Jump to content

1jollymon

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral

About 1jollymon

  • Birthday May 8
  1. Thanks, I've deleted all but not sure on the DDS manually? I really appreciate your work
  2. Hi Maniac, I want too thank you for all your expertise and help. In your opinion, what is the best antivirus protection one should be running on their machine? I currently am using Shield Deluxe. Lastly, what is the best way to get rid of duplicate files? Again, Thank you very much! Chris
  3. Everything looks great! Log is too long to post . . . Automatic Scan: completed 30 minutes ago (events: 6105, objects: 6076, time: 00:06:38) 4/21/2012 3:03:03 PM Task started 4/21/2012 3:03:03 PM 4/21/2012 3:09:41 PM Task completed
  4. The above was all that was in the log file? Unless I did something wrong . . .
  5. Hey Maniac. This is all that was in the log? ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK Chris
  6. Hey Maniac. This is all that was in the log? ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK Chris
  7. Yes, that's all . . . I must have gotten all of the infections on my very first round. The system is working much faster now however, I was reading another post about false positives and the use of TDSSkiller (attached log) and had some skipped files that I was not sure of and I needed to know if I should delete them or ignore them. I just don't know that these pay services are really worth it, not knowing them and having them in my computer remotely is a bit scary. They keep pointing to my system logs with errors an say that these are viruses an they must be repaired. I have only lost one computer do to infection and that was enough for me to stay on top of security and cleaning. The only other issue I have with this desktop is that it randomly freezes the keyboard and mouse. The error is something about lost memory? I thank you for your set of eyes on this as I certainly don't want to delete the wrong files. So this is computer is the first to be cleaned, I have a laptop that I will be cleaning out as well that I'm pretty sure is clean now as well. It is running a bit slow but I'll address this another day. Ok, Maniac, I really appreciate you time spent on this. I you feel that there are other steps needed, please let me know. Regards, Chris
  8. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 7/5/2010 10:21:19 PM System Uptime: 4/18/2012 2:35:16 PM (2 hours ago) . Motherboard: ELITEGROUP | | MCP61P Processor: AMD Athlon 64 X2 Dual Core Processor 5200+ | Socket M2 | 2600/201mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 288 GiB total, 187.546 GiB free. D: is FIXED (NTFS) - 10 GiB total, 9.611 GiB free. E: is CDROM () F: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Profos Device ID: ROOT\LEGACY_PROFOS\0000 Manufacturer: Name: Profos PNP Device ID: ROOT\LEGACY_PROFOS\0000 Service: Profos . Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318} Description: Hauppauge WinTV HVR-1600 NTSC/ATSC Combo Device ID: PCI\VEN_14F1&DEV_5B7A&SUBSYS_74040070&REV_00\4&9418CF&0&2820 Manufacturer: Hauppauge Name: Hauppauge WinTV HVR-1600 NTSC/ATSC Combo PNP Device ID: PCI\VEN_14F1&DEV_5B7A&SUBSYS_74040070&REV_00\4&9418CF&0&2820 Service: hcw18bda . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart D110 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart D110 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . RP301: 3/7/2012 11:41:18 AM - Revo Uninstaller's restore point - Realtek High Definition Audio Driver RP303: 3/7/2012 12:07:01 PM - Revo Uninstaller's restore point - Realtek High Definition Audio Driver RP305: 3/11/2012 6:58:08 PM - Installed DTCPIP Advisor RP306: 3/11/2012 7:05:01 PM - Installed Java 6 Update 31 RP308: 3/11/2012 7:48:43 PM - Installed NVIDIA Performance RP310: 3/11/2012 7:50:03 PM - Installed NVIDIA System Monitor RP312: 3/12/2012 4:19:19 PM - Revo Uninstaller's restore point - DIRECTV2PC Playback Advisor RP314: 3/12/2012 4:19:40 PM - Configured DTCPIP Advisor RP315: 3/13/2012 5:02:58 PM - Windows Update RP317: 3/14/2012 10:55:42 AM - Installed DirecTV RP319: 3/14/2012 11:10:54 AM - Installed DirecTV RP321: 3/14/2012 11:15:21 AM - Installed DirecTV RP323: 3/14/2012 11:16:05 AM - Installed DirecTV RP325: 3/14/2012 11:20:36 AM - Installed DirecTV RP327: 3/14/2012 11:21:34 AM - Revo Uninstaller's restore point - DIRECTV2PC RP329: 3/14/2012 11:21:52 AM - Configured DirecTV RP330: 3/14/2012 7:05:06 PM - Windows Update