Unfortunately, I downloaded whatever virus accompanies the USPS Delivery Status Notification Email. Malwarebytes pops up in the lower right corner saying that it has blocked about 11-12 websites, each ending in -search.com. Also, in Task Manager, I notice Internet Explorer randomly opens (if I do not close them, I've seen up to 3 open at a time - also, they only open when the computer's Ethernet cable is connected and it is online), even though no IE appears on the screen. I have changed passwords on what I believe to be an un-infected CPU. For the most part, I keep the infected computer's Ethernet cable disconnected, and I'm not connected to a wireless network. I also ran DDS, but only the attach report ever appeared on my desktop. I tried this twice and both times with the same results.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:34:13 PM, on 6/2/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16545)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\STK02N\STK02NM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\WordPerfect Office X3\Programs\wpwin13.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bill\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.as...7&m=el1200-07w
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.as...7&m=el1200-07w
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.as...7&m=el1200-07w
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrec ordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [TSTimer] "C:\Program Files\Timeslips\TSTimer.exe"
O4 - HKUS\S-1-5-21-3094592299-2951784969-2980317445-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3094592299-2951784969-2980317445-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'UpdatusUser')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: STK02N 2.3 PNP Monitor.lnk = ?
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TimeslipsBackup (TSScheduleBackup) - Unknown owner - C:\Windows\system32\TSSchBkpService.exe
--
End of file - 6888 bytes
NO DDS.TXT FILE WAS GENERATED
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 10/10/2007 12:17:19 AM
System Uptime: 6/2/2014 12:19:31 PM (1 hours ago)
.
Motherboard: eMachines | | WMCP61M
Processor: AMD Athlon(tm) Processor 2650e | Socket AM2 | 1600/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 15.514 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 69.357 GiB free.
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Multi-Card
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK &VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20060413092100000&0#
Manufacturer: Generic-
Name: G:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK &VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20060413092100000&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP1626: 5/23/2014 6:11:17 PM - Scheduled Checkpoint
RP1627: 5/27/2014 9:14:36 AM - Windows Update
RP1629: 5/27/2014 12:50:30 PM - avast! antivirus system restore point
RP1631: 5/28/2014 11:00:38 AM - avast! antivirus system restore point
RP1633: 5/28/2014 11:09:08 AM - avast! antivirus system restore point
RP1634: 5/28/2014 11:26:56 AM - Removed Apple Application Support
RP1635: 5/28/2014 11:29:16 AM - Removed Apple Software Update
RP1636: 5/29/2014 1:51:56 PM - Removed Acrobat.com
RP1637: 5/29/2014 4:02:58 PM - Installed AVG 2014
RP1638: 5/29/2014 4:06:19 PM - Installed AVG 2014
RP1639: 5/30/2014 6:29:21 PM - Scheduled Checkpoint
RP1640: 6/2/2014 8:22:23 AM - Scheduled Checkpoint
RP1641: 6/2/2014 12:13:04 PM - Removed AVG 2014
RP1642: 6/2/2014 12:15:59 PM - Removed AVG 2014
RP1643: 6/2/2014 12:16:34 PM - Removed Visual Studio 2012 x86 Redistributables
RP1644: 6/2/2014 12:33:26 PM - Windows Update
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-02 13:06:27
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000019 ST316081 rev.4.AA 149.05GB
Running: i3l9k0rz.exe; Driver: C:\Users\Bill\AppData\Local\Temp\awtcyaob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[168] ntdll.dll!LdrLoadDll 77EF9378 5 Bytes JMP 6A001EB1 C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[168] kernel32.dll!HeapSetInformation + 26 77A0A9B8 2 Bytes JMP 60B83A32 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[168] kernel32.dll!HeapSetInformation + 29 77A0A9BB 4 Bytes JMP 02F6A3AB
.text C:\Program Files\Mozilla Firefox\firefox.exe[168] kernel32.dll!LockResource + C 77A26BD3 7 Bytes JMP 615084D6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[168] kernel32.dll!VirtualAllocEx + 54 77A2B030 7 Bytes JMP 615084F9 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[168] GDI32.dll!SetStretchBltMode + 256 776B745C 7 Bytes JMP 61508457 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[1404] kernel32.dll!SetUnhandledExceptionFilter 77A0A9BD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegCloseKey] [77897908] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegCreateKeyW] [7788391E] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegGetValueW] [77883EF9] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegOpenKeyExW] [77897BA1] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegCreateKeyExW] [778841F1] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegSetValueExW] [77883D5A] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegQueryValueExW] [7789765E] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!GetLengthSid] [7788E2FA] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!GetTokenInformation] [77898069] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!OpenProcessToken] [77897DDC] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!GetUserNameW] [778731D8] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegDeleteValueW] [77873FB6] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegEnumKeyExW] [77897F52] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegQueryInfoKeyW] [778848B4] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegOpenKeyW] [7788E2B5] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegEnumKeyW] [778980C3] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegEnumValueW] [77879850] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!CloseServiceHandle] [778782A5] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!OpenServiceW] [77878354] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!OpenSCManagerW] [77877137] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!QueryServiceStatus] [7787842C] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!CheckTokenMembership] [778858A1] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!ConvertStringSecurityDescriptorToSecurityDescriptorW] [77874611] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!OpenThreadToken] [7789779D] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!ConvertSidToStringSidW] [77879017] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!StartServiceW] [77873E0B] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!CreateWellKnownSid] [7788D263] C:\Windows\system32\ADVAPI32.dll
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:34:13 PM, on 6/2/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16545)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\STK02N\STK02NM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\WordPerfect Office X3\Programs\wpwin13.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bill\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.as...7&m=el1200-07w
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.as...7&m=el1200-07w
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.as...7&m=el1200-07w
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrec ordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [TSTimer] "C:\Program Files\Timeslips\TSTimer.exe"
O4 - HKUS\S-1-5-21-3094592299-2951784969-2980317445-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3094592299-2951784969-2980317445-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'UpdatusUser')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: STK02N 2.3 PNP Monitor.lnk = ?
