# HELP. must have malware



## bmsbms29

BUT I can't open anything from here.

"DDS: 
====
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool. 
When done, DDS will open two (2) logs"

computer keeps popping up a screen saying what file I want to open it with.
That is whether I try to open or after I save as..

also tryed to open aswMBR.exe (saw in another thread) - same problem.

I have Windows 7 64-bit - and have been using Microsoft virus/firewall for almost a year.


----------



## bmsbms29

I cannot open ANY files and let them run. screen keeps asking me what / how it is suppose to open them. - and I do not know how or what type file to use to open them.
-
even the Windows Defender - I have been unable to open and install. - supposedly that is what I need to remove the Trojan file.


----------



## bmsbms29

FORGET THE ABOVE. finally got files to work.
____________________
I have a Trojan and cannot remove it. Also do I have malware??? 
1- was kicked out of internet over a wk ago. Took it to be repaired - cause I could not have any problems and Suddenlink Cable showed internet was fine. My sister could use cable to log onto internet But my laptop would not.
- Supposedly they upgraded my drives and was able to go online. So I backed up everything again, etc. Cleaned my computer of old files, etc.
- I then ran a Full Scan and found about 10 xxxjavaxxx viruses and 1 TrojanOS/Alureon.A
- The viruses was clears but not the Trojan. My Microsoft Virus said I needed to install Defenders but I have not been able to install it.
- So I finally was able to install you dds file and got the following:
.**************************************
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by Betty at 15:59:56 on 2012-08-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2044 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\system32\spool\DRIVERS\x64\3\lxebserv.exe
C:\Windows\system32\lxebcoms.exe
C:\Windows\system32\lxedcoms.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\The Weather Channel FW\Screensaver\TWCScreensaverUpdater.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\PC Care Center\Bin\EndUserService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = 
uSearch Bar = 
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361109b225l0364z155t47m2a218
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361109b225l0364z155t47m2a218
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: Serif PhotoPlus Toolbar: {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - C:\Program Files (x86)\Serif_PhotoPlus\prxtbSeri.dll
mURLSearchHooks: TheFreeDictionarycom Toolbar: {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files (x86)\TheFreeDictionarycom\tbThe1.dll
mURLSearchHooks: Serif PhotoPlus Toolbar: {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - C:\Program Files (x86)\Serif_PhotoPlus\prxtbSeri.dll
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
BHO: Freecause Toolbar BHO: {614bda1f-9bef-4cd1-bde4-fa4804929b4a} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll
BHO: InboxDollars BHO: {6ffb615d-e8ce-4add-8d9f-31c4be9c26e4} - C:\Program Files (x86)\InboxDollars\Toolbar.dll
BHO: Serif PhotoPlus Toolbar: {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - C:\Program Files (x86)\Serif_PhotoPlus\prxtbSeri.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Shop to Win 4: {91917dc6-93b9-4e62-b2d6-d39c9618c418} - C:\Program Files (x86)\Shop to Win 4\Shop to Win 4.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: TheFreeDictionarycom Toolbar: {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files (x86)\TheFreeDictionarycom\tbThe1.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: MyPoints Point Finder: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: TheFreeDictionarycom Toolbar: {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files (x86)\TheFreeDictionarycom\tbThe1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
TB: InboxDollars: {47980628-3844-42aa-a0dd-e2d86bba9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: Serif PhotoPlus Toolbar: {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - C:\Program Files (x86)\Serif_PhotoPlus\prxtbSeri.dll
TB: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {30AA252E-B1DF-4AA2-9C5E-194C67A7C623} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: drugstore.com\www
Trusted Zone: gradespeed.net\osceola
Trusted Zone: iwon.com\www
Trusted Zone: kcm.org\www
Trusted Zone: lakeside.com\www
Trusted Zone: mturk.com\www
Trusted Zone: mypoints.com\www
Trusted Zone: pch.com\search
Trusted Zone: scholastic.com\www
Trusted Zone: statefarm.com\online
Trusted Zone: statefarm.com\online2
Trusted Zone: statefarm.com\www
Trusted Zone: trivita.com\www
Trusted Zone: uamont.edu\uam-smail1.student
Trusted Zone: uamont.edu\weevilnet
Trusted Zone: uamont.edu\www
Trusted Zone: valuedopinions.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Film%20Fatale%20-%20Lights,%20Camera,%20Madness/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2E4A92AB-F2C0-456A-9935-B715439790D7} - hxxps://www.opinionsquare.com/Config/packages/op/opsetup.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://www.shockwave.com/content/bigcityadventuresf/sis/JBGamePlayer.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} - hxxp://www.shockwave.com/content/dreamchronicles2/sis/dream2web.1.0.0.13.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F2E1D45B-9197-42A2-8734-70BD26A16E02} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F2E1D45B-9197-42A2-8734-70BD26A16E02}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 208.85.133.10 208.85.133.11