RP331: 3/24/2012 3:56:17 PM - Scheduled Checkpoint RP333: 3/30/2012 3:25:02 PM - Revo Uninstaller's restore point - Core Temp version 0.99.7 RP335: 3/31/2012 5:36:05 PM - Revo Uninstaller's restore point - AVG Security Toolbar RP337: 3/31/2012 5:37:41 PM - Revo Uninstaller's restore point - FixCleaner RP338: 3/31/2012 5:37:51 PM - Removed FixCleaner RP340: 3/31/2012 5:40:01 PM - Revo Uninstaller's restore point - Dave Ramsey's Financial Peace Financial Software RP342: 3/31/2012 5:41:11 PM - Revo Uninstaller's restore point - Yahoo! Software Update RP343: 4/11/2012 10:13:03 PM - Windows Update RP345: 4/16/2012 10:38:22 AM - RegClean Pro Mon, Apr 16, 12 10:38 RP347: 4/16/2012 12:39:38 PM - DSU : Disk Speedup - Disk SpeedUp RP348: 4/16/2012 2:06:03 PM - Installed HiJackThis . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) AoA DVD Copy Apple Application Support Apple Mobile Device Support Apple Software Update AT&T Troubleshoot & Resolve Tool att.net Toolbar AutocompletePro Bing Bar Bing Rewards Client Installer Bonjour Bonjour Print Services BufferChm CCleaner Cisco WebEx Meetings Core Temp version 0.99.7 Corel Applications Coupon Printer for Windows D110 D3DX10 Destinations DeviceDiscovery Digital Voice Editor 3 Disk Speedup doubleTwist Dragon NaturallySpeaking 11 DriverAgent by eSupport.com Dropbox EASEUS Data Recovery Wizard Free Edition 5.0.1 ExamView Assessment Suite ffdshow [rev 2527] [2008-12-19] FOX News Live Stream Google Apps Migration For Microsoft Outlook® 2.3.12.34 Google Apps Sync™ for Microsoft Outlook® 3.0.51.96 Google Chrome Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 Hauppauge WinTV 7 HiJackThis HP Customer Participation Program 14.0 HP Imaging Device Functions 14.0 HP Photo Creations HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 HP Smart Web Printing 4.60 HP Update HPAppStudio HPDiagnosticAlert HPPhotoGadget HPProductAssistant HPSSupply HTC BMP USB Driver HTC Driver Installer Internet TV for Windows Media Center iTunes Java Auto Updater Java 6 Update 31 Junk Mail filter update Kofax VirtualReScan 4.10 Kofax VRS Update for Visioneer OneTouch OEM M86Security Secure Browsing Malwarebytes Anti-Malware version 1.61.0.1400 MarketResearch Marvell Miniport Driver Mesh Runtime Messenger Companion Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Default Manager Microsoft IntelliPoint 8.2 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Ultimate 2007 Microsoft Office Word MUI (English) 2007 Microsoft SAPI 5.1 Runtime Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 10.0.1 (x86 en-US) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB973685) Network NVIDIA Control Panel 295.73 NVIDIA Display Control Panel NVIDIA Drivers NVIDIA Graphics Driver 295.73 NVIDIA Install Application NVIDIA Performance NVIDIA System Monitor NVIDIA Update 1.7.11 NVIDIA Update Components OGA Notifier 2.0.0048.0 OneTouch 4.0 OneTouch 4.0 ScanSoft OmniPage OCR Module PlayReady PC Runtime x86 Presto! BizCard 5 (English Version) PS_AIO_07_D110_SW_Min PVSonyDll QuickTime QuickTransfer RegClean Pro Revo Uninstaller 1.93 Scan ScanSoft OmniPage 15 ScanSoft PaperPort 11 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Shop for HP Supplies Skype Click to Call Skype™ 5.5 SmartWebPrinting SolutionCenter Status Systweak PhotoStudio 2.1 The Shield Deluxe 2010 Toolbox TrayApp Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Visual C++ 9.0 Runtime for Dragon NaturallySpeaking Visual C++ Runtime for Dragon NaturallySpeaking WebEx Support Manager for Internet Explorer WebReg Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin . ==== Event Viewer Messages From Past Week ======== . 4/18/2012 2:37:17 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 4/18/2012 2:37:08 PM, Error: Service Control Manager [7000] - The Profos service failed to start due to the following error: The request is not supported. 4/18/2012 2:35:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv szkg5 szkgfs 4/17/2012 3:10:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. 4/17/2012 3:07:17 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. 4/12/2012 5:20:16 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. . ==== End Of File =========================== . