)

I have no further ideas with this one


----------