TCP: Interfaces\{F2E1D45B-9197-42A2-8734-70BD26A16E02}\344535F65747861427B6 : DhcpNameServer = 172.16.10.2 172.16.10.7 192.168.1.1
TCP: Interfaces\{F2E1D45B-9197-42A2-8734-70BD26A16E02}\3596C667562735861627B6D27657563747 : DhcpNameServer = 192.168.33.1 208.180.42.100 208.180.42.68
TCP: Interfaces\{F2E1D45B-9197-42A2-8734-70BD26A16E02}\A434C455655523 : DhcpNameServer = 208.180.42.68 208.180.42.100
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp3.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll
AppInit_DLLs: 
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: AC-Pro: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
BHO-X64: SuggestMeYesBHO - No File
BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
BHO-X64: Wincore Mediabar - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
BHO-X64: Freecause Toolbar BHO: {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: InboxDollars BHO: {6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4} - C:\Program Files (x86)\InboxDollars\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: Serif PhotoPlus Toolbar: {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - C:\Program Files (x86)\Serif_PhotoPlus\prxtbSeri.dll
BHO-X64: Serif PhotoPlus - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Shop to Win 4: {91917DC6-93B9-4E62-B2D6-D39C9618C418} - C:\Program Files (x86)\Shop to Win 4\Shop to Win 4.dll
BHO-X64: Freecause Shopping BHO - No File
BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: TheFreeDictionarycom Toolbar: {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files (x86)\TheFreeDictionarycom\tbThe1.dll
BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: MyPoints Point Finder: {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files (x86)\MyPoints Point Finder\Toolbar.dll
TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB-X64: TheFreeDictionarycom Toolbar: {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files (x86)\TheFreeDictionarycom\tbThe1.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
TB-X64: InboxDollars: {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll
TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB-X64: Serif PhotoPlus Toolbar: {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - C:\Program Files (x86)\Serif_PhotoPlus\prxtbSeri.dll
TB-X64: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {30AA252E-B1DF-4AA2-9C5E-194C67A7C623} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
AppInit_DLLs-X64: 
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpKslb48d301c;MpKslb48d301c;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B65948A4-A6CC-4348-93FC-75108E711C02}\MpKslb48d301c.sys [2012-8-20 35664]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-3-9 361984]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-8-27 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 lxeb_device;lxeb_device;C:\Windows\system32\lxebcoms.exe -service --> C:\Windows\system32\lxebcoms.exe -service [?]
R2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxebserv.exe [2010-4-14 45736]
R2 lxed_device;lxed_device;C:\Windows\system32\lxedcoms.exe -service --> C:\Windows\system32\lxedcoms.exe -service [?]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-6 311592]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-27 240160]
R2 WarrantyWare;WarrantyWare;C:\Program Files (x86)\PC Care Center\Bin\EndUserService.exe [2008-9-19 459408]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-14 136176]
S2 LinksysUpdater;Linksys Updater;C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-4-18 204800]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-14 136176]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 RoxMediaDBVHS;RoxMediaDBVHS;C:\Program Files (x86)\Common Files\Roxio Shared\VHStoDVD\SharedCOM\RoxMediaDBVHS.exe [2011-12-19 1114384]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-20 20:38:13	69000	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B65948A4-A6CC-4348-93FC-75108E711C02}\offreg.dll
2012-08-20 20:35:50	35664	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B65948A4-A6CC-4348-93FC-75108E711C02}\MpKslb48d301c.sys
2012-08-20 00:54:42	514560	----a-w-	C:\Windows\SysWow64\qdvd.dll
2012-08-20 00:54:41	366592	----a-w-	C:\Windows\System32\qdvd.dll
2012-08-20 00:42:44	9133488	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA0555C7-A1A8-43F9-B9FF-6F77BC772127}\mpengine.dll
2012-08-19 01:10:36	--------	d-sh--w-	C:\Windows\SysWow64\%APPDATA%
2012-08-19 01:07:12	20480	----a-w-	C:\Windows\svchost.exe
2012-08-19 01:01:18	122880	----a-w-	C:\ProgramData\Microsoft\Windows\DRM\97AA.tmp.dat
2012-08-18 21:07:37	--------	d-----w-	C:\Users\Betty\3-Government info
2012-08-17 23:05:18	--------	d-----w-	C:\Users\Betty\2-Housing-Shortage areas
2012-08-17 23:03:08	485576	----a-w-	C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-08-17 23:02:52	15256	----a-w-	C:\Users\Betty\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2012-08-17 18:54:12	0	----a-w-	C:\Windows\ativpsrm.bin
2012-08-17 16:49:39	503808	----a-w-	C:\Windows\System32\srcore.dll
2012-08-17 16:49:39	43008	----a-w-	C:\Windows\SysWow64\srclient.dll
2012-08-17 16:49:35	3148800	----a-w-	C:\Windows\System32\win32k.sys
2012-08-17 16:49:34	59392	----a-w-	C:\Windows\System32\browcli.dll
2012-08-17 16:49:34	136704	----a-w-	C:\Windows\System32\browser.dll