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Chris at 16:22:50 on 2012-04-18 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3198.1466 [GMT -5:00] . AV: The Shield Deluxe Antivirus *Enabled/Updated* {5988F8C3-A12C-B8DD-7291-D5248C8353F8} SP: The Shield Deluxe Antispyware *Enabled/Updated* {E2E91927-8716-B753-4821-EE56F7041945} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exe C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe C:\Windows\system32\taskeng.exe C:\Program Files\Core Temp\Core Temp.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Nuance\dgnsvc.exe C:\Program Files\Disk Speedup\DSUDefragSrv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\seccenter.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Motive\McciServiceHost.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\svchost.exe -k HPService C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://isearch.avg.com/?cid={22882FB4-F8BE-4F4E-8162-90445192A92F}&mid=eb174d40acc347d0b5dbd15067643aa2-06ce4fc639803a2e3563922518183d8e94088cb9〈=en&ds=ts025&pr=sa&d=2012-03-30 18:33:30&v=9.0.0.23&sap=hp uSearch Bar = Preserve mStart Page = about:blank uInternet Settings,ProxyOverride = *.local;<local> mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5426E BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: SecureBrowsing bho: {7632abca-b104-4fbc-9c70-419c4147061b} - c:\program files\m86security secure browsing\SecureBrowsing.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: The Shield Deluxe 2010 Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\the shield deluxe\the shield deluxe 2010\IEToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: M86 Security Secure Browsing: {b99f805c-f0b1-48ea-8c8b-753bfcbed913} - c:\program files\m86security secure browsing\SecureBrowsing.dll TB: {BB670D0B-5C46-40C7-B38B-40DD26987723} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll {85e0b171-04fa-11d1-b7da-00a0c90348d6} uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [Google Update] "c:\users\chris\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [9B76BD8E0E6C799CA95AC4260DAE52D2CD6E0D82._service_run] "c:\users\chris\appdata\local\google\chrome\application\chrome.exe" --type=service uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [bitDefender Antiphishing Helper] "c:\program files\the shield deluxe\the shield deluxe 2010\IEShow.exe" mRun: [bDAgent] "c:\program files\the shield deluxe\the shield deluxe 2010\bdagent.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\chris\appdata\roaming\dropbox\bin\Dropbox.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: $talisma_url$ Trusted Zone: ucourses.com\ccis DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.2.1 192.168.1.254 TCP: Interfaces\{0B0F9AD2-46B6-44D7-8102-3CB6BA5F6D83} : DhcpNameServer = 192.168.2.1 192.168.1.254 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\zkc6zfre.default\ FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q= FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\the shield deluxe\the shield deluxe 2011\bdaphffext\components\bdaphff3.6.dll FF - component: c:\program files\the shield deluxe\the shield deluxe 2011\bdaphffext\components\bdaphff3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll FF - plugin: c:\program files\common files\motive\npMotive.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.68\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\nuance\pdf reader\bin\nppdf.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\chris\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\zkc6zfre.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll . ---- FIREFOX POLICIES ---- FF - user.js: capability.policy.policynames - allowclipboard FF - user.js: capability.policy.allowclipboard.sites - hxxps://ccis.ucourses.com FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess user_pref(capability.policy.allowclipboard.sites, hxxp://www.mozilla.org https://www.mozilla.org) FF - user.js: network.http.max-persistent-connections-per-server - FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R1 bdfwfpf;bdfwfpf;c:\program files\common files\the shield deluxe\the shield deluxe firewall\bdfwfpf.sys [2009-9-1 78856] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808] R2 DSUDiskOptimizer;DSUDiskOptimizer;c:\program files\disk speedup\DSUDefragSrv.exe [2012-4-16 668472] R2 HauppaugeTVServer;HauppaugeTVServer;c:\program files\wintv\tvserver\HauppaugeTVServer.exe [2011-11-21 570368] R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-3-9 6656] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-16 654408] R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2012-3-30 315392] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-5 