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TimeslipsBackup (TSScheduleBackup) - Unknown owner - C:\Windows\system32\TSSchBkpService.exe
--
End of file - 6888 bytes
NO DDS.TXT FILE WAS GENERATED
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 10/10/2007 12:17:19 AM
System Uptime: 6/2/2014 12:19:31 PM (1 hours ago)
.
Motherboard: eMachines | | WMCP61M
Processor: AMD Athlon(tm) Processor 2650e | Socket AM2 | 1600/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 15.514 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 69.357 GiB free.
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Multi-Card
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK &VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20060413092100000&0#
Manufacturer: Generic-
Name: G:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK &VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20060413092100000&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP1626: 5/23/2014 6:11:17 PM - Scheduled Checkpoint
RP1627: 5/27/2014 9:14:36 AM - Windows Update
RP1629: 5/27/2014 12:50:30 PM - avast! antivirus system restore point
RP1631: 5/28/2014 11:00:38 AM - avast! antivirus system restore point
RP1633: 5/28/2014 11:09:08 AM - avast! antivirus system restore point
RP1634: 5/28/2014 11:26:56 AM - Removed Apple Application Support
RP1635: 5/28/2014 11:29:16 AM - Removed Apple Software Update
RP1636: 5/29/2014 1:51:56 PM - Removed Acrobat.com
RP1637: 5/29/2014 4:02:58 PM - Installed AVG 2014
RP1638: 5/29/2014 4:06:19 PM - Installed AVG 2014
RP1639: 5/30/2014 6:29:21 PM - Scheduled Checkpoint
RP1640: 6/2/2014 8:22:23 AM - Scheduled Checkpoint
RP1641: 6/2/2014 12:13:04 PM - Removed AVG 2014
RP1642: 6/2/2014 12:15:59 PM - Removed AVG 2014
RP1643: 6/2/2014 12:16:34 PM - Removed Visual Studio 2012 x86 Redistributables
RP1644: 6/2/2014 12:33:26 PM - Windows Update
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-02 13:06:27
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000019 ST316081 rev.4.AA 149.05GB
Running: i3l9k0rz.exe; Driver: C:\Users\Bill\AppData\Local\Temp\awtcyaob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[168] ntdll.dll!LdrLoadDll 77EF9378 5 Bytes JMP 6A001EB1 C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[168] kernel32.dll!HeapSetInformation + 26 77A0A9B8 2 Bytes JMP 60B83A32 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[168] kernel32.dll!HeapSetInformation + 29 77A0A9BB 4 Bytes JMP 02F6A3AB
.text C:\Program Files\Mozilla Firefox\firefox.exe[168] kernel32.dll!LockResource + C 77A26BD3 7 Bytes JMP 615084D6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[168] kernel32.dll!VirtualAllocEx + 54 77A2B030 7 Bytes JMP 615084F9 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[168] GDI32.dll!SetStretchBltMode + 256 776B745C 7 Bytes JMP 61508457 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[1404] kernel32.dll!SetUnhandledExceptionFilter 77A0A9BD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegCloseKey] [77897908] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegCreateKeyW] [7788391E] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegGetValueW] [77883EF9] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegOpenKeyExW] [77897BA1] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegCreateKeyExW] [778841F1] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegSetValueExW] [77883D5A] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegQueryValueExW] [7789765E] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!GetLengthSid] [7788E2FA] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!GetTokenInformation] [77898069] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!OpenProcessToken] [77897DDC] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!GetUserNameW] [778731D8] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegDeleteValueW] [77873FB6] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegEnumKeyExW] [77897F52] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegQueryInfoKeyW] [778848B4] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegOpenKeyW] [7788E2B5] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegEnumKeyW] [778980C3] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!RegEnumValueW] [77879850] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!CloseServiceHandle] [778782A5] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!OpenServiceW] [77878354] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!OpenSCManagerW] [77877137] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!QueryServiceStatus] [7787842C] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!CheckTokenMembership] [778858A1] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!ConvertStringSecurityDescriptorToSecurityDescriptorW] [77874611] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!OpenThreadToken] [7789779D] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!ConvertSidToStringSidW] [77879017] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!StartServiceW] [77873E0B] C:\Windows\system32\ADVAPI32.dll
IAT C:\Windows\Explorer.exe[1440] @ C:\Windows\Explorer.exe [ADVAPI32.dll!CreateWellKnownSid] [7788D263] C:\Windows\system32\ADVAPI32.dll
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----