2012-08-17 16:49:32	41984	----a-w-	C:\Windows\SysWow64\browcli.dll
2012-08-17 16:49:30	751104	----a-w-	C:\Windows\System32\win32spl.dll
2012-08-17 16:49:29	67072	----a-w-	C:\Windows\splwow64.exe
2012-08-17 16:49:29	559104	----a-w-	C:\Windows\System32\spoolsv.exe
2012-08-17 16:49:29	492032	----a-w-	C:\Windows\SysWow64\win32spl.dll
2012-08-17 16:49:27	956928	----a-w-	C:\Windows\System32\localspl.dll
2012-08-16 18:34:53	--------	d-----w-	C:\Users\Betty\AppData\Local\Temp
2012-08-16 14:40:25	--------	d-----w-	C:\Windows\System32\Computer Troubleshooters
2012-08-16 14:25:35	--------	d-----w-	C:\Windows\SysWow64\Computer Troubleshooters
2012-08-16 13:30:43	--------	d-----w-	C:\Computer Troubleshooters
2012-08-13 16:50:09	--------	d-----w-	C:\ProgramData\Uninstall
2012-08-13 16:49:31	--------	d-----w-	C:\Program Files (x86)\Common Files\SureThing Shared
2012-08-13 16:45:33	56208	------w-	C:\Windows\System32\drivers\PxHlpa64.sys
2012-08-13 16:45:33	10224	------w-	C:\Windows\System32\drivers\cdralw2k.sys
2012-08-13 16:45:33	10224	------w-	C:\Windows\System32\drivers\cdr4_xp.sys
2012-08-13 16:36:51	--------	d-----w-	C:\Program Files (x86)\Common Files\Sonic Shared
2012-08-13 16:36:33	--------	d-----w-	C:\Program Files (x86)\Roxio Easy VHS to DVD 3
2012-08-13 02:58:37	9013136	------w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B65948A4-A6CC-4348-93FC-75108E711C02}\mpengine.dll
2012-08-11 19:16:13	--------	d-----w-	C:\Program Files (x86)\Bejeweled 2
2012-08-11 14:28:30	--------	d-----w-	C:\Users\Betty\AppData\Local\SlimWare Utilities Inc
2012-08-11 14:28:25	--------	d--h--w-	C:\ProgramData\Common Files
2012-08-11 14:22:14	--------	d-----w-	C:\ProgramData\PC Drivers HeadQuarters
2012-08-06 16:01:56	--------	d-----w-	C:\Program Files (x86)\Escape the Emerald Star
2012-08-06 14:53:23	--------	d-----w-	C:\Users\Betty\0-Government info
2012-08-05 14:01:33	--------	d-----w-	C:\Users\Betty\AppData\Roaming\SulusGames
2012-08-04 16:30:48	--------	d-----w-	C:\Users\Betty\1-Orders Waiting on
2012-08-01 23:22:51	--------	d-----w-	C:\Program Files (x86)\Mystery P.I. - Stolen in San Francisco
2012-08-01 01:54:18	--------	d-----w-	C:\Program Files (x86)\Haunted Halls - Green Hills Sanitarium Collector's Edition
2012-07-31 23:28:24	--------	d-----w-	C:\Program Files (x86)\NCH Software
2012-07-31 23:28:11	--------	d-----w-	C:\Users\Betty\AppData\Roaming\NCH Software
2012-07-31 13:01:12	--------	d-----w-	C:\Users\Betty\AppData\Roaming\AVS4YOU
2012-07-31 12:58:14	--------	d-----w-	C:\Program Files (x86)\Common Files\AVSMedia
2012-07-31 12:58:13	--------	d-----w-	C:\ProgramData\AVS4YOU
2012-07-31 12:58:13	--------	d-----w-	C:\Program Files (x86)\AVS4YOU
2012-07-30 19:23:14	--------	d-----w-	C:\Users\Betty\AppData\Roaming\FLEXnet
2012-07-30 19:12:09	--------	d-----w-	C:\Users\Betty\AppData\Local\Rovi_Corporation
2012-07-30 18:49:10	--------	d-----w-	C:\Users\Betty\AppData\Roaming\Roxio Log Files
2012-07-30 14:06:51	--------	d-----w-	C:\Users\Betty\AppData\Roaming\margrave3_full
2012-07-27 20:51:30	184248	----a-w-	C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-07-22 02:39:14	--------	d-----w-	C:\Program Files (x86)\Spirits of Mystery - Amber Maiden
2012-07-22 02:31:35	--------	d-----w-	C:\Program Files (x86)\Awakening - The Dreamless Castle
2012-07-22 02:28:44	--------	d-----w-	C:\Program Files (x86)\Awakening - Moonfell Wood
.
==================== Find3M ====================
.
2012-08-17 13:38:33	70344	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-17 13:38:33	426184	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-29 03:56:34	2312704	----a-w-	C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11	1392128	----a-w-	C:\Windows\System32\wininet.dll
2012-06-29 03:48:07	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58	1800704	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-06-07 01:59:42	1070152	----a-w-	C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16	2004480	----a-w-	C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16	1881600	----a-w-	C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54	1133568	----a-w-	C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52	1390080	----a-w-	C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52	1236992	----a-w-	C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06	805376	----a-w-	C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31	2622464	----a-w-	C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08	99840	----a-w-	C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42	186752	----a-w-	C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12	36864	----a-w-	C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10	458704	----a-w-	C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16	95600	----a-w-	C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16	151920	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31	340992	----a-w-	C:\Windows\System32\schannel.dll
2012-06-02 05:44:21	307200	----a-w-	C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42	22016	----a-w-	C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39	225280	----a-w-	C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10	219136	----a-w-	C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09	96768	----a-w-	C:\Windows\SysWow64\sspicli.dll
2012-05-31 17:25:12	279656	------w-	C:\Windows\System32\MpSigStub.exe
2012-05-29 16:52:17	111960	----a-w-	C:\Windows\dxsdkuninst.exe
.
============= FINISH: 16:03:15.35 ===============