2348352] R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-8-12 87040] R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-9-17 152328] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-16 22344] R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [2009-9-15 38248] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2012-1-25 319264] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-23 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-13 253088] S3 Arrakis3;The Shield Deluxe Arrakis Server;c:\program files\common files\the shield deluxe\the shield deluxe arrakis server\bin\arrakis3.exe [2009-9-14 183880] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-4-17 23456] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-25 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-23 135664] S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2011-11-21 719616] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040] S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [2010-7-9 11264] S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2010-1-18 3200] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-2 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-6 1343400] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-04-17 21:16:51 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys 2012-04-17 21:16:51 -------- d-----w- c:\users\chris\appdata\local\eSupport.com 2012-04-16 20:35:48 -------- d-----w- c:\users\chris\appdata\roaming\Finjan 2012-04-16 20:35:47 -------- d-----w- c:\program files\M86Security Secure Browsing 2012-04-16 19:06:25 388096 ----a-r- c:\users\chris\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-04-16 18:56:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-16 18:56:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-16 17:46:14 -------- d-----w- c:\programdata\AMMYY 2012-04-16 15:56:44 -------- d-----w- c:\programdata\Systweak 2012-04-16 15:56:34 -------- d-----w- c:\program files\Disk Speedup 2012-04-16 15:49:35 -------- d-----w- c:\program files\Systweak 2012-04-16 15:39:13 2220 ----a-w- c:\windows\system32\ASOROSet.bin 2012-04-16 15:34:34 -------- d-----w- c:\users\chris\appdata\roaming\Systweak 2012-04-16 15:34:32 17280 ----a-w- c:\windows\system32\roboot.exe 2012-04-16 15:34:29 -------- d-----w- c:\program files\RegClean Pro 2012-04-13 16:26:52 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-12 03:18:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-12 03:18:01 1799168 ----a-w- c:\windows\system32\jscript9.dll 2012-04-12 03:18:01 141112 ----a-w- c:\program files\internet explorer\sqmapi.dll 2012-04-12 03:18:00 194048 ----a-w- c:\program files\internet explorer\IEShims.dll 2012-04-12 03:18:00 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-04-12 03:17:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll 2012-04-12 03:17:59 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-04-12 03:13:35 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-12 03:13:35 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-12 03:13:35 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-04-12 03:13:35 159232 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-12 03:13:18 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-12 03:13:17 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-04 05:53:56 182160 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll 2012-03-31 01:26:26 -------- d-----w- c:\program files\ATT-SST 2012-03-31 01:22:37 -------- d-----w- c:\program files\common files\Motive 2012-03-31 01:20:32 -------- d-----w- c:\programdata\ATTYToolbar 2012-03-30 23:33:22 -------- d--h--w- c:\programdata\Common Files 2012-03-30 23:32:39 -------- d-----w- c:\users\chris\appdata\roaming\FixCleaner 2012-03-30 20:31:14 -------- d-----w- c:\program files\Core Temp . ==================== Find3M ==================== . 