arnolfini

Honorary Members

View Profile See their activity

Posts
123
Joined
July 21, 2012
Last visited
November 18, 2020

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by arnolfini

start.sweetpacks discovered, "internet explorer has stopped working"

arnolfini replied to arnolfini's topic in Resolved Malware Removal Logs

Okay, here is the DDS log. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635Run by michael at 16:12:36 on 2013-07-16Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8099.5923 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\system32\AppleOSSMgr.exeC:\Windows\system32\AppleTimeSrv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Boot Camp\Bootcamp.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Microsoft Security Client\NisSrv.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\System32\MsSpellCheckingFacility.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exeBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLLBHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLLBHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dlluRun: [DDAssist] C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exemRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /smRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"uPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: EnableLUA = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: E&xport to Microsoft Excel - F:\Program Files\Office15\EXCEL.EXE/3000.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 74.5.116.246 205.244.194.36TCP: Interfaces\{6C597E49-36AA-468B-9845-0F7ABA0F6713} : DHCPNameServer = 74.5.116.246 205.244.194.36TCP: Interfaces\{715E5BE5-3EEB-4278-99F1-393E88159A34} : DHCPNameServer = 192.168.2.1TCP: Interfaces\{E93AB152-D10E-4871-9953-B6547FB6D62F} : DHCPNameServer = 74.5.116.246 205.244.194.36Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - F:\Program Files\Office15\OCHelper.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Program Files\Office15\URLREDIR.DLLx64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dllx64-Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - F:\Program Files\Office15\OCHelper.dllx64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Program Files\Office15\MSOSB.DLLx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 AppleHFS;AppleHFS;C:\Windows\System32\drivers\AppleHFS.sys [2012-11-27 72576]R0 AppleMNT;AppleMNT;C:\Windows\System32\drivers\AppleMNT.sys [2012-11-27 16256]R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-6-13 19224]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\System32\AppleOSSMgr.exe [2012-11-27 225704]R2 AppleTimeSrv;Apple Time Service;C:\Windows\System32\AppleTimeSrv.exe [2012-11-27 94120]R2 DDService;Drobo Dashboard Service;C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe [2013-5-10 1940816]R2 KeyAgent;KeyAgent;C:\Windows\System32\drivers\KeyAgent.sys [2012-11-27 17792]R2 MacHALDriver;Mac HAL;C:\Windows\System32\drivers\MacHALDriver.sys [2012-11-27 22912]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 139616]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-13 363800]R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\System32\drivers\AppleBtBc.sys [2013-6-13 19456]R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2013-6-13 70744]R3 CirrusFilter;CS420xLowerFilter;C:\Windows\System32\drivers\CS420x64.sys [2013-6-13 18432]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-6-13 331264]R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\System32\drivers\IRFilter.sys [2013-6-13 18432]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-6-13 356632]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-6-13 789272]R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\System32\drivers\KeyMagic.sys [2013-6-13 25600]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 AppleODD;Apple ODD;C:\Windows\System32\drivers\AppleODD.sys [2013-6-13 8704]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-14 19456]S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-6-14 29696]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-14 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-14 30208]S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-13 1255736].=============== Created Last 30 ================.2013-07-16 15:49:02 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51CD118E-90C7-455B-9162-7953A8D5D040}\mpengine.dll2013-07-16 15:34:51 -------- d-----w- C:\Windows\ERUNT2013-07-16 14:04:46 -------- d-----w- C:\Windows\System32\MRT2013-07-16 01:38:08 9460976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-07-10 14:59:51 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll2013-07-10 14:59:51 624128 ----a-w- C:\Windows\System32\qedit.dll2013-07-10 14:59:51 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll2013-07-10 14:59:51 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll2013-07-10 14:59:51 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2013-07-10 14:59:51 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll2013-07-10 14:59:51 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll2013-07-10 14:59:51 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll2013-07-10 14:59:51 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll2013-07-10 14:59:50 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-10 14:59:50 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-10 14:59:15 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-07-10 14:58:42 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-07-10 14:58:42 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-07-10 14:58:42 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll2013-07-10 14:58:42 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll2013-07-10 14:58:42 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll2013-07-10 14:58:33 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-07-10 14:58:33 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-06-25 01:42:35 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys2013-06-25 01:42:17 -------- d-----w- C:\Program Files\iTunes2013-06-25 01:42:17 -------- d-----w- C:\Program Files (x86)\iTunes2013-06-21 18:54:49 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F827F045-C985-48BB-8EAB-B6A431AED210}\gapaengine.dll2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys2013-06-18 15:43:21 -------- d-----w- C:\Program Files (x86)\Common Files\Simple Adblock2013-06-18 01:27:54 -------- d-----w- C:\Windows\PCHEALTH2013-06-18 01:25:11 -------- d-----w- C:\Users\michael\AppData\Local\Microsoft Help2013-06-18 01:22:34 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes2013-06-17 12:09:42 5086424 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe2013-06-17 12:09:42 4851904 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll2013-06-17 12:09:42 25405632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL2013-06-17 11:53:32 6807768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe2013-06-17 11:53:32 6584000 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Csi.dll2013-06-17 11:53:22 3626688 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL2013-06-17 11:53:22 35405504 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL10013-06-13 09:47:47 -------- d-----w- C:\Windows\Panther10013-06-13 09:47:35 -------- d-sh--w- C:\Boot.==================== Find3M ====================.2013-06-19 01:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys2013-06-15 17:39:54 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-15 17:39:54 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-05-19 10:54:27 97176 ----a-w- C:\Windows\SysWow64\ElbyCDIO.dll2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll2013-04-25 01:37:57 129944 ----a-w- C:\Windows\SysWow64\ElbyVCD.dll.============= FINISH: 16:12:45.50 ===============
- July 16, 2013
- 14 replies
start.sweetpacks discovered, "internet explorer has stopped working"

arnolfini replied to arnolfini's topic in Resolved Malware Removal Logs

Mr. Charlie, After doing those settings changes in chrome, I was able to clear out a bunch of offending things. Thank you for those suggestions. It seems to be running better now. Do the logs look clear? Thanks again.
- July 16, 2013
- 14 replies
start.sweetpacks discovered, "internet explorer has stopped working"

arnolfini replied to arnolfini's topic in Resolved Malware Removal Logs

Mr. Charlie, I was able to uninstall those 6 items you listed. Also, I ran the 2 tools you suggested with the following resulting logs. Thank you kindly. Internet explorer behavior seems to be getting back to normal now, but chrome is still showing sweetpacks. # AdwCleaner v2.305 - Logfile created 07/16/2013 at 11:32:46# Updated 11/07/2013 by Xplode# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)# User : michael - MICHAEL-PC# Boot Mode : Normal# Running from : C:\Users\michael\Desktop\adwcleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\OAppsFolder Deleted : C:\Program Files (x86)\SweetIMFolder Deleted : C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcjFolder Deleted : C:\Users\michael\AppData\LocalLow\SweetIMFolder Deleted : C:\Windows\SysWOW64\jmdpFolder Deleted : C:\Windows\SysWOW64\WNLT ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\CrossriderKey Deleted : HKCU\Software\IMKey Deleted : HKCU\Software\ImInstallerKey Deleted : HKCU\Software\InstalledBrowserExtensionsKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311201102}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.comKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.comKey Deleted : HKCU\Software\WNLTKey Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032002.BHOKey Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032002.BHO.1Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032002.SandboxKey Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032002.Sandbox.1Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbarKey Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhookKey Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetieKey Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344204402}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311201102}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311201102}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322202202}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550355205502}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660366206602}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311201102}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 -\\ Google Chrome v28.0.1500.72 File : C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.31] : keyword = "start.sweetim.com", ************************* AdwCleaner[R1].txt - [7357 octets] - [16/07/2013 11:31:40]AdwCleaner[s1].txt - [6734 octets] - [16/07/2013 11:32:46] ########## EOF - C:\AdwCleaner[s1].txt - [6794 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.1.1 (07.15.2013:2)OS: Windows 7 Ultimate x64Ran by michael on Tue 07/16/2013 at 11:34:52.15~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{430E97EC-2478-439C-902E-88F804462631}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A} ~~~ Files Successfully deleted: [File] C:\eula.1028.txtSuccessfully deleted: [File] C:\eula.1031.txtSuccessfully deleted: [File] C:\eula.1033.txtSuccessfully deleted: [File] C:\eula.1036.txtSuccessfully deleted: [File] C:\eula.1040.txtSuccessfully deleted: [File] C:\eula.1041.txtSuccessfully deleted: [File] C:\eula.1042.txtSuccessfully deleted: [File] C:\eula.2052.txtSuccessfully deleted: [File] C:\install.res.1028.dllSuccessfully deleted: [File] C:\install.res.1031.dllSuccessfully deleted: [File] C:\install.res.1033.dllSuccessfully deleted: [File] C:\install.res.1036.dllSuccessfully deleted: [File] C:\install.res.1040.dllSuccessfully deleted: [File] C:\install.res.1041.dllSuccessfully deleted: [File] C:\install.res.1042.dllSuccessfully deleted: [File] C:\install.res.2052.dllSuccessfully deleted: [File] C:\install.res.3082.dll ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 07/16/2013 at 11:37:54.99End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- July 16, 2013
- 14 replies
start.sweetpacks discovered, "internet explorer has stopped working"

arnolfini replied to arnolfini's topic in Resolved Malware Removal Logs

Hi Mr. Charlie, Thank you for your assistance as always. Here is the report from RogueKiller: RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzymail : tigzyRK<at>gmail<dot>comBlog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : michael [Admin rights]Mode : Scan -- Date : 07/16/2013 11:11:14| ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤[sERVICE] IBUpdaterService -- C:\Windows\System32\dmwu.exe [x] -> ERROR [1052] ¤¤¤ Registry Entries : 9 ¤¤¤[sERVICE][bLVALUE] HKLM\[...]\CCSet\[...]\Services : IBUpdaterService (C:\Windows\System32\dmwu.exe [7]) -> FOUND[sERVICE][bLVALUE] HKLM\[...]\CS001\[...]\Services : IBUpdaterService (C:\Windows\System32\dmwu.exe [7]) -> FOUND[sERVICE][bLVALUE] HKLM\[...]\CS002\[...]\Services : IBUpdaterService (C:\Windows\System32\dmwu.exe [7]) -> FOUND[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 4 ¤¤¤[V1][sUSP PATH] TopArcadeHits.job : C:\Users\michael\AppData\Local\TopArcadeHits\updater.exe [7] -> FOUND[V2][sUSP PATH] TopArcadeHits : C:\Users\michael\AppData\Local\TopArcadeHits\updater.exe [7] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: APPLE HDD HTS545050A7E362 ATA Device +++++--- User ---[MBR] 2e9691577009e29e2c4960c7d1dfc909[bSP] 075db5cca3c5ca733dd7f99b9348d566 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 200 Mo1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 409640 | Size: 238306 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 488724480 | Size: 238305 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: APPLE HDD HTS545050A7E362 ATA Device +++++--- User ---[MBR] 17328602810dda028440c352bab57619[bSP] 24abca7aa417765d836b613bc94f4ed8 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 200 Mo1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 409640 | Size: 56433 Mo2 - [XXXXXX] MACOSX-BT (0xab) [VISIBLE] Offset (sectors): 115984568 | Size: 619 Mo3 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 117254144 | Size: 57220 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_07162013_111114.txt >>
- July 16, 2013
- 14 replies
start.sweetpacks discovered, "internet explorer has stopped working"