*******I thought I was suppose to have a file or two to attach but can not find anything.:banghead:


----------



## bmsbms29

I found the Attach file
--
Also ms security shows the Trojan has been removed but it wants me to dowload W.Defender - but i've not been able to do that. and then it wants me to scan again.
--
zipped it but could not attach - said was too large. 
I'll try separating into 2 files and zipping each one.


----------



## bmsbms29

other half of Zipped Attach file


----------



## bmsbms29

I did a quick scan - Trojan is still here.
-
I won't do anything else.


----------



## bmsbms29

Because I have gotten no help yet And because so many who requested help After I entered mine Have rec'd help - I haved tried to get Microsoft security essentials (MSE) to remove the Trojan - but did not work. 

Finally got Windows Defender - did a full scan. Got back to desktop, MSE shows everything is ok - Until I go online and popup screen says computer is infected and i need to scan - AGAIN. 

I scan, it shows Trojan is Removed. I reboot, etc. All looks ok, UNTIL I go online - and it starts all over again.
- Still have the TROJAN..
--------
Can Anyone Please help me get rid of this Trojan??? :blush:


----------



## bmsbms29

THIS THREAD CAN BE DELETED. I thought this one began wrong and may be confusing.:banghead:





I began a new one called 


TrojanOS\Alureon.A help please


----------