2012-04-13 19:48:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-12 00:05:41 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-15 17:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-15 17:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2012-02-14 18:46:28 172032 ----a-w- c:\windows\system32\AniGIF.ocx 2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 04:13:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll 2012-02-10 04:13:00 61248 ----a-w- c:\windows\system32\OpenCL.dll 2012-02-10 04:13:00 5892928 ----a-w- c:\windows\system32\nvcuda.dll 2012-02-10 04:13:00 2517312 ----a-w- c:\windows\system32\nvcuvid.dll 2012-02-10 04:13:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-02-10 04:13:00 2301248 ----a-w- c:\windows\system32\nvapi.dll 2012-02-10 04:13:00 19443520 ----a-w- c:\windows\system32\nvoglv32.dll 2012-02-10 04:13:00 17543488 ----a-w- c:\windows\system32\nvcompiler.dll 2012-02-10 04:13:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll 2012-02-10 04:13:00 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-02-10 04:13:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll 2012-02-10 03:02:06 3881792 ----a-w- c:\windows\system32\nvcpl.dll 2012-02-10 03:00:44 2719040 ----a-w- c:\windows\system32\nvsvc.dll 2012-02-10 03:00:26 645440 ----a-w- c:\windows\system32\nvvsvc.exe 2012-02-10 03:00:26 62272 ----a-w- c:\windows\system32\nvshext.dll 2012-02-10 03:00:26 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-02-07 16:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-01-25 10:23:10 319264 ----a-w- c:\windows\system32\drivers\yk62x86.sys 2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe . ============= FINISH: 16:23:25.15 ===============
  9. Ok . . . Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4531 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 9/2/2010 10:46:42 AM mbam-log-2010-09-02 (10-46-42).txt Scan type: Quick scan Objects scanned: 136825 Time elapsed: 5 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) *************************************************************************************** Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5282 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12/9/2010 1:41:40 PM mbam-log-2010-12-09 (13-41-40).txt Scan type: Quick scan Objects scanned: 143686 Time elapsed: 3 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) **************************************************************************************** Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5282 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12/13/2010 8:42:47 AM mbam-log-2010-12-13 (08-42-47).txt Scan type: Quick scan Objects scanned: 143561 Time elapsed: 5 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ************************************************************************************* Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5376 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12/22/2010 10:39:23 AM mbam-log-2010-12-22 (10-39-23).txt Scan type: Full scan (C:\|) Objects scanned: 238026 Time elapsed: 30 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ********************************************************************************** Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.16.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Chris :: HOME-PC [administrator] Protection: Enabled 4/16/2012 5:48:09 PM mbam-log-2012-04-16 (17-48-09).txt Scan type: Flash scan Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: Registry | File System | P2P Objects scanned: 159558 Time elapsed: 1 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ********************************************************************************************* Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.17.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Chris :: HOME-PC [administrator] Protection: Enabled 4/17/2012 4:40:46 PM mbam-log-2012-04-17 (16-40-46).txt Scan type: Custom scan Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P Objects scanned: 1 Time elapsed: 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ************************************************************************************** Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.19.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Chris :: HOME-PC [administrator] Protection: Enabled 4/19/2012 11:39:32 AM mbam-log-2012-04-19 (11-39-32).