arnolfini posted a topic in Resolved Malware Removal Logs

Hello, My father's computer has been acting strange in regards to internet explorer and chrome. Upon opening internet explorer, I am prompted that internet explorer has stopped working and my only choice is to close the program. Upon opening Chrome, strangely, the internet explorer start tabs (he has 6 favorite tabs that open) open. Chrome is not set to have any favorite sites open. Also, another tab opens; start.sweetpacks.com. I ran Malwarebytes anti malware and it did find something, which I did not remove: PUP.InstallBrain registry key. Any insights you have would be of great help. Thank you. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635Run by michael at 10:07:12 on 2013-07-16Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8099.5382 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\system32\AppleOSSMgr.exeC:\Windows\system32\AppleTimeSrv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exeC:\Windows\system32\dmwu.exeC:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Boot Camp\Bootcamp.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\SysWOW64\jmdp\stij.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeF:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\system32\wuauclt.exeC:\Windows\system32\vssvc.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\wuauclt.exeC:\Windows\SoftwareDistribution\Download\Install\MSEInstall.exef:\86dd10c0645814a9b74bf0b0a80d72\epplauncher.exef:\86dd10c0645814a9b74bf0b0a80d72\amd64\Setup.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp:/google.com/mWinlogon: Userinit = userinit.exeBHO: Plus-HD-1.6: {11111111-1111-1111-1111-110311201102} - C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dllBHO: SelectionLinks: {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} - C:\Program Files (x86)\OApps\SelectionLinks.dllBHO: LessTabs: {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dllBHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dllBHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\michael\AppData\Local\TopArcadeHits\Toparcadehits.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLLBHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLLBHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dllBHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dllTB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dllTB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dlluRun: [DDAssist] C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exemRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /smRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"uPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: EnableLUA = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: E&xport to Microsoft Excel - F:\Program Files\Office15\EXCEL.EXE/3000.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 74.5.116.246 205.244.194.36TCP: Interfaces\{6C597E49-36AA-468B-9845-0F7ABA0F6713} : DHCPNameServer = 74.5.116.246 205.244.194.36TCP: Interfaces\{715E5BE5-3EEB-4278-99F1-393E88159A34} : DHCPNameServer = 192.168.2.1TCP: Interfaces\{E93AB152-D10E-4871-9953-B6547FB6D62F} : DHCPNameServer = 74.5.116.246 205.244.194.36Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - F:\Program Files\Office15\OCHelper.dllx64-BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Program Files\Office15\URLREDIR.DLLx64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dllx64-Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - F:\Program Files\Office15\OCHelper.dllx64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Program Files\Office15\MSOSB.DLLx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 AppleHFS;AppleHFS;C:\Windows\System32\drivers\AppleHFS.sys [2012-11-27 72576]R0 AppleMNT;AppleMNT;C:\Windows\System32\drivers\AppleMNT.sys [2012-11-27 16256]R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-6-13 19224]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\System32\AppleOSSMgr.exe [2012-11-27 225704]R2 AppleTimeSrv;Apple Time Service;C:\Windows\System32\AppleTimeSrv.exe [2012-11-27 94120]R2 DDService;Drobo Dashboard Service;C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe [2013-5-10 1940816]R2 IBUpdaterService;IBUpdaterService;C:\Windows\System32\dmwu.exe [2013-7-15 1645360]R2 KeyAgent;KeyAgent;C:\Windows\System32\drivers\KeyAgent.sys [2012-11-27 17792]R2 MacHALDriver;Mac HAL;C:\Windows\System32\drivers\MacHALDriver.sys [2012-11-27 22912]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-13 363800]R2 Updater By SweetPacks;Updater By SweetPacks;C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [2013-7-15 188760]R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\System32\drivers\AppleBtBc.sys [2013-6-13 19456]R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2013-6-13 70744]R3 CirrusFilter;CS420xLowerFilter;C:\Windows\System32\drivers\CS420x64.sys [2013-6-13 18432]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-6-13 331264]R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\System32\drivers\IRFilter.sys [2013-6-13 18432]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-6-13 356632]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-6-13 789272]R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\System32\drivers\KeyMagic.sys [2013-6-13 25600]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 AppleODD;Apple ODD;C:\Windows\System32\drivers\AppleODD.sys [2013-6-13 8704]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-14 19456]S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-6-14 29696]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-14 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-14 30208]S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-13 1255736].=============== Created Last 30 ================.2013-07-16 14:04:46 -------- d-----w- C:\Windows\System32\MRT2013-07-16 01:38:08 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F8F3AD9-5BA3-430E-8198-73F92DFF5F82}\mpengine.dll2013-07-15 20:34:58 -------- d-----w- C:\Program Files\Updater By SweetPacks2013-07-15 20:34:48 -------- d-----w- C:\Program Files (x86)\SweetIM2013-07-15 20:34:33 -------- d-----w- C:\Windows\SysWow64\jmdp2013-07-15 20:34:30 -------- d-----w- C:\Windows\SysWow64\ARFC2013-07-15 20:34:29 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll2013-07-15 20:34:29 1645360 ----a-w- C:\Windows\System32\dmwu.exe2013-07-15 20:34:28 -------- d-----w- C:\Windows\SysWow64\WNLT2013-07-15 20:33:35 -------- d-----w- C:\Program Files (x86)\Plus-HD-1.62013-07-15 20:32:56 -------- d-----w- C:\Users\michael\AppData\Local\TopArcadeHits2013-07-15 20:32:56 -------- d-----w- C:\Program Files (x86)\LessTabs2013-07-15 20:32:47 -------- d-----w- C:\Program Files (x86)\OApps2013-07-14 18:53:57 9552976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-07-10 14:59:51 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll2013-07-10 14:59:51 624128 ----a-w- C:\Windows\System32\qedit.dll2013-07-10 14:59:51 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll2013-07-10 14:59:51 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll2013-07-10 14:59:51 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2013-07-10 14:59:51 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll2013-07-10 14:59:51 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll2013-07-10 14:59:51 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll2013-07-10 14:59:51 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll2013-07-10 14:59:50 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-10 14:59:50 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-10 14:59:15 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-07-10 14:58:42 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-07-10 14:58:42 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-07-10 14:58:42 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll2013-07-10 14:58:42 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll2013-07-10 14:58:42 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll2013-07-10 14:58:33 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-07-10 14:58:33 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-06-25 01:42:35 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys2013-06-25 01:42:17 -------- d-----w- C:\Program Files\iTunes2013-06-25 01:42:17 -------- d-----w- C:\Program Files (x86)\iTunes2013-06-21 18:54:49 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F827F045-C985-48BB-8EAB-B6A431AED210}\gapaengine.dll2013-06-18 15:43:21 -------- d-----w- C:\Program Files (x86)\Common Files\Simple Adblock2013-06-18 01:27:54 -------- d-----w- C:\Windows\PCHEALTH2013-06-18 01:25:11 -------- d-----w- C:\Users\michael\AppData\Local\Microsoft Help2013-06-18 01:22:34 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes2013-06-17 12:09:42 5086424 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe2013-06-17 12:09:42 4851904 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll2013-06-17 12:09:42 25405632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL2013-06-17 11:53:32 6807768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe2013-06-17 11:53:32 6584000 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Csi.dll2013-06-17 11:53:22 3626688 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL2013-06-17 11:53:22 35405504 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL10013-06-13 09:47:47 -------- d-----w- C:\Windows\Panther10013-06-13 09:47:35 -------- d-sh--w- C:\Boot.==================== Find3M ====================.2013-06-15 17:39:54 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-15 17:39:54 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-05-19 10:54:27 97176 ----a-w- C:\Windows\SysWow64\ElbyCDIO.dll2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll2013-04-25 01:37:57 129944 ----a-w- C:\Windows\SysWow64\ElbyVCD.dll.============= FINISH: 10:07:20.49 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume7Install Date: 6/1/1980 1:52:18 AMSystem Uptime: 7/16/2013 9:48:17 AM (1 hours ago).Motherboard: Apple Inc. | | Mac-031AEE4D24BFF0B1Processor: Intel® Core i5-3210M CPU @ 2.50GHz | U2E1 | 2501/25mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 56 GiB total, 35.23 GiB free.D: is FIXED (HFS) - 233 GiB total, 105.682 GiB free.E: is FIXED (HFS) - 55 GiB total, 18.855 GiB free.F: is FIXED (NTFS) - 233 GiB total, 114.072 GiB free.G: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP46: 7/14/2013 2:53:50 PM - Windows UpdateRP47: 7/14/2013 10:56:25 PM - Windows UpdateRP48: 7/16/2013 10:04:38 AM - Windows Update.==== Installed Programs ======================.Adobe Flash Player 11 ActiveXAdobe Reader XI (11.0.03)Apple Application SupportApple Mobile Device SupportApple Software UpdateBonjourBoot Camp ServicesDefinition Update for Microsoft Office 2013 (KB2760587) 64-Bit EditionDrobo DashboardGoogle ChromeGoogle Update HelperIntel® Management Engine ComponentsIntel® OpenCL CPU RuntimeIntel® Processor GraphicsIntel® USB 3.0 eXtensible Host Controller DriverInternet Explorer Toolbar 4.9 by SweetPacksiTunesLessTabsMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft Access MUI (English) 2013Microsoft Access Setup Metadata MUI (English) 2013Microsoft DCF MUI (English) 2013Microsoft Excel MUI (English) 2013Microsoft Groove MUI (English) 2013Microsoft InfoPath MUI (English) 2013Microsoft Lync MUI (English) 2013Microsoft Office 32-bit Components 2013Microsoft Office OSM MUI (English) 2013Microsoft Office OSM UX MUI (English) 2013Microsoft Office Professional Plus 2013Microsoft Office Proofing (English) 2013Microsoft Office Proofing Tools 2013 - EnglishMicrosoft Office Proofing Tools 2013 - EspañolMicrosoft Office Shared 32-bit MUI (English) 2013Microsoft Office Shared MUI (English) 2013Microsoft Office Shared Setup Metadata MUI (English) 2013Microsoft OneNote MUI (English) 2013Microsoft Outlook MUI (English) 2013Microsoft PowerPoint MUI (English) 2013Microsoft Publisher MUI (English) 2013Microsoft Security ClientMicrosoft Security EssentialsMicrosoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft Word MUI (English) 2013Outils de vérification linguistique 2013 de Microsoft Office - FrançaisPlus-HD-1.6QuickTimeSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft Lync 2013 (KB2817465) 64-Bit EditionSecurity Update for Microsoft Office 2013 (KB2817491) 64-Bit EditionSelectionLinksSimple AdblockSweetPacks Updater ServiceTopArcadeHitsUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft Access 2013 (KB2760350) 64-Bit EditionUpdate for Microsoft Excel 2013 (KB2760339) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2726954) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2726996) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2737954) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752025) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752094) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752101) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760224) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760538) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760610) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2767845) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2767851) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2767860) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2768016) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2810010) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817320) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817482) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817489) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817492) 64-Bit EditionUpdate for Microsoft OneNote 2013 (KB2817467) 64-Bit EditionUpdate for Microsoft Outlook 2013 (KB2817468) 64-Bit EditionUpdate for Microsoft PowerPoint 2013 (KB2726947) 64-Bit EditionUpdate for Microsoft PowerPoint 2013 (KB2810006) 64-Bit EditionUpdate for Microsoft SkyDrive Pro (KB2817469) 64-Bit EditionUpdate for Microsoft Visio 2013 (KB2810008) 64-Bit EditionUpdate for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit EditionUpdate for Microsoft Word 2013 (KB2767863) 64-Bit EditionUpdate for Microsoft Word 2013 (KB2810086) 64-Bit EditionUpdater By SweetPacks 2.0.0.586VirtualCloneDriveWindows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10)Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5)Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (05/09/2012 4.0.8.0)Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)Windows Driver Package - Apple Inc. Apple Keyboard (02/28/2012 4.1.0.0)Windows Driver Package - Apple Inc. Apple Multitouch (01/27/2012 4.0.2.0)Windows Driver Package - Apple Inc. Apple Multitouch Mouse (01/27/2012 4.0.2.0)Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)Windows Driver Package - Apple Inc. Apple System Device (03/02/2012 4.0.2.0)Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)Windows Driver Package - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0)Windows Driver Package - Broadcom (b57nd60a) Net (09/04/2012 15.4.0.17)Windows Driver Package - Broadcom (B57ports) Net (06/16/2009 1.0.0.1)Windows Driver Package - Broadcom (BCM43XX) Net (11/13/2012 5.106.199.1)Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost (08/14/2012 1.0.0.243)Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (11/09/2012 6.6001.1.38)Windows Driver Package - Intel (e1express) Net (03/26/2010 9.13.41.0)Windows Driver Package - Intel (e1kexpress) Net (04/12/2010 11.6.92.0)Windows Driver Package - Intel (e1qexpress) Net (12/04/2009 11.4.7.0)Windows Driver Package - Intel (e1rexpress) Net (01/07/2010 11.4.16.0)Windows Driver Package - Intel (e1yexpress) Net (04/07/2010 10.1.9.0)Windows Driver Package - Intel System (07/20/2007 1.2.76.0)Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA (07/03/2012 1.3.18.0).==== Event Viewer Messages From Past Week ========.7/9/2013 9:02:13 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@010100047/11/2013 8:14:59 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.7/11/2013 10:18:37 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.7/11/2013 10:18:37 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed..==== End Of File ===========================
- July 16, 2013
- 14 replies
start.sweetpacks discovered, "internet explorer has stopped working"

arnolfini posted a topic in Resolved Malware Removal Logs

Hello, My father's computer has been acting strange in regards to internet explorer and chrome. Upon opening internet explorer, I am prompted that internet explorer has stopped working and my only choice is to close the program. Upon opening Chrome, strangely, the internet explorer start tabs (he has 6 favorite tabs that open) open. Chrome is not set to have any favorite sites open. Also, another tab opens; start.sweetpacks.com. I ran Malwarebytes anti malware and it did find something, which I did not remove: PUP.InstallBrain registry key. Any insights you have would be of great help. Thank you. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635Run by michael at 10:07:12 on 2013-07-16Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8099.5382 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\system32\AppleOSSMgr.exeC:\Windows\system32\AppleTimeSrv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exeC:\Windows\system32\dmwu.exeC:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Boot Camp\Bootcamp.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\SysWOW64\jmdp\stij.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeF:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\system32\wuauclt.exeC:\Windows\system32\vssvc.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\wuauclt.exeC:\Windows\SoftwareDistribution\Download\Install\MSEInstall.exef:\86dd10c0645814a9b74bf0b0a80d72\epplauncher.exef:\86dd10c0645814a9b74bf0b0a80d72\amd64\Setup.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp:/google.com/mWinlogon: Userinit = userinit.exeBHO: Plus-HD-1.6: {11111111-1111-1111-1111-110311201102} - C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dllBHO: SelectionLinks: {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} - C:\Program Files (x86)\OApps\SelectionLinks.dllBHO: LessTabs: {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dllBHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dllBHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\michael\AppData\Local\TopArcadeHits\Toparcadehits.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLLBHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLLBHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dllBHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dllTB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dllTB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dlluRun: [DDAssist] C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exemRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /smRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"uPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: EnableLUA = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: E&xport to Microsoft Excel - F:\Program Files\Office15\EXCEL.EXE/3000.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 74.5.116.246 205.244.194.36TCP: Interfaces\{6C597E49-36AA-468B-9845-0F7ABA0F6713} : DHCPNameServer = 74.5.116.246 205.244.194.36TCP: Interfaces\{715E5BE5-3EEB-4278-99F1-393E88159A34} : DHCPNameServer = 192.168.2.1TCP: Interfaces\{E93AB152-D10E-4871-9953-B6547FB6D62F} : DHCPNameServer = 74.5.116.246 205.244.194.36Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - F:\Program Files\Office15\OCHelper.dllx64-BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Program Files\Office15\URLREDIR.DLLx64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dllx64-Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - F:\Program Files\Office15\OCHelper.dllx64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Program Files\Office15\MSOSB.DLLx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 AppleHFS;AppleHFS;C:\Windows\System32\drivers\AppleHFS.sys [2012-11-27 72576]R0 AppleMNT;AppleMNT;C:\Windows\System32\drivers\AppleMNT.sys [2012-11-27 16256]R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-6-13 19224]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\System32\AppleOSSMgr.exe [2012-11-27 225704]R2 AppleTimeSrv;Apple Time Service;C:\Windows\System32\AppleTimeSrv.exe [2012-11-27 94120]R2 DDService;Drobo Dashboard Service;C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe [2013-5-10 1940816]R2 IBUpdaterService;IBUpdaterService;C:\Windows\System32\dmwu.exe [2013-7-15 1645360]R2 KeyAgent;KeyAgent;C:\Windows\System32\drivers\KeyAgent.sys [2012-11-27 17792]R2 MacHALDriver;Mac HAL;C:\Windows\System32\drivers\MacHALDriver.sys [2012-11-27 22912]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-13 363800]R2 Updater By SweetPacks;Updater By SweetPacks;C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [2013-7-15 188760]R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\System32\drivers\AppleBtBc.sys [2013-6-13 19456]R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2013-6-13 70744]R3 CirrusFilter;CS420xLowerFilter;C:\Windows\System32\drivers\CS420x64.sys [2013-6-13 18432]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-6-13 331264]R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\System32\drivers\IRFilter.sys [2013-6-13 18432]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-6-13 356632]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-6-13 789272]R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\System32\drivers\KeyMagic.sys [2013-6-13 25600]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 AppleODD;Apple ODD;C:\Windows\System32\drivers\AppleODD.sys [2013-6-13 8704]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-14 19456]S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-6-14 29696]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-14 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-14 30208]S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-13 1255736].=============== Created Last 30 ================.2013-07-16 14:04:46 -------- d-----w- C:\Windows\System32\MRT2013-07-16 01:38:08 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F8F3AD9-5BA3-430E-8198-73F92DFF5F82}\mpengine.dll2013-07-15 20:34:58 -------- d-----w- C:\Program Files\Updater By SweetPacks2013-07-15 20:34:48 -------- d-----w- C:\Program Files (x86)\SweetIM2013-07-15 20:34:33 -------- d-----w- C:\Windows\SysWow64\jmdp2013-07-15 20:34:30 -------- d-----w- C:\Windows\SysWow64\ARFC2013-07-15 20:34:29 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll2013-07-15 20:34:29 1645360 ----a-w- C:\Windows\System32\dmwu.exe2013-07-15 20:34:28 -------- d-----w- C:\Windows\SysWow64\WNLT2013-07-15 20:33:35 -------- d-----w- C:\Program Files (x86)\Plus-HD-1.62013-07-15 20:32:56 -------- d-----w- C:\Users\michael\AppData\Local\TopArcadeHits2013-07-15 20:32:56 -------- d-----w- C:\Program Files (x86)\LessTabs2013-07-15 20:32:47 -------- d-----w- C:\Program Files (x86)\OApps2013-07-14 18:53:57 9552976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-07-10 14:59:51 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll2013-07-10 14:59:51 624128 ----a-w- C:\Windows\System32\qedit.dll2013-07-10 14:59:51 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll2013-07-10 14:59:51 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll2013-07-10 14:59:51 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2013-07-10 14:59:51 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll2013-07-10 14:59:51 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll2013-07-10 14:59:51 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll2013-07-10 14:59:51 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll2013-07-10 14:59:50 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-10 14:59:50 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-10 14:59:15 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-07-10 14:58:42 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-07-10 14:58:42 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-07-10 14:58:42 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll2013-07-10 14:58:42 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll2013-07-10 14:58:42 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll2013-07-10 14:58:33 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-07-10 14:58:33 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-06-25 01:42:35 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys2013-06-25 01:42:17 -------- d-----w- C:\Program Files\iTunes2013-06-25 01:42:17 -------- d-----w- C:\Program Files (x86)\iTunes2013-06-21 18:54:49 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F827F045-C985-48BB-8EAB-B6A431AED210}\gapaengine.dll2013-06-18 15:43:21 -------- d-----w- C:\Program Files (x86)\Common Files\Simple Adblock2013-06-18 01:27:54 -------- d-----w- C:\Windows\PCHEALTH2013-06-18 01:25:11 -------- d-----w- C:\Users\michael\AppData\Local\Microsoft Help2013-06-18 01:22:34 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes2013-06-17 12:09:42 5086424 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe2013-06-17 12:09:42 4851904 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll2013-06-17 12:09:42 25405632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL2013-06-17 11:53:32 6807768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe2013-06-17 11:53:32 6584000 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Csi.dll2013-06-17 11:53:22 3626688 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL2013-06-17 11:53:22 35405504 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL10013-06-13 09:47:47 -------- d-----w- C:\Windows\Panther10013-06-13 09:47:35 -------- d-sh--w- C:\Boot.==================== Find3M ====================.2013-06-15 17:39:54 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-15 17:39:54 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-05-19 10:54:27 97176 ----a-w- C:\Windows\SysWow64\ElbyCDIO.dll2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll2013-04-25 01:37:57 129944 ----a-w- C:\Windows\SysWow64\ElbyVCD.dll.============= FINISH: 10:07:20.49 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume7Install Date: 6/1/1980 1:52:18 AMSystem Uptime: 7/16/2013 9:48:17 AM (1 hours ago).Motherboard: Apple Inc. | | Mac-031AEE4D24BFF0B1Processor: Intel® Core i5-3210M CPU @ 2.50GHz | U2E1 | 2501/25mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 56 GiB total, 35.23 GiB free.D: is FIXED (HFS) - 233 GiB total, 105.682 GiB free.E: is FIXED (HFS) - 55 GiB total, 18.855 GiB free.F: is FIXED (NTFS) - 233 GiB total, 114.072 GiB free.G: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP46: 7/14/2013 2:53:50 PM - Windows UpdateRP47: 7/14/2013 10:56:25 PM - Windows UpdateRP48: 7/16/2013 10:04:38 AM - Windows Update.==== Installed Programs ======================.Adobe Flash Player 11 ActiveXAdobe Reader XI (11.0.03)Apple Application SupportApple Mobile Device SupportApple Software UpdateBonjourBoot Camp ServicesDefinition Update for Microsoft Office 2013 (KB2760587) 64-Bit EditionDrobo DashboardGoogle ChromeGoogle Update HelperIntel® Management Engine ComponentsIntel® OpenCL CPU RuntimeIntel® Processor GraphicsIntel® USB 3.0 eXtensible Host Controller DriverInternet Explorer Toolbar 4.9 by SweetPacksiTunesLessTabsMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft Access MUI (English) 2013Microsoft Access Setup Metadata MUI (English) 2013Microsoft DCF MUI (English) 2013Microsoft Excel MUI (English) 2013Microsoft Groove MUI (English) 2013Microsoft InfoPath MUI (English) 2013Microsoft Lync MUI (English) 2013Microsoft Office 32-bit Components 2013Microsoft Office OSM MUI (English) 2013Microsoft Office OSM UX MUI (English) 2013Microsoft Office Professional Plus 2013Microsoft Office Proofing (English) 2013Microsoft Office Proofing Tools 2013 - EnglishMicrosoft Office Proofing Tools 2013 - EspañolMicrosoft Office Shared 32-bit MUI (English) 2013Microsoft Office Shared MUI (English) 2013Microsoft Office Shared Setup Metadata MUI (English) 2013Microsoft OneNote MUI (English) 2013Microsoft Outlook MUI (English) 2013Microsoft PowerPoint MUI (English) 2013Microsoft Publisher MUI (English) 2013Microsoft Security ClientMicrosoft Security EssentialsMicrosoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft Word MUI (English) 2013Outils de vérification linguistique 2013 de Microsoft Office - FrançaisPlus-HD-1.6QuickTimeSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft Lync 2013 (KB2817465) 64-Bit EditionSecurity Update for Microsoft Office 2013 (KB2817491) 64-Bit EditionSelectionLinksSimple AdblockSweetPacks Updater ServiceTopArcadeHitsUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft Access 2013 (KB2760350) 64-Bit EditionUpdate for Microsoft Excel 2013 (KB2760339) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2726954) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2726996) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2737954) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752025) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752094) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752101) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760224) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760538) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760610) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2767845) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2767851) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2767860) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2768016) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2810010) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817320) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817482) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817489) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817492) 64-Bit EditionUpdate for Microsoft OneNote 2013 (KB2817467) 64-Bit EditionUpdate for Microsoft Outlook 2013 (KB2817468) 64-Bit EditionUpdate for Microsoft PowerPoint 2013 (KB2726947) 64-Bit EditionUpdate for Microsoft PowerPoint 2013 (KB2810006) 64-Bit EditionUpdate for Microsoft SkyDrive Pro (KB2817469) 64-Bit EditionUpdate for Microsoft Visio 2013 (KB2810008) 64-Bit EditionUpdate for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit EditionUpdate for Microsoft Word 2013 (KB2767863) 64-Bit EditionUpdate for Microsoft Word 2013 (KB2810086) 64-Bit EditionUpdater By SweetPacks 2.0.0.586VirtualCloneDriveWindows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10)Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5)Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (05/09/2012 4.0.8.0)Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)Windows Driver Package - Apple Inc. Apple Keyboard (02/28/2012 4.1.0.0)Windows Driver Package - Apple Inc. Apple Multitouch (01/27/2012 4.0.2.0)Windows Driver Package - Apple Inc. Apple Multitouch Mouse (01/27/2012 4.0.2.0)Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)Windows Driver Package - Apple Inc. Apple System Device (03/02/2012 4.0.2.0)Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)Windows Driver Package - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0)Windows Driver Package - Broadcom (b57nd60a) Net (09/04/2012 15.4.0.17)Windows Driver Package - Broadcom (B57ports) Net (06/16/2009 1.0.0.1)Windows Driver Package - Broadcom (BCM43XX) Net (11/13/2012 5.106.199.1)Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost (08/14/2012 1.0.0.243)Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (11/09/2012 6.6001.1.38)Windows Driver Package - Intel (e1express) Net (03/26/2010 9.13.41.0)Windows Driver Package - Intel (e1kexpress) Net (04/12/2010 11.6.92.0)Windows Driver Package - Intel (e1qexpress) Net (12/04/2009 11.4.7.0)Windows Driver Package - Intel (e1rexpress) Net (01/07/2010 11.4.16.0)Windows Driver Package - Intel (e1yexpress) Net (04/07/2010 10.1.9.0)Windows Driver Package - Intel System (07/20/2007 1.2.76.0)Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA (07/03/2012 1.3.18.0).==== Event Viewer Messages From Past Week ========.7/9/2013 9:02:13 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@010100047/11/2013 8:14:59 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.7/11/2013 10:18:37 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.7/11/2013 10:18:37 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed..==== End Of File ===========================
- July 16, 2013
- 1 reply
search protect/conduit discovered on machine