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 339726 Time elapsed: 58 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ************************************************************************************** 2012/04/16 13:58:10 -0500 HOME-PC Chris MESSAGE Starting protection 2012/04/16 13:58:12 -0500 HOME-PC Chris MESSAGE Protection started successfully 2012/04/16 13:58:15 -0500 HOME-PC Chris MESSAGE Starting IP protection 2012/04/16 13:58:18 -0500 HOME-PC Chris MESSAGE IP Protection started successfully 2012/04/16 14:02:14 -0500 HOME-PC Chris MESSAGE Executing scheduled update: Daily 2012/04/16 14:02:15 -0500 HOME-PC Chris MESSAGE Database already up-to-date 2012/04/16 15:37:29 -0500 HOME-PC Chris MESSAGE Stopping IP protection 2012/04/16 15:40:43 -0500 HOME-PC Chris MESSAGE IP Protection stopped 2012/04/16 15:40:43 -0500 HOME-PC Chris MESSAGE Starting IP protection 2012/04/16 15:40:46 -0500 HOME-PC Chris MESSAGE IP Protection started successfully 2012/04/16 17:00:07 -0500 HOME-PC Chris MESSAGE Starting protection 2012/04/16 17:00:10 -0500 HOME-PC Chris MESSAGE Protection started successfully 2012/04/16 17:00:13 -0500 HOME-PC Chris MESSAGE Starting IP protection 2012/04/16 17:00:16 -0500 HOME-PC Chris MESSAGE IP Protection started successfully ************************************************************************************************************************************** 2012/04/17 08:26:28 -0500 HOME-PC Chris MESSAGE Starting protection 2012/04/17 08:26:31 -0500 HOME-PC Chris MESSAGE Protection started successfully 2012/04/17 08:26:34 -0500 HOME-PC Chris MESSAGE Starting IP protection 2012/04/17 08:26:37 -0500 HOME-PC Chris MESSAGE IP Protection started successfully 2012/04/17 09:19:26 -0500 HOME-PC Chris IP-BLOCK 78.140.143.14 (Type: outgoing, Port: 50020, Process: firefox.exe) 2012/04/17 09:36:31 -0500 HOME-PC Chris IP-BLOCK 208.94.234.159 (Type: outgoing, Port: 50601, Process: firefox.exe) 2012/04/17 09:40:48 -0500 HOME-PC Chris IP-BLOCK 78.140.143.14 (Type: outgoing, Port: 50885, Process: firefox.exe) 2012/04/17 09:44:00 -0500 HOME-PC Chris IP-BLOCK 78.140.138.13 (Type: outgoing, Port: 51269, Process: firefox.exe) 2012/04/17 10:50:34 -0500 HOME-PC Chris MESSAGE Executing scheduled update: Daily 2012/04/17 10:50:42 -0500 HOME-PC Chris MESSAGE Scheduled update executed successfully: database updated from version v2012.04.16.04 to version v2012.04.17.04 2012/04/17 10:50:42 -0500 HOME-PC Chris MESSAGE Starting database refresh 2012/04/17 10:50:42 -0500 HOME-PC Chris MESSAGE Stopping IP protection 2012/04/17 10:54:16 -0500 HOME-PC Chris MESSAGE IP Protection stopped 2012/04/17 10:54:18 -0500 HOME-PC Chris MESSAGE Database refreshed successfully 2012/04/17 10:54:18 -0500 HOME-PC Chris MESSAGE Starting IP protection 2012/04/17 10:54:21 -0500 HOME-PC Chris MESSAGE IP Protection started successfully 2012/04/17 12:44:29 -0500 HOME-PC Chris MESSAGE Starting protection 2012/04/17 12:44:32 -0500 HOME-PC Chris MESSAGE Protection started successfully 2012/04/17 12:44:35 -0500 HOME-PC Chris MESSAGE Starting IP protection 2012/04/17 12:44:38 -0500 HOME-PC Chris MESSAGE IP Protection started successfully ****************************************************************************************************************************************** 2012/04/18 11:29:04 -0500 HOME-PC Chris MESSAGE Starting protection 2012/04/18 11:29:07 -0500 HOME-PC Chris MESSAGE Protection started successfully 2012/04/18 11:29:10 -0500 HOME-PC Chris MESSAGE Starting IP protection 2012/04/18 11:29:14 -0500 HOME-PC Chris MESSAGE IP Protection started successfully 2012/04/18 11:29:46 -0500 HOME-PC Chris MESSAGE Executing scheduled update: Daily 2012/04/18 11:29:55 -0500 HOME-PC Chris MESSAGE Scheduled update executed successfully: database updated from version v2012.04.17.04 to version v2012.04.18.05 2012/04/18 11:29:55 -0500 HOME-PC Chris MESSAGE Starting database refresh 2012/04/18 11:29:55 -0500 HOME-PC Chris MESSAGE Stopping IP protection 2012/04/18 11:33:40 -0500 HOME-PC Chris MESSAGE IP Protection stopped 2012/04/18 11:33:43 -0500 HOME-PC Chris MESSAGE Database refreshed successfully 2012/04/18 11:33:43 -0500 HOME-PC Chris MESSAGE Starting IP protection 2012/04/18 11:33:46 -0500 HOME-PC Chris MESSAGE IP Protection started successfully 2012/04/18 14:38:01 -0500 HOME-PC Chris MESSAGE Starting protection 2012/04/18 14:38:04 -0500 HOME-PC Chris MESSAGE Protection started successfully 2012/04/18 14:38:07 -0500 HOME-PC Chris MESSAGE Starting IP protection 2012/04/18 14:38:11 -0500 HOME-PC Chris MESSAGE IP Protection started successfully *************************************************************************************************************************** 2012/04/19 11:25:15 -0500 HOME-PC Chris MESSAGE Starting protection 2012/04/19 11:25:18 -0500 HOME-PC Chris MESSAGE Protection started successfully 2012/04/19 11:25:21 -0500 HOME-PC Chris MESSAGE Starting IP protection 2012/04/19 11:25:24 -0500 HOME-PC Chris MESSAGE IP Protection started successfully 2012/04/19 11:25:56 -0500 HOME-PC Chris MESSAGE Executing scheduled update: Daily 2012/04/19 11:26:04 -0500 HOME-PC Chris MESSAGE Starting database refresh 2012/04/19 11:26:04 -0500 HOME-PC Chris MESSAGE Scheduled update executed successfully: database updated from version v2012.04.18.05 to version v2012.04.19.02 2012/04/19 11:26:04 -0500 HOME-PC Chris MESSAGE Stopping IP protection 2012/04/19 11:29:24 -0500 HOME-PC Chris MESSAGE IP Protection stopped 2012/04/19 11:29:26 -0500 HOME-PC Chris MESSAGE Database refreshed successfully 2012/04/19 11:29:26 -0500 HOME-PC Chris MESSAGE Starting IP protection 2012/04/19 11:29:29 -0500 HOME-PC Chris MESSAGE IP Protection started successfully 2012/04/19 14:23:14 -0500 HOME-PC Chris MESSAGE Starting protection 2012/04/19 14:23:16 -0500 HOME-PC Chris MESSAGE Protection started successfully 2012/04/19 14:23:19 -0500 HOME-PC Chris MESSAGE Starting IP protection 2012/04/19 14:23:22 -0500 HOME-PC Chris MESSAGE IP Protection started successfully ******************************************************************************************************************************
  10. Hi Manic, Thank you for looking into this. I must first start to explain that I am in the interest of keeping my system clean and that I have had a couple of those pay companies work on my system throughout the years and I want to be able to do this on my own. I pretty good a this computer stuff, but I'm no expert. It seems as though all of the software to clean one's system lead to a call for explanation of it. One usually get an explanation that their system is infected, even after you pay them and their work is done. I clean once a month on schedule. I see that they use the Malwarebytes software and CClean too. Heck, I can do that! After looking at this forum it is clear that there are some areas that I need to come up to speed with. I think I've rid my system of most all of the bugs however, I'm not totally sure. Following your instructions, here is the scan I have completed today. ***************************************************************************************************************************************************88 Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.19.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Chris :: HOME-PC [administrator] Protection: Enabled 4/19/2012 11:39:32 AM mbam-log-2012-04-19 (11-39-32).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 339726 Time elapsed: 58 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ********************************************************************************** 2012/04/19 11:25:15 -0500 HOME-PC Chris MESSAGE Starting protection 2012/04/19 11:25:18 -0500 HOME-PC Chris MESSAGE Protection started successfully 2012/04/19 11:25:21 -0500 HOME-PC Chris MESSAGE Starting IP protection 2012/04/19 11:25:24 -0500 HOME-PC Chris MESSAGE IP Protection started successfully 2012/04/19 11:25:56 -0500 HOME-PC Chris MESSAGE Executing scheduled update: Daily 2012/04/19 11:26:04 -0500 HOME-PC Chris MESSAGE Starting database refresh 2012/04/19 11:26:04 -0500 HOME-PC Chris MESSAGE Scheduled update executed successfully: database updated from version v2012.04.18.05 to version v2012.04.19.02 2012/04/19 11:26:04 -0500 HOME-PC Chris MESSAGE Stopping IP protection 2012/04/19 11:29:24 -0500 HOME-PC Chris MESSAGE IP Protection stopped 2012/04/19 11:29:26 -0500 HOME-PC Chris MESSAGE Database refreshed successfully 2012/04/19 11:29:26 -0500 HOME-PC Chris MESSAGE Starting IP protection 2012/04/19 11:29:29 -0500 HOME-PC Chris MESSAGE IP Protection started successfully
  11. I need advice on cleaning my system. I have used the Malwarebytes software to clean as much as possible. I heard of using Hjackthis and before I go further I looked at a post and answer from LDTate with regards to another program called TDssKiller and found not many hits. My question is, how does one know what to remove from the list of objects? 