arnolfini replied to arnolfini's topic in Malwarebytes for Windows Support Forum

Feel free to close this thread as Mr. Charlie has helped resolve the issues. Thank you!
- June 25, 2013
- 7 replies
search protect/ conduit discovered on machine

arnolfini replied to arnolfini's topic in Resolved Malware Removal Logs

Excellent work; thank you!
- June 24, 2013
- 13 replies
search protect/ conduit discovered on machine

arnolfini replied to arnolfini's topic in Resolved Malware Removal Logs

Okay, great; thank you
- June 23, 2013
- 13 replies
search protect/ conduit discovered on machine

arnolfini replied to arnolfini's topic in Resolved Malware Removal Logs

There are still a bunch of toolbars in i.e. I would like to remove. Bing, google, ect. Everything else seems to be running better. Also, is this normal in i.e. when typing "ebay" in the address bar? search?q=ebay&pc=conduit&ptag=A81D319E6C5F14C90AAF&form=CONBDF&conlogo=CT3210127&ShowAppsUI=1
- June 23, 2013
- 13 replies
search protect/ conduit discovered on machine

arnolfini replied to arnolfini's topic in Resolved Malware Removal Logs

Thank you Mr. Charlie. I uninstalled PCHealthboost and ran RogueKiller. Here is the log: RogueKiller V8.6.1 [Jun 19 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits versionStarted in : Normal modeUser : esther [Admin rights]Mode : Scan -- Date : 06/23/2013 15:35:33| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤[V2][sUSP PATH] RunAsStdUser Task : "C:\Users\esther\AppData\Local\shamrockspringSA\bin\1.0.18.0\ShamrockSpringSA.exe" [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤-> D:\windows\system32\config\SYSTEM x:\Windows\system32 -> D:\windows\system32\config\SOFTWARE x:\Windows\system32 -> D:\windows\system32\config\SECURITY x:\Windows\system32 -> D:\windows\system32\config\SAM x:\Windows\system32 -> D:\windows\system32\config\DEFAULT x:\Windows\system32 -> D:\Users\Default\NTUSER.DAT x:\Windows\system32 ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200AAKS-75VYA0 ATA Device +++++--- User ---[MBR] b5e711562ed058ec71f734d135ea303b[bSP] 597689f9fd584ba824a36be87199a262 : Windows Vista MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 294956 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_06232013_153533.txt >>
- June 23, 2013
- 13 replies
search protect/ conduit discovered on machine

arnolfini replied to arnolfini's topic in Resolved Malware Removal Logs

Okay, here is the log from adwcleaner. There are some annoying things popping up when I first start the machine about java auto update, PC healthboost, and backing up the computer. They don't look legitimate. Thanks again. # AdwCleaner v2.303 - Logfile created 06/23/2013 at 14:23:49# Updated 08/06/2013 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)# User : esther - HOME-PC# Boot Mode : Normal# Running from : C:\Users\esther\Desktop\adwcleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files\AVG Secure SearchFolder Deleted : C:\Program Files\BasicScanFolder Deleted : C:\Program Files\Common Files\AVG Secure SearchFolder Deleted : C:\Program Files\ConduitFolder Deleted : C:\Program Files\CouponXplorer_5zFolder Deleted : C:\Program Files\FunWebProductsFolder Deleted : C:\Program Files\MyWebSearchFolder Deleted : C:\Program Files\Produtools_Manuals_2.1_B2Folder Deleted : C:\Program Files\TelevisionFanaticFolder Deleted : C:\ProgramData\AVG Secure SearchFolder Deleted : C:\ProgramData\SpeedMaxPcFolder Deleted : C:\ProgramData\TrymediaFolder Deleted : C:\Users\esther\AppData\Local\AVG Secure SearchFolder Deleted : C:\Users\esther\AppData\Local\ConduitFolder Deleted : C:\Users\esther\AppData\Local\Temp\avg@toolbarFolder Deleted : C:\Users\esther\AppData\LocalLow\AVG Secure SearchFolder Deleted : C:\Users\esther\AppData\LocalLow\ConduitFolder Deleted : C:\Users\esther\AppData\LocalLow\FunWebProductsFolder Deleted : C:\Users\esther\AppData\LocalLow\MyWebSearchFolder Deleted : C:\Users\esther\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\esther\AppData\LocalLow\Produtools_Manuals_2.1_B2Folder Deleted : C:\Users\esther\AppData\Roaming\DriverCureFolder Deleted : C:\Users\esther\AppData\Roaming\SpeedMaxPc ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\Fun Web ProductsKey Deleted : HKCU\Software\AppDataLow\Software\FunWebProductsKey Deleted : HKCU\Software\AppDataLow\Software\MyWebSearchKey Deleted : HKCU\Software\AppDataLow\Software\PriceGongKey Deleted : HKCU\Software\AppDataLow\Software\Produtools_Manuals_2.1_B2Key Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKCU\Software\AppDataLow\ToolbarKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstallKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Produtools_Manuals_2.1_B2 ToolbarKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtectKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{589D7CFF-0173-47A9-966A-9AFAE3E5C249}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E720452-B472-4954-B7AA-33069EB53906}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{589D7CFF-0173-47A9-966A-9AFAE3E5C249}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96BFA809-304B-4971-A4A6-5474C628CC06}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\MyWebSearchKey Deleted : HKCU\Software\Produtools_Manuals_2.1_B2Key Deleted : HKCU\Software\SearchProtectKey Deleted : HKCU\Software\SpeedMaxPCKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{589D7CFF-0173-47A9-966A-9AFAE3E5C249}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96BFA809-304B-4971-A4A6-5474C628CC06}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3297955Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\Fun Web ProductsKey Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{79C33CF3-0B33-4F3B-9E0D-E3EC77DBBCA5}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{909768FD-1ADE-4E1F-B812-C4908FBA5589}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{589D7CFF-0173-47A9-966A-9AFAE3E5C249}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{96BFA809-304B-4971-A4A6-5474C628CC06}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Produtools_Manuals_2.1_B2 ToolbarKey Deleted : HKLM\Software\MyWebSearchKey Deleted : HKLM\Software\Produtools_Manuals_2.1_B2Key Deleted : HKLM\Software\SpeedMaxPCKey Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{589D7CFF-0173-47A9-966A-9AFAE3E5C249}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{589D7CFF-0173-47A9-966A-9AFAE3E5C249}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{589D7CFF-0173-47A9-966A-9AFAE3E5C249}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{589D7CFF-0173-47A9-966A-9AFAE3E5C249}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16483 -\\ Google Chrome v27.0.1453.116 File : C:\Users\esther\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [9711 octets] - [23/06/2013 13:57:21]AdwCleaner[s1].txt - [9460 octets] - [23/06/2013 14:23:49] ########## EOF - C:\AdwCleaner[s1].txt - [9520 octets] ##########
- June 23, 2013
- 13 replies
search protect/ conduit discovered on machine

arnolfini replied to arnolfini's topic in Resolved Malware Removal Logs

Hi Mr. Charlie; nice to see you here again! I uninstalled the 4 toolbars and ran AdwCleaner and log is posted below. Nothing has to be kept. Thanks! # AdwCleaner v2.303 - Logfile created 06/23/2013 at 13:57:21# Updated 08/06/2013 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)# User : esther - HOME-PC# Boot Mode : Normal# Running from : C:\Users\esther\Desktop\adwcleaner.exe# Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files\AVG Secure SearchFolder Found : C:\Program Files\BasicScanFolder Found : C:\Program Files\Common Files\AVG Secure SearchFolder Found : C:\Program Files\ConduitFolder Found : C:\Program Files\CouponXplorer_5zFolder Found : C:\Program Files\FunWebProductsFolder Found : C:\Program Files\MyWebSearchFolder Found : C:\Program Files\Produtools_Manuals_2.1_B2Folder Found : C:\Program Files\TelevisionFanaticFolder Found : C:\ProgramData\AVG Secure SearchFolder Found : C:\ProgramData\SpeedMaxPcFolder Found : C:\ProgramData\TrymediaFolder Found : C:\Users\esther\AppData\Local\AVG Secure SearchFolder Found : C:\Users\esther\AppData\Local\ConduitFolder Found : C:\Users\esther\AppData\Local\Temp\avg@toolbarFolder Found : C:\Users\esther\AppData\LocalLow\AVG Secure SearchFolder Found : C:\Users\esther\AppData\LocalLow\ConduitFolder Found : C:\Users\esther\AppData\LocalLow\FunWebProductsFolder Found : C:\Users\esther\AppData\LocalLow\MyWebSearchFolder Found : C:\Users\esther\AppData\LocalLow\PriceGongFolder Found : C:\Users\esther\AppData\LocalLow\Produtools_Manuals_2.1_B2Folder Found : C:\Users\esther\AppData\Roaming\DriverCureFolder Found : C:\Users\esther\AppData\Roaming\SpeedMaxPc ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Found : HKCU\Software\AppDataLow\Software\Fun Web ProductsKey Found : HKCU\Software\AppDataLow\Software\FunWebProductsKey Found : HKCU\Software\AppDataLow\Software\MyWebSearchKey Found : HKCU\Software\AppDataLow\Software\PriceGongKey Found : HKCU\Software\AppDataLow\Software\Produtools_Manuals_2.1_B2Key Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\AppDataLow\ToolbarKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstallKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Produtools_Manuals_2.1_B2 ToolbarKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtectKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{589D7CFF-0173-47A9-966A-9AFAE3E5C249}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E720452-B472-4954-B7AA-33069EB53906}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{589D7CFF-0173-47A9-966A-9AFAE3E5C249}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96BFA809-304B-4971-A4A6-5474C628CC06}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKCU\Software\MyWebSearchKey Found : HKCU\Software\Produtools_Manuals_2.1_B2Key Found : HKCU\Software\SearchProtectKey Found : HKCU\Software\SpeedMaxPCKey Found : HKCU\Software\YahooPartnerToolbarKey Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Found : HKLM\SOFTWARE\Classes\CLSID\{589D7CFF-0173-47A9-966A-9AFAE3E5C249}Key Found : HKLM\SOFTWARE\Classes\CLSID\{96BFA809-304B-4971-A4A6-5474C628CC06}Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3297955Key Found : HKLM\Software\ConduitKey Found : HKLM\Software\Fun Web ProductsKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{79C33CF3-0B33-4F3B-9E0D-E3EC77DBBCA5}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{909768FD-1ADE-4E1F-B812-C4908FBA5589}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{589D7CFF-0173-47A9-966A-9AFAE3E5C249}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{96BFA809-304B-4971-A4A6-5474C628CC06}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Produtools_Manuals_2.1_B2 ToolbarKey Found : HKLM\Software\MyWebSearchKey Found : HKLM\Software\Produtools_Manuals_2.1_B2Key Found : HKLM\Software\SpeedMaxPCKey Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}Key Found : HKU\S-1-5-21-1426848440-783321390-1561973993-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}Key Found : HKU\S-1-5-21-1426848440-783321390-1561973993-1000\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{589D7CFF-0173-47A9-966A-9AFAE3E5C249}]Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{589D7CFF-0173-47A9-966A-9AFAE3E5C249}]Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{589D7CFF-0173-47A9-966A-9AFAE3E5C249}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{589D7CFF-0173-47A9-966A-9AFAE3E5C249}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16483 -\\ Google Chrome v27.0.1453.116 File : C:\Users\esther\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [9582 octets] - [23/06/2013 13:57:21] ########## EOF - C:\AdwCleaner[R1].txt - [9642 octets] ##########
- June 23, 2013
- 13 replies
search protect/ conduit discovered on machine