15:43:27.0882 5584 \Device\Harddisk0\DR0\Partition1 - ok 15:43:27.0898 5584 ============================================================ 15:43:27.0898 5584 Scan finished 15:43:27.0898 5584 ============================================================ 15:43:27.0913 1512 Detected object count: 14 15:43:27.0913 1512 Actual detected object count: 14 15:45:39.0174 1512 BDSelfPr ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0174 1512 BDSelfPr ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0174 1512 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0174 1512 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0189 1512 iPodDrv ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0189 1512 iPodDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0189 1512 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0189 1512 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0189 1512 McciServiceHost ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0189 1512 McciServiceHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0189 1512 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0189 1512 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0189 1512 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0189 1512 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0205 1512 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0205 1512 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0205 1512 OneTouch 4.0 Monitor ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0205 1512 OneTouch 4.0 Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0205 1512 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0205 1512 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0205 1512 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0205 1512 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0221 1512 Profos ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0221 1512 Profos ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0221 1512 scan ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0221 1512 scan ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0221 1512 Trufos ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0221 1512 Trufos ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:48:56.0411 6080 Deinitialize success Thanks, Chris Attach.txt DDS.txt
  12. Thank you for pointing this out, newbie mistakes . . .
  13. I need advice on cleaning my system. I have used the Malwarebytes software to clean as much as possible. I heard of using Hjackthis and before I go further I looked at a post and answer from LDTate with regards to another program called TDssKiller and found not many hits. My question is, how does one know what to remove from the list of objects? 15:43:27.0882 5584 \Device\Harddisk0\DR0\Partition1 - ok 15:43:27.0898 5584 ============================================================ 15:43:27.0898 5584 Scan finished 15:43:27.0898 5584 ============================================================ 15:43:27.0913 1512 Detected object count: 14 15:43:27.0913 1512 Actual detected object count: 14 15:45:39.0174 1512 BDSelfPr ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0174 1512 BDSelfPr ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0174 1512 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0174 1512 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0189 1512 iPodDrv ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0189 1512 iPodDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0189 1512 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0189 1512 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0189 1512 McciServiceHost ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0189 1512 McciServiceHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0189 1512 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0189 1512 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0189 1512 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0189 1512 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0205 1512 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0205 1512 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0205 1512 OneTouch 4.0 Monitor ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0205 1512 OneTouch 4.0 Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0205 1512 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0205 1512 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0205 1512 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0205 1512 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0221 1512 Profos ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0221 1512 Profos ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0221 1512 scan ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0221 1512 scan ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:45:39.0221 1512 Trufos ( UnsignedFile.Multi.Generic ) - skipped by user 15:45:39.0221 1512 Trufos ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:48:56.0411 6080 Deinitialize success Thanks, Chris
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.