arnolfini posted a topic in Resolved Malware Removal Logs

Hello, I hope this is in the correct forum. I have a machine with browser redirects and other odd behavior. Search protect/ conduit was discovered in the startup processes. Any help would be appreciated as always! Thank you for your time. .DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16483Run by esther at 12:48:32 on 2007-01-06Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.707 [GMT -5:00].AV: Microsoft Security Essentials *Enabled/Outdated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Outdated* {84E27563-E198-C6D6-D9BC-D9F020245508}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\SLsvc.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\MyPC Backup\BackupStack.exeC:\Program Files\SearchProtect\bin\CltMngSvc.exeC:\PROGRA~1\COUPON~2\bar\1.bin\5zbarsvc.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exeC:\PROGRA~1\RADIOP~2\bar\1.bin\4ebarsvc.exeC:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\RtHDVCpl.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Real\RealPlayer\Update\realsched.exeC:\Program Files\RadioPI_4e\bar\1.bin\4ebrmon.exeC:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exeC:\Program Files\CouponXplorer_5z\bar\1.bin\5zbrmon.exeC:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXEC:\Windows\ehome\ehtray.exeC:\Users\esther\AppData\Roaming\comsrvr.exeC:\Users\esther\AppData\Roaming\SearchProtect\bin\cltmng.exeC:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exeC:\Program Files\MyPC Backup\MyPC Backup.exeC:\Windows\ehome\ehmsas.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exeC:\Program Files\CCleaner\CCleaner.exeC:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Users\esther\Downloads\mseinstall.exec:\cd58917cc79bda3113aaa00c1aea\epplauncher.exec:\cd58917cc79bda3113aaa00c1aea\x86\Setup.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\vssvc.exeC:\Windows\system32\msiexec.exec:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\igfxsrvc.exec:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\svchost.exe -k swprv.============== Pseudo HJT Report ===============. uProxyOverride = localhostuURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dlluURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\bar\3.bin\MWSSRCAS.DLLuURLSearchHooks: <No Name>: {8bc67b0f-a721-45e0-a0b6-db0121b0aade} - c:\program files\radiopi_4e\bar\1.bin\4eSrcAs.dlluURLSearchHooks: <No Name>: {0696f815-a3a9-490a-bb14-9ec3350b1276} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dlluURLSearchHooks: {cce665dd-f6dd-4808-968e-eaec971f70ef} - <orphaned>uURLSearchHooks: <No Name>: {9b138bf3-1d40-4e7e-84bb-2975198ad938} - c:\program files\couponxplorer_5z\bar\1.bin\5zSrcAs.dlluURLSearchHooks: Produtools Manuals 2.1 B2 Toolbar: {589d7cff-0173-47a9-966a-9afae3e5c249} - c:\program files\produtools_manuals_2.1_b2\prxtbProd.dllmURLSearchHooks: Produtools Manuals 2.1 B2 Toolbar: {589d7cff-0173-47a9-966a-9afae3e5c249} - c:\program files\produtools_manuals_2.1_b2\prxtbProd.dllBHO: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\bar\3.bin\MWSSRCAS.DLLBHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: Toolbar BHO: {0297a026-3011-46d3-ad62-bb9a7612aea7} - c:\program files\couponxplorer_5z\bar\1.bin\5zbar.dllBHO: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\3.bin\MWSBAR.DLLBHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dllBHO: Toolbar BHO: {35fd2bab-ab2b-494f-b5bf-8755ec043784} - c:\program files\radiopi_4e\bar\1.bin\4ebar.dllBHO: Search Assistant BHO: {4adc9c1b-9c50-4c2d-a471-5c06d8de7e80} - c:\program files\radiopi_4e\bar\1.bin\4eSrcAs.dllBHO: Produtools Manuals 2.1 B2 Toolbar: {589d7cff-0173-47a9-966a-9afae3e5c249} - c:\program files\produtools_manuals_2.1_b2\prxtbProd.dllBHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dllBHO: Search Assistant BHO: {7d69ed06-0171-4379-9528-08df51092727} - c:\program files\couponxplorer_5z\bar\1.bin\5zSrcAs.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - c:\program files\televisionfanatic\bar\1.bin\64bar.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dllBHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Produtools Manuals 2.1 B2 Toolbar: {589D7CFF-0173-47A9-966A-9AFAE3E5C249} - c:\program files\produtools_manuals_2.1_b2\prxtbProd.dllTB: RadioPI: {92926B63-5116-4C6F-A33E-378767B8D15F} - c:\program files\radiopi_4e\bar\1.bin\4ebar.dllTB: TelevisionFanatic: {C98D5B61-B0EA-4D48-9839-1079D352D880} - c:\program files\televisionfanatic\bar\1.bin\64bar.dllTB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllTB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\3.bin\MWSBAR.DLLTB: RadioPI: {92926b63-5116-4c6f-a33e-378767b8d15f} - c:\program files\radiopi_4e\bar\1.bin\4ebar.dllTB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - c:\program files\televisionfanatic\bar\1.bin\64bar.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: CouponXplorer: {65c72339-fb1d-4155-84e1-9afacee02d6f} - c:\program files\couponxplorer_5z\bar\1.bin\5zbar.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Produtools Manuals 2.1 B2 Toolbar: {589d7cff-0173-47a9-966a-9afae3e5c249} - c:\program files\produtools_manuals_2.1_b2\prxtbProd.dlluRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStartuRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [COMServer] "c:\users\esther\appdata\roaming\comsrvr.exe" auRun: [searchProtect] c:\users\esther\appdata\roaming\searchprotect\bin\cltmng.exeuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_7_700_202_ActiveX.exe -update activexuRunOnce: [Microsoft Security Client] c:\program files\microsoft security client\msseces.exe /UpdateAndQuickScan /OpenWebPageOnClosemRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hidemRun: [RtHDVCpl] RtHDVCpl.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\3.bin\mwsoemon.exemRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OMmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osbootmRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /hmRun: [RadioPI_4e Browser Plugin Loader] c:\progra~1\radiop~2\bar\1.bin\4ebrmon.exemRun: [TelevisionFanatic Search Scope Monitor] "c:\progra~1\televi~2\bar\1.bin\64srchmn.exe" /m=2 /w /hmRun: [TelevisionFanatic Browser Plugin Loader] c:\progra~1\televi~2\bar\1.bin\64brmon.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [CouponXplorer Search Scope Monitor] "c:\progra~1\coupon~2\bar\1.bin\5zsrchmn.exe" /m=2 /w /hmRun: [CouponXplorer_5z Browser Plugin Loader] c:\progra~1\coupon~2\bar\1.bin\5zbrmon.exemRun: [searchProtectAll] c:\program files\searchprotect\bin\cltmng.exemRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeyStartupFolder: c:\users\esther\appdata\roaming\micros~1\windows\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exemPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: &Search - http://edits.mywebse...fQ&n=2010050802 TCP: NameServer = 74.5.116.246 205.244.194.36TCP: Interfaces\{045F92B2-8D4D-4A86-A046-02270758B5B8} : DHCPNameServer = 74.5.116.246 205.244.194.36Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dllNotify: igfxcui - igfxdev.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-5-31 32808]R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-5-8 97056]R2 CouponXplorer_5zService;CouponXplorerService;c:\progra~1\coupon~2\bar\1.bin\5zbarsvc.exe [2012-8-20 42504]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-2 21504]R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\3.bin\mwssvc.exe [2011-3-22 28762]R2 RadioPI_4eService;RadioPI Service;c:\progra~1\radiop~2\bar\1.bin\4ebarsvc.exe [2011-9-7 34864]R2 TelevisionFanaticService;TelevisionFanaticService;c:\progra~1\televi~2\bar\1.bin\64barsvc.exe [2012-3-9 42504]R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2013-4-30 10112]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2013-06-06 16:35:35 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{298c5cc9-7f68-4536-bc75-5756f13747d8}\offreg.dll2013-06-06 16:18:23 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{298c5cc9-7f68-4536-bc75-5756f13747d8}\mpengine.dll2013-06-03 17:18:37 -------- d-----w- c:\program files\MyPC Backup2013-06-03 17:17:43 -------- d-----w- c:\program files\PC HealthBoost2013-06-03 17:17:07 -------- d-----w- c:\programdata\PCHealthBoost2013-05-19 19:42:06 -------- d-----w- c:\users\esther\appdata\roaming\supportdotcom2013-05-19 19:41:57 -------- d-----w- c:\program files\common files\supportdotcom2013-05-19 14:34:57 770384 ----a-w- c:\windows\system32\msvcr100.dll2013-05-19 14:34:57 421200 ----a-w- c:\windows\system32\msvcp100.dll2013-05-19 14:34:57 -------- d-----w- c:\program files\SearchProtect2013-05-19 14:34:56 -------- d-----w- c:\users\esther\appdata\roaming\SearchProtect2013-05-19 14:34:45 -------- d-----w- c:\program files\Produtools_Manuals_2.1_B22013-05-15 12:44:25 16948616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe2013-05-15 07:09:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb2013-05-15 00:01:02 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-05-15 00:01:02 37376 ----a-w- c:\windows\system32\cdd.dll2013-05-15 00:00:55 2049024 ----a-w- c:\windows\system32\win32k.sys2013-05-10 07:57:26 187456 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll2013-04-30 06:18:22 28032 ----a-w- c:\windows\system32\ssmirrdr.dll2013-04-30 06:18:22 10112 ----a-w- c:\windows\system32\drivers\ssmirrdr.sys2013-04-15 20:54:36 -------- d-----w- c:\users\esther\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.12013-04-10 07:02:23 64000 ----a-w- c:\windows\system32\smss.exe2013-04-10 07:02:23 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-04-10 07:02:23 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe2013-04-10 07:02:22 49152 ----a-w- c:\windows\system32\csrsrv.dll2013-04-10 07:02:21 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-10 07:02:20 2067968 ----a-w- c:\windows\system32\mstscax.dll2013-04-10 07:02:19 376320 ----a-w- c:\windows\system32\winsrv.dll2013-03-20 10:40:59 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys2013-03-13 11:13:10 -------- d-----w- c:\users\esther\appdata\local\ZeoBIT_LLC2013-03-13 11:11:09 -------- d-----w- c:\programdata\ZeoBIT2013-03-11 18:55:09 -------- d-----w- c:\users\esther\appdata\local\LogMeIn Rescue Applet2013-02-13 14:23:28 1314816 ----a-w- c:\windows\system32\quartz.dll2013-02-13 14:23:27 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-01-20 20:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys2013-01-20 20:59:04 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2013-01-09 13:42:19 204288 ----a-w- c:\windows\system32\ncrypt.dll2013-01-09 13:42:03 1400832 ----a-w- c:\windows\system32\msxml6.dll2013-01-05 17:04:37 22016 ----a-w- c:\users\esther\wgsdgsdgdsgsd.exe2013-01-05 17:04:37 14848 ----a-w- c:\users\esther\appdata\roaming\comsrvr.exe2012-12-22 08:00:33 34304 ----a-w- c:\windows\system32\atmlib.dll2012-12-22 08:00:33 293376 ----a-w- c:\windows\system32\atmfd.dll2012-12-13 08:04:12 9728 ----a-w- c:\windows\system32\Wdfres.dll2012-12-13 08:03:59 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys2012-12-13 08:03:59 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys2012-12-13 08:03:58 73216 ----a-w- c:\windows\system32\WUDFSvc.dll2012-12-13 08:03:58 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll2012-12-13 08:03:58 16896 ----a-w- c:\windows\system32\winusb.dll2012-12-13 08:03:57 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys2012-12-13 08:03:57 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys2012-12-13 08:03:56 613888 ----a-w- c:\windows\system32\WUDFx.dll2012-12-13 08:03:56 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll2012-12-13 08:03:56 196608 ----a-w- c:\windows\system32\WUDFHost.exe2012-12-12 14:03:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-12-12 14:03:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-12-12 09:41:09 376320 ----a-w- c:\windows\system32\dpnet.dll2012-12-12 09:41:09 23040 ----a-w- c:\windows\system32\dpnsvr.exe2012-12-12 09:41:07 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys2012-12-12 09:41:04 2048 ----a-w- c:\windows\system32\tzres.dll2012-11-14 04:08:01 75776 ----a-w- c:\windows\system32\synceng.dll2012-10-10 10:31:30 985088 ----a-w- c:\windows\system32\crypt32.dll2012-10-10 10:31:30 98304 ----a-w- c:\windows\system32\cryptnet.dll2012-10-10 10:31:30 133120 ----a-w- c:\windows\system32\cryptsvc.dll2012-10-10 10:31:27 172544 ----a-w- c:\windows\system32\wintrust.dll2012-08-20 15:50:56 -------- d-----w- c:\program files\CouponXplorer_5z2012-08-15 07:26:22 623616 ----a-w- c:\windows\system32\localspl.dll2012-07-10 20:15:06 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll2012-07-10 20:15:04 1248768 ----a-w- c:\windows\system32\msxml3.dll2012-07-10 20:14:25 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys2012-07-10 20:14:24 278528 ----a-w- c:\windows\system32\schannel.dll2012-07-01 13:16:14 -------- d-----w- c:\users\esther\appdata\local\Facebook2012-06-22 04:04:20 2422272 ----a-w- c:\windows\system32\wucltux.dll2012-06-22 04:03:46 88576 ----a-w- c:\windows\system32\wudriver.dll2012-06-22 04:03:08 33792 ----a-w- c:\windows\system32\wuapp.exe2012-06-22 04:03:08 171904 ----a-w- c:\windows\system32\wuwebv.dll2012-06-17 17:08:47 -------- d-----w- c:\program files\Conduit2012-06-17 17:08:12 -------- d-----w- c:\program files\WhiteSmokeTranslator2012-06-17 17:07:05 -------- d-----w- c:\users\esther\appdata\local\Conduit2012-06-17 17:06:39 -------- d-----w- c:\program files\BasicScan2012-06-17 01:31:50 -------- d-----w- c:\users\esther\appdata\roaming\SpeedMaxPc2012-06-17 01:31:50 -------- d-----w- c:\users\esther\appdata\roaming\DriverCure2012-06-17 01:31:36 -------- d-----w- c:\programdata\SpeedMaxPc2012-06-16 15:34:41 -------- d-----w- c:\users\esther\appdata\local\AVG Secure Search2012-06-16 15:33:16 -------- d-----w- c:\programdata\AVG Secure Search2012-06-16 15:33:05 -------- d-----w- c:\program files\common files\AVG Secure Search2012-06-16 15:33:04 -------- d-----w- c:\program files\AVG Secure Search2012-06-16 15:29:34 -------- d--h--w- C:\$AVG2012-06-16 15:29:34 -------- d-----w- c:\programdata\AVG20122012-06-16 15:27:03 -------- d-----w- c:\program files\AVG2012-06-13 06:46:09 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-05-10 23:29:09 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys2012-05-10 23:29:07 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll2012-05-10 23:29:07 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll2012-05-10 23:29:07 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll2012-05-10 23:29:07 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe2012-05-10 23:29:07 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll2012-05-10 23:29:07 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL2012-05-10 23:29:04 683008 ----a-w- c:\windows\system32\d2d1.dll2012-05-10 23:29:04 219648 ----a-w- c:\windows\system32\d3d10_1core.dll2012-05-10 23:29:04 160768 ----a-w- c:\windows\system32\d3d10_1.dll2012-05-10 23:29:04 1172480 ----a-w- c:\windows\system32\d3d10warp.dll2012-05-10 23:29:04 1069056 ----a-w- c:\windows\system32\DWrite.dll2012-04-13 07:08:03 5120 ----a-w- c:\windows\system32\wmi.dll2012-04-13 07:08:03 157696 ----a-w- c:\windows\system32\imagehlp.dll2012-04-13 07:08:03 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-04-12 14:45:50 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat2012-03-13 21:38:17 613376 ----a-w- c:\windows\system32\rdpencom.dll2012-03-09 14:33:27 -------- d-----w- c:\program files\TelevisionFanatic2012-02-16 18:45:11 680448 ----a-w- c:\windows\system32\msvcrt.dll2012-02-01 15:34:57 1259008 ----a-w- c:\windows\system32\lsasrv.dll2012-02-01 15:34:56 377344 ----a-w- c:\windows\system32\winhttp.dll2012-02-01 15:34:55 9728 ----a-w- c:\windows\system32\lsass.exe2012-02-01 15:34:55 72704 ----a-w- c:\windows\system32\secur32.dll2012-01-11 10:40:25 23552 ----a-w- c:\windows\system32\mciseq.dll2012-01-11 10:40:25 189952 ----a-w- c:\windows\system32\winmm.dll2012-01-11 10:40:24 1205064 ----a-w- c:\windows\system32\ntdll.dll2012-01-11 10:40:23 66560 ----a-w- c:\windows\system32\packager.dll2012-01-11 10:39:52 497152 ----a-w- c:\windows\system32\qdvd.dll2011-12-29 20:51:44 107368 ----a-r- c:\windows\system32\GEARAspi.dll2011-12-29 20:43:23 -------- d--h--w- c:\programdata\Common Files2011-12-29 20:40:34 -------- d-----w- c:\programdata\MFAData2011-12-19 19:32:25 429056 ----a-w- c:\windows\system32\EncDec.dll2011-12-01 19:05:11 -------- d-----w- c:\users\esther\appdata\local\CrashDumps2011-11-13 22:32:15 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS2011-11-13 22:08:48 -------- d-----w- C:\Netgear2011-11-09 21:22:32 707584 ----a-w- c:\program files\common files\system\wab32.dll2011-10-26 03:53:05 6144 ----a-w- c:\program files\internet explorer\iecompat.dll2011-10-12 19:00:38 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax2011-10-12 19:00:38 57856 ----a-w- c:\windows\system32\MSDvbNP.ax2011-10-12 19:00:38 293376 ----a-w- c:\windows\system32\psisdecd.dll2011-10-12 19:00:38 217088 ----a-w- c:\windows\system32\psisrndr.ax2011-10-12 19:00:09 563712 ----a-w- c:\windows\system32\oleaut32.dll2011-10-12 19:00:09 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll2011-10-12 19:00:09 238080 ----a-w- c:\windows\system32\oleacc.dll2011-10-12 19:00:08 4096 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-07 13:34:55 -------- d-----w- c:\program files\RadioPI_4e2011-09-07 13:34:42 -------- d-----w- c:\program files\RadioPI_4eEI2011-08-24 19:12:01 749832 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll2011-08-10 17:00:17 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys2011-06-16 05:35:02 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys2011-06-16 05:34:41 273408 ----a-w- c:\windows\system32\drivers\afd.sys2011-06-16 05:34:37 146432 ----a-w- c:\windows\system32\drivers\srv2.sys2011-06-16 05:34:37 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys2011-06-16 05:34:05 739328 ----a-w- c:\windows\system32\inetcomm.dll2011-06-16 05:34:03 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys2011-06-16 05:34:03 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-05-31 17:02:52 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll2011-05-31 17:02:52 28672 ----a-w- c:\windows\system32\Apphlpdm.dll2011-05-31 17:02:41 876032 ----a-w- c:\windows\system32\XpsPrint.dll2011-04-19 09:47:04 670032 ----a-w- c:\program files\common files\microsoft shared\vc\msdia90.dll2011-04-15 05:35:51 69632 ----a-w- c:\windows\system32\drivers\bowser.sys2011-04-15 05:35:49 1162240 ----a-w- c:\windows\system32\mfc42u.dll2011-04-15 05:35:48 1136640 ----a-w- c:\windows\system32\mfc42.dll2011-04-15 05:35:46 305152 ----a-w- c:\windows\system32\drivers\srv.sys2011-04-15 05:35:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll2011-04-15 05:35:44 25088 ----a-w- c:\windows\system32\dnscacheugc.exe2011-03-23 07:41:30 797696 ----a-w- c:\windows\system32\FntCache.dll2011-03-23 07:41:30 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll2011-03-19 14:26:04 -------- d-----w- c:\users\esther\appdata\local\Real2011-03-19 14:24:48 -------- d-----w- c:\program files\common files\xing shared2011-03-19 14:24:31 499712 ----a-w- c:\windows\system32\msvcp71.dll2011-03-19 14:24:31 348160 ----a-w- c:\windows\system32\msvcr71.dll2011-03-09 20:13:13 322560 ----a-w- c:\windows\system32\sbe.dll2011-03-09 20:13:12 177664 ----a-w- c:\windows\system32\mpg2splt.ax2011-03-09 20:13:12 153088 ----a-w- c:\windows\system32\sbeio.dll2011-03-09 20:13:10 677888 ----a-w- c:\windows\system32\mstsc.exe2011-02-24 08:01:17 2048 ----a-w- c:\windows\system32\winrsmgr.dll2011-02-24 08:01:04 40448 ----a-w- c:\windows\system32\winrs.exe2011-02-24 08:01:04 20480 ----a-w- c:\windows\system32\winrshost.exe2011-02-24 08:01:04 12800 ----a-w- c:\windows\system32\wsmprovhost.exe2011-02-24 08:01:00 10240 ----a-w- c:\windows\system32\wsmplpxy.dll2011-02-24 08:01:00 10240 ----a-w- c:\windows\system32\winrssrv.dll2011-02-09 20:53:20 979456 ----a-w- c:\windows\system32\MFH264Dec.dll2011-01-17 19:42:00 413696 ----a-w- c:\windows\system32\odbc32.dll2011-01-17 19:41:59 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll2011-01-17 19:41:59 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll2011-01-17 19:41:59 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll2011-01-17 19:41:59 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll2011-01-17 19:41:33 1169408 ----a-w- c:\windows\system32\sdclt.exe2010-12-15 10:06:04 66048 ----a-w- c:\program files\windows mail\wabmig.exe2010-12-15 10:06:04 515584 ----a-w- c:\program files\windows mail\wab.exe2010-12-15 10:06:04 33280 ----a-w- c:\program files\windows mail\wabfind.dll2010-12-15 10:06:01 601600 ----a-w- c:\windows\system32\schedsvc.dll2010-12-15 10:06:01 352768 ----a-w- c:\windows\system32\taskschd.dll2010-12-15 10:06:01 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll2010-12-15 10:06:01 270336 ----a-w- c:\windows\system32\taskcomp.dll2010-12-15 10:06:01 171520 ----a-w- c:\windows\system32\taskeng.exe2010-12-15 10:05:59 81920 ----a-w- c:\windows\system32\consent.exe2010-12-15 10:05:58 72704 ----a-w- c:\windows\system32\fontsub.dll2010-10-26 18:03:00 1696256 ----a-w- c:\windows\system32\gameux.dll2010-10-13 04:15:58 168960 ----a-w- c:\program files\windows media player\wmplayer.exe2010-10-13 04:15:57 8147456 ----a-w- c:\windows\system32\wmploc.DLL2010-10-13 04:15:12 125952 ----a-w- c:\windows\system32\srvsvc.dll2010-10-13 04:15:10 17920 ----a-w- c:\windows\system32\netevent.dll2010-10-13 04:14:41 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe2010-10-13 04:14:41 1316864 ----a-w- c:\windows\system32\ole32.dll2010-10-13 04:14:36 157184 ----a-w- c:\windows\system32\t2embed.dll2010-10-13 04:14:14 954752 ----a-w- c:\windows\system32\mfc40.dll2010-10-13 04:14:14 954288 ----a-w- c:\windows\system32\mfc40u.dll2010-10-13 04:14:06 231424 ----a-w- c:\windows\system32\msshsq.dll2010-10-13 04:14:02 867328 ----a-w- c:\windows\system32\wmpmde.dll2010-10-13 04:13:57 531968 ----a-w- c:\windows\system32\comctl32.dll2010-09-15 06:18:28 502272 ----a-w- c:\windows\system32\usp10.dll2010-09-15 06:18:27 128000 ----a-w- c:\windows\system32\spoolsv.exe2010-09-15 06:18:25 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL2010-08-11 18:27:44 81920 ----a-w- c:\windows\system32\iccvid.dll2010-08-11 18:27:37 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll2010-08-11 18:27:35 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe2010-08-11 18:27:27 36864 ----a-w- c:\windows\system32\rtutils.dll2010-08-03 20:08:03 -------- d-----w- c:\program files\Driver-Soft2010-07-13 12:52:01 -------- d-----w- C:\temp2010-07-13 12:51:56 86016 ----a-w- c:\windows\unvise32qt.exe2010-07-13 12:51:54 90112 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll2010-07-13 12:51:54 90112 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll2010-07-13 12:51:54 90112 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll2010-07-13 12:51:54 90112 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll2010-07-13 12:51:54 90112 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll2010-07-13 12:51:46 -------- d-----w- c:\windows\system32\QuickTime2010-07-13 12:51:05 -------- d-----w- c:\windows\system32\BWKDLogs2010-07-13 12:49:59 -------- d-----w- c:\program files\Kodak2010-07-13 12:49:59 -------- d-----w- c:\program files\common files\MSSoap2010-07-13 12:48:44 -------- d-----w- c:\programdata\Kodak2010-06-25 08:34:09 -------- d-----w- c:\program files\ComcastAccess2010-06-25 08:32:50 -------- d-----w-c:\users\esther\appdata\roaming\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.12010-06-25 08:23:14 -------- d-----w- c:\programdata\com.comcast.access2010-06-25 08:23:13 -------- d-----w- c:\users\esther\appdata\local\ComcastAccess2010-06-23 07:00:22 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll2010-06-23 07:00:21 49472 ----a-w- c:\windows\system32\netfxperf.dll2010-06-23 07:00:21 297808 ----a-w- c:\windows\system32\mscoree.dll2010-06-23 07:00:21 295264 ----a-w- c:\windows\system32\PresentationHost.exe2010-06-23 07:00:20 1130824 ----a-w- c:\windows\system32\dfshim.dll2010-06-18 08:02:09 -------- d-----w- c:\program files\support.com2010-06-18 08:02:08 -------- d-----w- c:\users\esther\appdata\local\SupportSoft2010-06-18 08:02:02 -------- d-----w- c:\program files\common files\SupportSoft2010-06-10 17:26:57 67072 ----a-w- c:\windows\system32\asycfilt.dll2010-06-01 22:19:02 -------- d-----w- c:\program files\Microsoft2010-06-01 22:18:51 -------- d-----w- c:\program files\MSN Toolbar2010-06-01 22:16:33 411368 ----a-w- c:\windows\system32\deployJava1.dll2010-05-25 13:00:46 652296 ----a-w-c:\programdata\microsoft\ehome\packages\sportstemplate\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll2010-05-25 13:00:22 416128 ----a-w- c:\programdata\microsoft\ehome\packages\nettv\browse\NetTVResources.dll2010-05-18 16:23:28 -------- d-----w- c:\users\esther\appdata\local\OLYMPUS2010-05-18 16:22:27 -------- d-----w- c:\program files\OLYMPUS2010-05-18 16:21:19 -------- d-----w- c:\program files\MSXML 4.02010-05-12 07:15:56 1616384 ----a-w- c:\program files\windows mail\msoe.dll2010-05-08 06:23:15 32768 ----a-w- c:\windows\system32\f3PSSavr.scr2010-05-08 06:23:14 -------- d-----w- c:\program files\MyWebSearch2010-05-08 06:22:50 -------- d-----w- c:\program files\FunWebProducts2010-05-05 12:32:52 -------- d-----w- c:\program files\Yahoo!2010-04-14 08:37:47 62464 ----a-w- c:\windows\system32\l3codeca.acm2010-04-14 08:37:47 220672 ----a-w- c:\windows\system32\l3codecp.acm2010-04-14 08:36:42 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys2010-04-14 08:36:42 200704 ----a-w- c:\windows\system32\iphlpsvc.dll2010-04-14 08:36:26 98304 ----a-w- c:\windows\system32\cabview.dll2010-04-06 20:23:46 -------- d-----w- c:\programdata\Trymedia2010-04-06 20:23:30 -------- d-----w- c:\program files\Supple -- Episode 12010-03-18 17:16:28 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll2010-03-10 08:01:00 24064 ----a-w- c:\windows\system32\nshhttp.dll2010-03-10 08:00:46 411648 ----a-w- c:\windows\system32\drivers\http.sys2010-03-10 08:00:45 30720 ----a-w- c:\windows\system32\httpapi.dll2010-02-27 11:50:12 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe2010-02-27 11:50:12 471552 ----a-w- c:\windows\system32\secproc_isv.dll2010-02-27 11:50:12 471552 ----a-w- c:\windows\system32\secproc.dll2010-02-27 11:50:11 518144 ----a-w- c:\windows\system32\RMActivate.exe2010-02-27 11:50:11 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe2010-02-27 11:50:11 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe2010-02-27 11:50:11 332288 ----a-w- c:\windows\system32\msdrm.dll2010-02-27 11:50:11 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll2010-02-27 11:50:11 152064 ----a-w- c:\windows\system32\secproc_ssp.dll2010-02-18 22:51:23 499712 ----a-w- c:\windows\system32\kerberos.dll2010-02-09 21:43:50 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys2010-02-09 21:43:41 50176 ----a-w- c:\windows\system32\iyuv_32.dll2010-02-09 21:43:41 31744 ----a-w- c:\windows\system32\msvidc32.dll2010-02-09 21:43:41 22528 ----a-w- c:\windows\system32\msyuv.dll2010-02-09 21:43:41 13312 ----a-w- c:\windows\system32\msrle32.dll2010-02-09 21:43:41 12288 ----a-w- c:\windows\system32\tsbyuv.dll2010-02-09 21:43:40 91136 ----a-w- c:\windows\system32\avifil32.dll2010-02-09 21:43:40 82944 ----a-w- c:\windows\system32\mciavi32.dll2010-02-09 21:43:40 123904 ----a-w- c:\windows\system32\msvfw32.dll2010-01-28 18:04:58 -------- d-----w- c:\programdata\McAfee Security Scan2010-01-28 18:04:50 -------- d-----w- c:\program files\McAfee Security Scan2010-01-28 18:04:43 -------- d-----w- c:\users\esther\appdata\local\Adobe2010-01-02 21:05:37 -------- d-----w- c:\windows\system32\N360_BACKUP2010-01-01 15:16:08 -------- d-----w- c:\users\esther\appdata\local\Symantec2009-12-21 11:21:56 -------- d-----w- c:\program files\Windows Portable Devices2009-12-21 11:06:08 92672 ----a-w- c:\windows\system32\UIAnimation.dll2009-12-21 11:06:06 3023360 ----a-w- c:\windows\system32\UIRibbon.dll2009-12-21 11:06:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll2009-12-21 11:05:26 369664 ----a-w- c:\windows\system32\WMPhoto.dll2009-12-21 11:05:23 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll2009-12-21 11:05:23 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll2009-12-21 11:05:23 252928 ----a-w- c:\windows\system32\dxdiag.exe2009-12-21 11:05:23 195584 ----a-w- c:\windows\system32\dxdiagn.dll2009-12-21 11:05:23 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll2009-12-21 11:05:22 519680 ----a-w- c:\windows\system32\d3d11.dll2009-12-18 20:42:00 -------- d-----w- c:\windows\system32\vi-VN2009-12-18 20:42:00 -------- d-----w- c:\windows\system32\eu-ES2009-12-18 20:42:00 -------- d-----w- c:\windows\system32\ca-ES2009-12-15 14:37:52 -------- d-----w- c:\windows\system32\EventProviders2009-12-14 01:11:06 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll2009-12-14 01:11:04 3408896 ----a-w- c:\windows\system32\SLsvc.exe2009-12-14 01:11:04 1081344 ----a-w- c:\windows\system32\SLCExt.dll2009-12-14 01:11:02 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe2009-12-14 01:11:02 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll2009-12-14 01:11:01 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll2009-12-14 01:11:00 1480704 ----a-w- c:\windows\system32\mssrch.dll2009-12-14 01:09:59 83456 ----a-w- c:\windows\system32\wlgpclnt.dll2009-12-10 11:05:47 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin2009-12-09 12:31:59 243712 ----a-w- c:\windows\system32\rastls.dll2009-12-07 11:13:13 -------- d-----w- C:\PerfLogs2009-12-04 02:26:37 265720 ----a-w- c:\program files\internet explorer\msdbg2.dll2009-12-04 02:26:34 355832 ----a-w- c:\program files\internet explorer\pdm.dll2009-12-02 14:36:06 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\default\MpEngine.dll2009-12-02 14:34:59 90680 ----a-w- c:\program files\windows defender\MpOAV.dll2009-12-02 14:33:59 5261312 ----a-w- c:\program files\common files\microsoft shared\ink\mshwita.dll2009-12-02 14:32:59 8704 ----a-w- c:\windows\system32\msidle.dll2009-12-02 14:31:51 35328 ----a-w- c:\windows\system32\mspatcha.dll2009-12-02 14:31:51 305152 ----a-w- c:\windows\system32\msdelta.dll2009-12-02 14:31:51 258560 ----a-w- c:\windows\system32\dpx.dll2009-12-02 11:11:21 -------- d-----w- c:\programdata\Symantec2009-12-01 22:25:59 -------- d-----w- c:\programdata\Norton2009-12-01 22:21:54 -------- d-----w- c:\programdata\NortonInstaller2009-11-28 16:56:21 61440 ----a-w- c:\windows\system32\winipsec.dll2009-11-28 16:56:21 272896 ----a-w- c:\windows\system32\polstore.dll2009-11-28 16:51:24 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE2009-11-28 16:51:24 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE2009-11-28 16:51:24 27136 ----a-w- c:\windows\system32\NETSTAT.EXE2009-11-28 16:51:24 19968 ----a-w- c:\windows\system32\ARP.EXE2009-11-28 16:51:24 17920 ----a-w- c:\windows\system32\ROUTE.EXE2009-11-28 16:51:24 11264 ----a-w- c:\windows\system32\MRINFO.EXE2009-11-28 16:51:24 105984 ----a-w- c:\windows\system32\netiohlp.dll2009-11-28 16:51:24 10240 ----a-w- c:\windows\system32\finger.exe2009-11-28 16:47:45 68096 ----a-w- c:\windows\system32\wlanhlp.dll2009-11-28 16:47:45 65024 ----a-w- c:\windows\system32\wlanapi.dll2009-11-28 16:47:45 127488 ----a-w- c:\windows\system32\L2SecHC.dll2009-11-28 16:47:44 513536 ----a-w- c:\windows\system32\wlansvc.dll2009-11-28 16:47:44 302592 ----a-w- c:\windows\system32\wlansec.dll2009-11-28 16:47:44 293376 ----a-w- c:\windows\system32\wlanmsm.dll2009-11-28 16:47:42 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs2009-11-28 16:46:30 2048 ----a-w- c:\windows\system32\msxml6r.dll2009-11-28 16:46:30 2048 ----a-w- c:\windows\system32\msxml3r.dll2009-11-28 16:45:20 23552 ----a-w- c:\windows\system32\lpk.dll2009-11-28 16:45:20 10240 ----a-w- c:\windows\system32\dciman32.dll2009-11-28 16:44:12 218624 ----a-w- c:\windows\system32\msv1_0.dll2009-11-28 16:44:12 175104 ----a-w- c:\windows\system32\wdigest.dll2009-11-28 16:42:04 53248 ----a-w- c:\windows\system32\rrinstaller.exe2009-11-28 16:42:04 24576 ----a-w- c:\windows\system32\mfpmp.exe2009-11-28 16:42:04 2048 ----a-w- c:\windows\system32\mferror.dll2009-11-28 16:33:56 71680 ----a-w- c:\windows\system32\atl.dll2009-11-28 16:25:46 160256 ----a-w- c:\windows\system32\wkssvc.dll2009-11-28 16:24:49 53248 ----a-w- c:\windows\system32\tsgqec.dll2009-11-28 16:24:49 136192 ----a-w- c:\windows\system32\aaclient.dll2009-11-28 16:21:16 714240 ----a-w- c:\windows\system32\timedate.cpl2009-11-28 16:12:18 65024 ----a-w- c:\windows\system32\avicap32.dll2009-11-28 16:02:35 6656 ----a-w- c:\windows\system32\kbd106n.dll2009-11-28 15:53:41 37888 ----a-w- c:\windows\system32\printcom.dll2009-11-28 15:52:20 14848 ----a-w- c:\windows\system32\wshrm.dll2009-11-28 15:51:31 43520 ----a-w- c:\windows\system32\msdxm.tlb2009-11-28 15:51:31 313344 ----a-w- c:\windows\system32\wmpdxm.dll2009-11-28 15:51:31 18432 ----a-w- c:\windows\system32\amcompat.tlb2009-11-28 15:08:23 84480 ----a-w- c:\windows\system32\INETRES.dll2009-11-28 15:08:01 60928 ----a-w- c:\windows\system32\msasn1.dll2009-11-28 15:06:33 784896 ----a-w- c:\windows\system32\rpcrt4.dll2009-11-28 15:05:29 355328 ----a-w- c:\windows\system32\WSDApi.dll2009-11-28 15:04:07 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL2009-11-28 15:02:55 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe2009-11-28 15:02:54 310784 ----a-w- c:\windows\system32\unregmp2.exe2009-11-28 15:02:48 7680 ----a-w- c:\windows\system32\spwmp.dll2009-11-28 15:02:48 4096 ----a-w- c:\windows\system32\dxmasf.dll2009-11-28 15:02:48 107520 ----a-w- c:\program files\windows media player\wmpshare.exe2009-11-28 15:02:47 4096 ----a-w- c:\windows\system32\msdxm.ocx2009-11-28 15:02:47 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe2009-11-28 14:13:57 -------- d-----w- c:\users\esther\appdata\local\Google2009-11-28 14:12:56 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll2009-11-28 14:12:44 238872 ------w- c:\windows\system32\MpSigStub.exe2009-11-27 21:21:54 -------- d-----w- c:\windows\system32\Lang2009-11-27 21:13:58 -------- d-----w- c:\windows\system32\RTCOM2009-11-27 21:10:31 -------- d-----w- c:\programdata\Citrix2009-11-27 21:10:03 -------- d-----w- c:\program files\Citrix2009-11-27 21:09:40 -------- d-----w- c:\users\esther\appdata\local\Citrix2009-11-27 21:09:39 61224 ----a-w- c:\users\esther\GoToAssistDownloadHelper.exe2009-11-27 21:08:58 -------- d-----w- c:\users\esther\appdata\local\Deployment2009-11-27 21:08:58 -------- d-----w- c:\users\esther\appdata\local\Apps2009-11-27 21:08:29 400152 ----a-w- c:\windows\system32\igxpun.exe2009-11-27 21:08:29 -------- d-----w- c:\windows\system32\x642009-11-27 21:08:28 319456 ----a-w- c:\windows\system32\difxapi.dll2009-11-27 20:59:15 39288 ----a-w- c:\windows\system32\NicInE6.dll2009-11-27 20:59:15 28536 ----a-w- c:\windows\system32\NicCo6.dll2009-11-27 20:59:15 228224 ----a-w- c:\windows\system32\drivers\e1e6032.sys2009-11-27 20:59:15 179048 ----a-w- c:\windows\system32\e1000msg.dll2009-11-27 20:59:15 154496 ----a-w- c:\windows\system32\Prounstl.exe2009-11-27 20:55:07 -------- d-----w- c:\windows\system32\vmm322009-11-27 20:55:07 -------- d-----w- c:\program files\Dell2009-11-27 20:54:36 -------- d-sh--w- c:\windows\Installer2009-11-27 17:44:29 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL2009-11-27 17:36:26 -------- d-----w- c:\windows\Panther2009-11-27 17:35:41 -------- d-----w- c:\windows\system32\OEM2009-11-27 17:19:13 -------- d-----w- C:\Windows.old2009-08-18 15:34:24 602528 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDRES.DLL2009-08-18 15:32:12 403840 ----a-w- c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll2009-08-18 15:30:38 97176 ----a-w- c:\program files\common files\microsoft shared\windows live\LogicalDevice.dll2009-08-18 15:30:38 807832 ----a-w- c:\program files\common files\microsoft shared\windows live\msidcrl40.dll2009-08-18 15:30:38 564632 ----a-w- c:\programdata\microsoft\identitycrl\production\wlidui.dll2009-08-18 15:30:38 233352 ----a-w- c:\program files\common files\microsoft shared\windows live\HWDeviceLogin.dll2009-08-18 15:29:22 344448 ----a-w- c:\program files\common files\microsoft shared\windows live\SIGNINOPTIONS.EXE2009-08-18 15:29:22 183152 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDSVCM.EXE2009-08-18 15:29:22 1529728 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE2009-08-18 15:24:10 18328 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll2009-08-18 15:24:10 134144 ----a-w- c:\program files\common files\microsoft shared\windows live\SQMAPI.DLL2009-07-21 04:05:40 1348432 ----a-w- c:\windows\system32\msxml4.dll2009-04-23 15:19:52 256768 ----a-w- c:\windows\system32\unicows.dll2008-03-25 21:21:46 -------- d-----w- C:\Intel2008-03-20 02:36:52 -------- d-----w- C:\doctemp2008-03-20 02:34:49 -------- d-----w- C:\Drivers2008-03-20 02:34:49 -------- d-----w- C:\DELL2008-02-12 03:55:18 147456 ----a-w- c:\windows\system32\igfxCoIn_v1437.dll2008-02-12 03:34:48 29932 ----a-w- c:\windows\system32\igmedcompkrn.bin2008-02-12 03:34:48 2215364 ----a-w- c:\windows\system32\igklg400.bin2008-02-12 03:34:48 1971732 ----a-w- c:\windows\system32\igklg450.bin2007-04-19 19:15:58 172032 ----a-w- c:\windows\system32\Ncs2Setp.dll2007-04-18 00:44:32 564112 ----a-w- c:\windows\system32\ncs2dmix.dll2007-04-18 00:44:18 449416 ----a-w- c:\windows\system32\accesor.dll2007-04-13 22:17:52 1043304 ----a-w- c:\windows\system32\ncscolib.dll2007-04-12 01:00:46 99728 ----a-w- c:\windows\system32\drivers\iANSW60.sys2007-03-28 00:38:52 146288 ----a-w- c:\windows\system32\ncs2instutility.dll2007-03-14 17:47:20 228200 ----a-w- c:\windows\system32\PRONtObj.dll2007-03-10 01:04:42 31072 ----a-w- c:\windows\system32\drivers\iqvw32.sys2007-02-21 19:49:52 -------- d-----w- c:\windows\Users2007-01-06 17:43:53 -------- d-----w- c:\program files\Microsoft Security Client2007-01-06 17:40:52 -------- d-----w- C:\cd58917cc79bda3113aaa00c1aea2007-01-06 17:31:35 -------- d-----w- c:\program files\CCleaner.==================== Find3M ====================.2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe2013-04-04 21:57:45 420864 ----a-w- c:\windows\system32\vbscript.dll2012-07-26 03:26:03 2560 ----a-w- c:\windows\system32\drivers\en-us\wdf01000.sys.mui2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll2009-12-07 06:39:30 101888 ----a-w- c:\windows\system32\ifxcardm.dll2009-12-07 06:39:29 82432 ----a-w- c:\windows\system32\axaltocm.dll2009-11-28 15:09:57 2560 ----a-w- c:\windows\apppatch\AcRes.dll2009-11-27 21:12:29 319456 ----a-w- c:\windows\DIFxAPI.dll2009-11-27 21:12:07 315392 ----a-w- c:\windows\HideWin.exe2009-11-03 21:46:54 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui2009-10-09 21:56:27 41472 ----a-w- c:\windows\system32\pwrshplugin.dll2009-10-09 21:56:18 1181696 ----a-w- c:\windows\system32\WsmSvc.dll2009-10-09 21:56:17 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll2009-10-09 21:56:04 241152 ----a-w- c:\windows\system32\winrscmd.dll2009-10-09 21:56:03 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe2009-10-09 21:56:01 145408 ----a-w- c:\windows\system32\WsmAuto.dll2009-10-09 21:55:59 79872 ----a-w- c:\windows\system32\wecutil.exe2009-10-09 21:55:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll2009-10-09 21:55:53 54272 ----a-w- c:\windows\system32\WsmRes.dll2009-10-09 21:55:52 146944 ----a-w- c:\windows\system32\wecsvc.dll2009-10-09 21:55:50 81408 ----a-w- c:\windows\system32\wevtfwd.dll2009-10-09 21:55:50 56320 ----a-w- c:\windows\system32\wecapi.dll2009-10-08 23:12:09 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui2009-10-01 01:08:10 3072 ----a-w- c:\windows\system32\drivers\umdf\en-us\wpdmtpdr.dll.mui2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll2009-08-01 06:27:37 201184 ----a-w- c:\windows\system32\winrm.vbs2009-04-11 06:33:19 986600 ----a-w- c:\windows\system32\winload.exe2009-04-11 06:33:19 926184 ----a-w- c:\windows\system32\winresume.exe2009-04-11 06:33:03 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys2009-04-11 06:33:02 614376 ----a-w- c:\windows\system32\ci.dll2009-04-11 06:28:28 56320 ----a-w- c:\windows\system32\xmlfilter.dll2009-04-11 06:27:59 627200 ----a-w- c:\windows\system32\sethc.exe2009-04-11 06:24:00 4096 ----a-w- c:\windows\system32\drivers\en-us\hdaudbus.sys.mui2009-04-11 06:23:02 89088 ----a-w- c:\windows\system32\pintlgnt.ime2009-04-11 06:23:02 125952 ----a-w- c:\windows\system32\tintlgnt.ime2009-04-11 06:23:02 124928 ----a-w- c:\windows\system32\quick.ime2009-04-11 06:23:02 124928 ----a-w- c:\windows\system32\qintlgnt.ime2009-04-11 06:23:02 124928 ----a-w- c:\windows\system32\phon.ime2009-04-11 06:22:59 413696 ----a-w- c:\windows\system32\imkr80.ime2009-04-11 06:22:57 883712 ----a-w- c:\windows\system32\IMJP10.IME2009-04-11 06:22:57 124928 ----a-w- c:\windows\system32\cintlgnt.ime2009-04-11 06:22:53 124928 ----a-w- c:\windows\system32\chajei.ime2009-04-11 06:22:48 8192 ----a-w- c:\windows\system32\drivers\en-us\bthport.sys.mui2009-04-11 06:22:22 7168 ----a-w- c:\windows\system32\f3ahvoas.dll2009-04-11 05:42:55 93696 ----a-w- c:\windows\system32\drivers\bridge.sys2009-04-11 04:46:40 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys2009-04-11 04:46:32 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys2009-04-11 04:46:30 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys2009-04-11 04:46:07 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys2009-04-11 04:45:56 72192 ----a-w- c:\windows\system32\drivers\tdx.sys2009-04-11 04:45:51 72192 ----a-w- c:\windows\system32\drivers\pacer.sys2009-04-11 04:45:37 185856 ----a-w- c:\windows\system32\drivers\netbt.sys2009-04-11 04:45:24 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys2009-04-11 04:45:22 66560 ----a-w- c:\windows\system32\drivers\smb.sys2009-04-11 04:43:28 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys2009-04-11 04:43:16 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys2009-04-11 04:42:57 226304 ----a-w- c:\windows\system32\drivers\usbport.sys2009-04-11 04:42:56 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys2009-04-11 04:42:56 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys2009-04-11 04:42:52 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys2009-04-11 04:42:50 167936 ----a-w- c:\windows\system32\drivers\portcls.sys2009-04-11 04:42:48 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys2009-04-11 04:42:48 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys2009-04-11 04:42:47 52992 ----a-w- c:\windows\system32\drivers\stream.sys2009-04-11 04:42:42 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys2009-04-11 04:39:57 16384 ----a-w- c:\windows\system32\iscsilog.dll2009-04-11 04:39:17 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys2009-04-11 04:39:11 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys2009-04-11 04:38:49 149504 ----a-w- c:\windows\system32\drivers\ks.sys2009-04-11 04:38:40 17408 ----a-w- c:\windows\system32\drivers\kbdhid.sys2009-04-11 04:27:17 2560 ----a-w- c:\windows\system32\msimsg.dll2009-04-11 04:23:23 76288 ----a-w- c:\windows\system32\drivers\dxg.sys2009-04-11 04:22:46 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys.============= FINISH: 12:49:59.63 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3Install Date: 11/27/2009 12:46:33 PMSystem Uptime: 1/6/2007 12:24:59 PM (0 hours ago).Motherboard: Dell Inc. | | 0RY007Processor: Intel® Core™2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2200/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 288 GiB total, 194.859 GiB free.D: is FIXED (NTFS) - 10 GiB total, 3.884 GiB free..==== Disabled Device Manager Items =============.Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}Description: CD-ROM DriveDevice ID: IDE\CDROMHL-DT-ST_DVD+-RW_GSA-H73N_______________B103____\5&384A886&0&1.0.0Manufacturer: (Standard CD-ROM drives)Name: HL-DT-ST DVD+-RW GSA-H73N ATA DevicePNP Device ID: IDE\CDROMHL-DT-ST_DVD+-RW_GSA-H73N_______________B103____\5&384A886&0&1.0.0Service: cdrom.==== System Restore Points ===================..==== Installed Programs ======================.Acrobat.comAdobe AIRAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.7)AVG 2012Bing BarBing Rewards Client InstallerCCleanerComcast AccessComcast High-Speed Internet Install WizardCouponXplorer ToolbarDell Resource CDGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperGoToAssist 8.0.0.514Hardware HelperHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Intel® Graphics Media Accelerator DriverIntel® PRO Network Connections 12.1.11.0Java Auto UpdaterJava™ 6 Update 20McAfee Security Scan PlusMicrosoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft UI EngineMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Move Media PlayerMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKMy Web SearchMyPC Backup OLYMPUS Master 2PCHealthBoost 2.3.0Produtools Manuals 2.1 B2 ToolbarQuickTimeRadioPIRealNetworks - Microsoft Visual C++ 2008 RuntimeRealPlayerRealtek High Definition Audio DriverRealUpgrade 1.1Rhapsody MP3 Download ManagerSearch Protect by conduitSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Supple -- Episode 1 (remove only)TelevisionFanatic ToolbarUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Windows Live ID Sign-in AssistantYahoo! Toolbar.==== End Of File ===========================
- June 23, 2013
- 13 replies
search protect/conduit discovered on machine

arnolfini replied to arnolfini's topic in Malwarebytes for Windows Support Forum

Thank you for the advice!
- June 23, 2013
- 7 replies
search protect/conduit discovered on machine

arnolfini replied to arnolfini's topic in Malwarebytes for Windows Support Forum

Hello, I have a machine with browser redirects and other odd behavior. Search protect/ conduit was discovered in the startup processes. Any help would be appreciated as always! Thank you for your time. .DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16483Run by esther at 12:48:32 on 2007-01-06Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.707 [GMT -5:00].AV: Microsoft Security Essentials *Enabled/Outdated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Outdated* {84E27563-E198-C6D6-D9BC-D9F020245508}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\SLsvc.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\MyPC Backup\BackupStack.exeC:\Program Files\SearchProtect\bin\CltMngSvc.exeC:\PROGRA~1\COUPON~2\bar\1.bin\5zbarsvc.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exeC:\PROGRA~1\RADIOP~2\bar\1.bin\4ebarsvc.exeC:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\RtHDVCpl.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Real\RealPlayer\Update\realsched.exeC:\Program Files\RadioPI_4e\bar\1.bin\4ebrmon.exeC:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exeC:\Program Files\CouponXplorer_5z\bar\1.bin\5zbrmon.exeC:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXEC:\Windows\ehome\ehtray.exeC:\Users\esther\AppData\Roaming\comsrvr.exeC:\Users\esther\AppData\Roaming\SearchProtect\bin\cltmng.exeC:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exeC:\Program Files\MyPC Backup\MyPC Backup.exeC:\Windows\ehome\ehmsas.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exeC:\Program Files\CCleaner\CCleaner.exeC:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Users\esther\Downloads\mseinstall.exec:\cd58917cc79bda3113aaa00c1aea\epplauncher.exec:\cd58917cc79bda3113aaa00c1aea\x86\Setup.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\vssvc.exeC:\Windows\system32\msiexec.exec:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\igfxsrvc.exec:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\svchost.exe -k swprv.============== Pseudo HJT Report ===============.uProxyOverride = localhostuURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dlluURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\bar\3.bin\MWSSRCAS.DLLuURLSearchHooks: <No Name>: {8bc67b0f-a721-45e0-a0b6-db0121b0aade} - c:\program files\radiopi_4e\bar\1.bin\4eSrcAs.dlluURLSearchHooks: <No Name>: {0696f815-a3a9-490a-bb14-9ec3350b1276} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dlluURLSearchHooks: {cce665dd-f6dd-4808-968e-eaec971f70ef} - <orphaned>uURLSearchHooks: <No Name>: {9b138bf3-1d40-4e7e-84bb-2975198ad938} - c:\program files\couponxplorer_5z\bar\1.bin\5zSrcAs.dlluURLSearchHooks: Produtools Manuals 2.1 B2 Toolbar: {589d7cff-0173-47a9-966a-9afae3e5c249} - c:\program files\produtools_manuals_2.1_b2\prxtbProd.dllmURLSearchHooks: Produtools Manuals 2.1 B2 Toolbar: {589d7cff-0173-47a9-966a-9afae3e5c249} - c:\program files\produtools_manuals_2.1_b2\prxtbProd.dllBHO: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\bar\3.bin\MWSSRCAS.DLLBHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: Toolbar BHO: {0297a026-3011-46d3-ad62-bb9a7612aea7} - c:\program files\couponxplorer_5z\bar\1.bin\5zbar.dllBHO: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\3.bin\MWSBAR.DLLBHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dllBHO: Toolbar BHO: {35fd2bab-ab2b-494f-b5bf-8755ec043784} - c:\program files\radiopi_4e\bar\1.bin\4ebar.dllBHO: Search Assistant BHO: {4adc9c1b-9c50-4c2d-a471-5c06d8de7e80} - c:\program files\radiopi_4e\bar\1.bin\4eSrcAs.dllBHO: Produtools Manuals 2.1 B2 Toolbar: {589d7cff-0173-47a9-966a-9afae3e5c249} - c:\program files\produtools_manuals_2.1_b2\prxtbProd.dllBHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dllBHO: Search Assistant BHO: {7d69ed06-0171-4379-9528-08df51092727} - c:\program files\couponxplorer_5z\bar\1.bin\5zSrcAs.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - c:\program files\televisionfanatic\bar\1.bin\64bar.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Produtools Manuals 2.1 B2 Toolbar: {589D7CFF-0173-47A9-966A-9AFAE3E5C249} - c:\program files\produtools_manuals_2.1_b2\prxtbProd.dllTB: RadioPI: {92926B63-5116-4C6F-A33E-378767B8D15F} - c:\program files\radiopi_4e\bar\1.bin\4ebar.dllTB: TelevisionFanatic: {C98D5B61-B0EA-4D48-9839-1079D352D880} - c:\program files\televisionfanatic\bar\1.bin\64bar.dllTB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllTB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\3.bin\MWSBAR.DLLTB: RadioPI: {92926b63-5116-4c6f-a33e-378767b8d15f} - c:\program files\radiopi_4e\bar\1.bin\4ebar.dllTB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - c:\program files\televisionfanatic\bar\1.bin\64bar.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: CouponXplorer: {65c72339-fb1d-4155-84e1-9afacee02d6f} - c:\program files\couponxplorer_5z\bar\1.bin\5zbar.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Produtools Manuals 2.1 B2 Toolbar: {589d7cff-0173-47a9-966a-9afae3e5c249} - c:\program files\produtools_manuals_2.1_b2\prxtbProd.dlluRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStartuRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [COMServer] "c:\users\esther\appdata\roaming\comsrvr.exe" auRun: [searchProtect] c:\users\esther\appdata\roaming\searchprotect\bin\cltmng.exeuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_7_700_202_ActiveX.exe -update activexuRunOnce: [Microsoft Security Client] c:\program files\microsoft security client\msseces.exe /UpdateAndQuickScan /OpenWebPageOnClosemRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hidemRun: [RtHDVCpl] RtHDVCpl.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\3.bin\mwsoemon.exemRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OMmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osbootmRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /hmRun: [RadioPI_4e Browser Plugin Loader] c:\progra~1\radiop~2\bar\1.bin\4ebrmon.exemRun: [TelevisionFanatic Search Scope Monitor] "c:\progra~1\televi~2\bar\1.bin\64srchmn.exe" /m=2 /w /hmRun: [TelevisionFanatic Browser Plugin Loader] c:\progra~1\televi~2\bar\1.bin\64brmon.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [CouponXplorer Search Scope Monitor] "c:\progra~1\coupon~2\bar\1.bin\5zsrchmn.exe" /m=2 /w /hmRun: [CouponXplorer_5z Browser Plugin Loader] c:\progra~1\coupon~2\bar\1.bin\5zbrmon.exemRun: [searchProtectAll] c:\program files\searchprotect\bin\cltmng.exemRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeyStartupFolder: c:\users\esther\appdata\roaming\micros~1\windows\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exemPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000336&p=ZRxdm429YYUS&si=&a=OVGF7SlKR44IwJObcAQ_fQ&n=2010050802TCP: NameServer = 74.5.116.246 205.244.194.36TCP: Interfaces\{045F92B2-8D4D-4A86-A046-02270758B5B8} : DHCPNameServer = 74.5.116.246 205.244.194.36Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dllNotify: igfxcui - igfxdev.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-5-31 32808]R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-5-8 97056]R2 CouponXplorer_5zService;CouponXplorerService;c:\progra~1\coupon~2\bar\1.bin\5zbarsvc.exe [2012-8-20 42504]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-2 21504]R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\3.bin\mwssvc.exe [2011-3-22 28762]R2 RadioPI_4eService;RadioPI Service;c:\progra~1\radiop~2\bar\1.bin\4ebarsvc.exe [2011-9-7 34864]R2 TelevisionFanaticService;TelevisionFanaticService;c:\progra~1\televi~2\bar\1.bin\64barsvc.exe [2012-3-9 42504]R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2013-4-30 10112]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2013-06-06 16:35:35 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{298c5cc9-7f68-4536-bc75-5756f13747d8}\offreg.dll2013-06-06 16:18:23 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{298c5cc9-7f68-4536-bc75-5756f13747d8}\mpengine.dll2013-06-03 17:18:37 -------- d-----w- c:\program files\MyPC Backup2013-06-03 17:17:43 -------- d-----w- c:\program files\PC HealthBoost2013-06-03 17:17:07 -------- d-----w- c:\programdata\PCHealthBoost2013-05-19 19:42:06 -------- d-----w- c:\users\esther\appdata\roaming\supportdotcom2013-05-19 19:41:57 -------- d-----w- c:\program files\common files\supportdotcom2013-05-19 14:34:57 770384 ----a-w- c:\windows\system32\msvcr100.dll2013-05-19 14:34:57 421200 ----a-w- c:\windows\system32\msvcp100.dll2013-05-19 14:34:57 -------- d-----w- c:\program files\SearchProtect2013-05-19 14:34:56 -------- d-----w- c:\users\esther\appdata\roaming\SearchProtect2013-05-19 14:34:45 -------- d-----w- c:\program files\Produtools_Manuals_2.1_B22013-05-15 12:44:25 16948616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe2013-05-15 07:09:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb2013-05-15 00:01:02 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-05-15 00:01:02 37376 ----a-w- c:\windows\system32\cdd.dll2013-05-15 00:00:55 2049024 ----a-w- c:\windows\system32\win32k.sys2013-05-10 07:57:26 187456 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll2013-04-30 06:18:22 28032 ----a-w- c:\windows\system32\ssmirrdr.dll2013-04-30 06:18:22 10112 ----a-w- c:\windows\system32\drivers\ssmirrdr.sys2013-04-15 20:54:36 -------- d-----w- c:\users\esther\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.12013-04-10 07:02:23 64000 ----a-w- c:\windows\system32\smss.exe2013-04-10 07:02:23 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-04-10 07:02:23 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe2013-04-10 07:02:22 49152 ----a-w- c:\windows\system32\csrsrv.dll2013-04-10 07:02:21 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-10 07:02:20 2067968 ----a-w- c:\windows\system32\mstscax.dll2013-04-10 07:02:19 376320 ----a-w- c:\windows\system32\winsrv.dll2013-03-20 10:40:59 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys2013-03-13 11:13:10 -------- d-----w- c:\users\esther\appdata\local\ZeoBIT_LLC2013-03-13 11:11:09 -------- d-----w- c:\programdata\ZeoBIT2013-03-11 18:55:09 -------- d-----w- c:\users\esther\appdata\local\LogMeIn Rescue Applet2013-02-13 14:23:28 1314816 ----a-w- c:\windows\system32\quartz.dll2013-02-13 14:23:27 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-01-20 20:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys2013-01-20 20:59:04 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2013-01-09 13:42:19 204288 ----a-w- c:\windows\system32\ncrypt.dll2013-01-09 13:42:03 1400832 ----a-w- c:\windows\system32\msxml6.dll2013-01-05 17:04:37 22016 ----a-w- c:\users\esther\wgsdgsdgdsgsd.exe2013-01-05 17:04:37 14848 ----a-w- c:\users\esther\appdata\roaming\comsrvr.exe2012-12-22 08:00:33 34304 ----a-w- c:\windows\system32\atmlib.dll2012-12-22 08:00:33 293376 ----a-w- c:\windows\system32\atmfd.dll2012-12-13 08:04:12 9728 ----a-w- c:\windows\system32\Wdfres.dll2012-12-13 08:03:59 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys2012-12-13 08:03:59 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys2012-12-13 08:03:58 73216 ----a-w- c:\windows\system32\WUDFSvc.dll2012-12-13 08:03:58 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll2012-12-13 08:03:58 16896 ----a-w- c:\windows\system32\winusb.dll2012-12-13 08:03:57 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys2012-12-13 08:03:57 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys2012-12-13 08:03:56 613888 ----a-w- c:\windows\system32\WUDFx.dll2012-12-13 08:03:56 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll2012-12-13 08:03:56 196608 ----a-w- c:\windows\system32\WUDFHost.exe2012-12-12 14:03:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-12-12 14:03:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-12-12 09:41:09 376320 ----a-w- c:\windows\system32\dpnet.dll2012-12-12 09:41:09 23040 ----a-w- c:\windows\system32\dpnsvr.exe2012-12-12 09:41:07 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys2012-12-12 09:41:04 2048 ----a-w- c:\windows\system32\tzres.dll2012-11-14 04:08:01 75776 ----a-w- c:\windows\system32\synceng.dll2012-10-10 10:31:30 985088 ----a-w- c:\windows\system32\crypt32.dll2012-10-10 10:31:30 98304 ----a-w- c:\windows\system32\cryptnet.dll2012-10-10 10:31:30 133120 ----a-w- c:\windows\system32\cryptsvc.dll2012-10-10 10:31:27 172544 ----a-w- c:\windows\system32\wintrust.dll2012-08-20 15:50:56 -------- d-----w- c:\program files\CouponXplorer_5z2012-08-15 07:26:22 623616 ----a-w- c:\windows\system32\localspl.dll2012-07-10 20:15:06 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll2012-07-10 20:15:04 1248768 ----a-w- c:\windows\system32\msxml3.dll2012-07-10 20:14:25 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys2012-07-10 20:14:24 278528 ----a-w- c:\windows\system32\schannel.dll2012-07-01 13:16:14 -------- d-----w- c:\users\esther\appdata\local\Facebook2012-06-22 04:04:20 2422272 ----a-w- c:\windows\system32\wucltux.dll2012-06-22 04:03:46 88576 ----a-w- c:\windows\system32\wudriver.dll2012-06-22 04:03:08 33792 ----a-w- c:\windows\system32\wuapp.exe2012-06-22 04:03:08 171904 ----a-w- c:\windows\system32\wuwebv.dll2012-06-17 17:08:47 -------- d-----w- c:\program files\Conduit2012-06-17 17:08:12 -------- d-----w- c:\program files\WhiteSmokeTranslator2012-06-17 17:07:05 -------- d-----w- c:\users\esther\appdata\local\Conduit2012-06-17 17:06:39 -------- d-----w- c:\program files\BasicScan2012-06-17 01:31:50 -------- d-----w- c:\users\esther\appdata\roaming\SpeedMaxPc2012-06-17 01:31:50 -------- d-----w- c:\users\esther\appdata\roaming\DriverCure2012-06-17 01:31:36 -------- d-----w- c:\programdata\SpeedMaxPc2012-06-16 15:34:41 -------- d-----w- c:\users\esther\appdata\local\AVG Secure Search2012-06-16 15:33:16 -------- d-----w- c:\programdata\AVG Secure Search2012-06-16 15:33:05 -------- d-----w- c:\program files\common files\AVG Secure Search2012-06-16 15:33:04 -------- d-----w- c:\program files\AVG Secure Search2012-06-16 15:29:34 -------- d--h--w- C:\$AVG2012-06-16 15:29:34 -------- d-----w- c:\programdata\AVG20122012-06-16 15:27:03 -------- d-----w- c:\program files\AVG2012-06-13 06:46:09 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-05-10 23:29:09 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys2012-05-10 23:29:07 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll2012-05-10 23:29:07 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll2012-05-10 23:29:07 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll2012-05-10 23:29:07 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe2012-05-10 23:29:07 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll2012-05-10 23:29:07 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL2012-05-10 23:29:04 683008 ----a-w- c:\windows\system32\d2d1.dll2012-05-10 23:29:04 219648 ----a-w- c:\windows\system32\d3d10_1core.dll2012-05-10 23:29:04 160768 ----a-w- c:\windows\system32\d3d10_1.dll2012-05-10 23:29:04 1172480 ----a-w- c:\windows\system32\d3d10warp.dll2012-05-10 23:29:04 1069056 ----a-w- c:\windows\system32\DWrite.dll2012-04-13 07:08:03 5120 ----a-w- c:\windows\system32\wmi.dll2012-04-13 07:08:03 157696 ----a-w- c:\windows\system32\imagehlp.dll2012-04-13 07:08:03 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-04-12 14:45:50 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat2012-03-13 21:38:17 613376 ----a-w- c:\windows\system32\rdpencom.dll2012-03-09 14:33:27 -------- d-----w- c:\program files\TelevisionFanatic2012-02-16 18:45:11 680448 ----a-w- c:\windows\system32\msvcrt.dll2012-02-01 15:34:57 1259008 ----a-w- c:\windows\system32\lsasrv.dll2012-02-01 15:34:56 377344 ----a-w- c:\windows\system32\winhttp.dll2012-02-01 15:34:55 9728 ----a-w- c:\windows\system32\lsass.exe2012-02-01 15:34:55 72704 ----a-w- c:\windows\system32\secur32.dll2012-01-11 10:40:25 23552 ----a-w- c:\windows\system32\mciseq.dll2012-01-11 10:40:25 189952 ----a-w- c:\windows\system32\winmm.dll2012-01-11 10:40:24 1205064 ----a-w- c:\windows\system32\ntdll.dll2012-01-11 10:40:23 66560 ----a-w- c:\windows\system32\packager.dll2012-01-11 10:39:52 497152 ----a-w- c:\windows\system32\qdvd.dll2011-12-29 20:51:44 107368 ----a-r- c:\windows\system32\GEARAspi.dll2011-12-29 20:43:23 -------- d--h--w- c:\programdata\Common Files2011-12-29 20:40:34 -------- d-----w- c:\programdata\MFAData2011-12-19 19:32:25 429056 ----a-w- c:\windows\system32\EncDec.dll2011-12-01 19:05:11 -------- d-----w- c:\users\esther\appdata\local\CrashDumps2011-11-13 22:32:15 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS2011-11-13 22:08:48 -------- d-----w- C:\Netgear2011-11-09 21:22:32 707584 ----a-w- c:\program files\common files\system\wab32.dll2011-10-26 03:53:05 6144 ----a-w- c:\program files\internet explorer\iecompat.dll2011-10-12 19:00:38 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax2011-10-12 19:00:38 57856 ----a-w- c:\windows\system32\MSDvbNP.ax2011-10-12 19:00:38 293376 ----a-w- c:\windows\system32\psisdecd.dll2011-10-12 19:00:38 217088 ----a-w- c:\windows\system32\psisrndr.ax2011-10-12 19:00:09 563712 ----a-w- c:\windows\system32\oleaut32.dll2011-10-12 19:00:09 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll2011-10-12 19:00:09 238080 ----a-w- c:\windows\system32\oleacc.dll2011-10-12 19:00:08 4096 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-07 13:34:55 -------- d-----w- c:\program files\RadioPI_4e2011-09-07 13:34:42 -------- d-----w- c:\program files\RadioPI_4eEI2011-08-24 19:12:01 749832 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll2011-08-10 17:00:17 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys2011-06-16 05:35:02 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys2011-06-16 05:34:41 273408 ----a-w- c:\windows\system32\drivers\afd.sys2011-06-16 05:34:37 146432 ----a-w- c:\windows\system32\drivers\srv2.sys2011-06-16 05:34:37 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys2011-06-16 05:34:05 739328 ----a-w- c:\windows\system32\inetcomm.dll2011-06-16 05:34:03 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys2011-06-16 05:34:03 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-05-31 17:02:52 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll2011-05-31 17:02:52 28672 ----a-w- c:\windows\system32\Apphlpdm.dll2011-05-31 17:02:41 876032 ----a-w- c:\windows\system32\XpsPrint.dll2011-04-19 09:47:04 670032 ----a-w- c:\program files\common files\microsoft shared\vc\msdia90.dll2011-04-15 05:35:51 69632 ----a-w- c:\windows\system32\drivers\bowser.sys2011-04-15 05:35:49 1162240 ----a-w- c:\windows\system32\mfc42u.dll2011-04-15 05:35:48 1136640 ----a-w- c:\windows\system32\mfc42.dll2011-04-15 05:35:46 305152 ----a-w- c:\windows\system32\drivers\srv.sys2011-04-15 05:35:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll2011-04-15 05:35:44 25088 ----a-w- c:\windows\system32\dnscacheugc.exe2011-03-23 07:41:30 797696 ----a-w- c:\windows\system32\FntCache.dll2011-03-23 07:41:30 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll2011-03-19 14:26:04 -------- d-----w- c:\users\esther\appdata\local\Real2011-03-19 14:24:48 -------- d-----w- c:\program files\common files\xing shared2011-03-19 14:24:31 499712 ----a-w- c:\windows\system32\msvcp71.dll2011-03-19 14:24:31 348160 ----a-w- c:\windows\system32\msvcr71.dll2011-03-09 20:13:13 322560 ----a-w- c:\windows\system32\sbe.dll2011-03-09 20:13:12 177664 ----a-w- c:\windows\system32\mpg2splt.ax2011-03-09 20:13:12 153088 ----a-w- c:\windows\system32\sbeio.dll2011-03-09 20:13:10 677888 ----a-w- c:\windows\system32\mstsc.exe2011-02-24 08:01:17 2048 ----a-w- c:\windows\system32\winrsmgr.dll2011-02-24 08:01:04 40448 ----a-w- c:\windows\system32\winrs.exe2011-02-24 08:01:04 20480 ----a-w- c:\windows\system32\winrshost.exe2011-02-24 08:01:04 12800 ----a-w- c:\windows\system32\wsmprovhost.exe2011-02-24 08:01:00 10240 ----a-w- c:\windows\system32\wsmplpxy.dll2011-02-24 08:01:00 10240 ----a-w- c:\windows\system32\winrssrv.dll2011-02-09 20:53:20 979456 ----a-w- c:\windows\system32\MFH264Dec.dll2011-01-17 19:42:00 413696 ----a-w- c:\windows\system32\odbc32.dll2011-01-17 19:41:59 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll2011-01-17 19:41:59 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll2011-01-17 19:41:59 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll2011-01-17 19:41:59 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll2011-01-17 19:41:33 1169408 ----a-w- c:\windows\system32\sdclt.exe2010-12-15 10:06:04 66048 ----a-w- c:\program files\windows mail\wabmig.exe2010-12-15 10:06:04 515584 ----a-w- c:\program files\windows mail\wab.exe2010-12-15 10:06:04 33280 ----a-w- c:\program files\windows mail\wabfind.dll2010-12-15 10:06:01 601600 ----a-w- c:\windows\system32\schedsvc.dll2010-12-15 10:06:01 352768 ----a-w- c:\windows\system32\taskschd.dll2010-12-15 10:06:01 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll2010-12-15 10:06:01 270336 ----a-w- c:\windows\system32\taskcomp.dll2010-12-15 10:06:01 171520 ----a-w- c:\windows\system32\taskeng.exe2010-12-15 10:05:59 81920 ----a-w- c:\windows\system32\consent.exe2010-12-15 10:05:58 72704 ----a-w- c:\windows\system32\fontsub.dll2010-10-26 18:03:00 1696256 ----a-w- c:\windows\system32\gameux.dll2010-10-13 04:15:58 168960 ----a-w- c:\program files\windows media player\wmplayer.exe2010-10-13 04:15:57 8147456 ----a-w- c:\windows\system32\wmploc.DLL2010-10-13 04:15:12 125952 ----a-w- c:\windows\system32\srvsvc.dll2010-10-13 04:15:10 17920 ----a-w- c:\windows\system32\netevent.dll2010-10-13 04:14:41 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe2010-10-13 04:14:41 1316864 ----a-w- c:\windows\system32\ole32.dll2010-10-13 04:14:36 157184 ----a-w- c:\windows\system32\t2embed.dll2010-10-13 04:14:14 954752 ----a-w- c:\windows\system32\mfc40.dll2010-10-13 04:14:14 954288 ----a-w- c:\windows\system32\mfc40u.dll2010-10-13 04:14:06 231424 ----a-w- c:\windows\system32\msshsq.dll2010-10-13 04:14:02 867328 ----a-w- c:\windows\system32\wmpmde.dll2010-10-13 04:13:57 531968 ----a-w- c:\windows\system32\comctl32.dll2010-09-15 06:18:28 502272 ----a-w- c:\windows\system32\usp10.dll2010-09-15 06:18:27 128000 ----a-w- c:\windows\system32\spoolsv.exe2010-09-15 06:18:25 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL2010-08-11 18:27:44 81920 ----a-w- c:\windows\system32\iccvid.dll2010-08-11 18:27:37 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll2010-08-11 18:27:35 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe2010-08-11 18:27:27 36864 ----a-w- c:\windows\system32\rtutils.dll2010-08-03 20:08:03 -------- d-----w- c:\program files\Driver-Soft2010-07-13 12:52:01 -------- d-----w- C:\temp2010-07-13 12:51:56 86016 ----a-w- c:\windows\unvise32qt.exe2010-07-13 12:51:54 90112 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll2010-07-13 12:51:54 90112 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll2010-07-13 12:51:54 90112 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll2010-07-13 12:51:54 90112 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll2010-07-13 12:51:54 90112 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll2010-07-13 12:51:46 -------- d-----w- c:\windows\system32\QuickTime2010-07-13 12:51:05 -------- d-----w- c:\windows\system32\BWKDLogs2010-07-13 12:49:59 -------- d-----w- c:\program files\Kodak2010-07-13 12:49:59 -------- d-----w- c:\program files\common files\MSSoap2010-07-13 12:48:44 -------- d-----w- c:\programdata\Kodak2010-06-25 08:34:09 -------- d-----w- c:\program files\ComcastAccess2010-06-25 08:32:50 -------- d-----w- c:\users\esther\appdata\roaming\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.12010-06-25 08:23:14 -------- d-----w- c:\programdata\com.comcast.access2010-06-25 08:23:13 -------- d-----w- c:\users\esther\appdata\local\ComcastAccess2010-06-23 07:00:22 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll2010-06-23 07:00:21 49472 ----a-w- c:\windows\system32\netfxperf.dll2010-06-23 07:00:21 297808 ----a-w- c:\windows\system32\mscoree.dll2010-06-23 07:00:21 295264 ----a-w- c:\windows\system32\PresentationHost.exe2010-06-23 07:00:20 1130824 ----a-w- c:\windows\system32\dfshim.dll2010-06-18 08:02:09 -------- d-----w- c:\program files\support.com2010-06-18 08:02:08 -------- d-----w- c:\users\esther\appdata\local\SupportSoft2010-06-18 08:02:02 -------- d-----w- c:\program files\common files\SupportSoft2010-06-10 17:26:57 67072 ----a-w- c:\windows\system32\asycfilt.dll2010-06-01 22:19:02 -------- d-----w- c:\program files\Microsoft2010-06-01 22:18:51 -------- d-----w- c:\program files\MSN Toolbar2010-06-01 22:16:33 411368 ----a-w- c:\windows\system32\deployJava1.dll2010-05-25 13:00:46 652296 ----a-w- c:\programdata\microsoft\ehome\packages\sportstemplate\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll2010-05-25 13:00:22 416128 ----a-w- c:\programdata\microsoft\ehome\packages\nettv\browse\NetTVResources.dll2010-05-18 16:23:28 -------- d-----w- c:\users\esther\appdata\local\OLYMPUS2010-05-18 16:22:27 -------- d-----w- c:\program files\OLYMPUS2010-05-18 16:21:19 -------- d-----w- c:\program files\MSXML 4.02010-05-12 07:15:56 1616384 ----a-w- c:\program files\windows mail\msoe.dll2010-05-08 06:23:15 32768 ----a-w- c:\windows\system32\f3PSSavr.scr2010-05-08 06:23:14 -------- d-----w- c:\program files\MyWebSearch2010-05-08 06:22:50 -------- d-----w- c:\program files\FunWebProducts2010-05-05 12:32:52 -------- d-----w- c:\program files\Yahoo!2010-04-14 08:37:47 62464 ----a-w- c:\windows\system32\l3codeca.acm2010-04-14 08:37:47 220672 ----a-w- c:\windows\system32\l3codecp.acm2010-04-14 08:36:42 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys2010-04-14 08:36:42 200704 ----a-w- c:\windows\system32\iphlpsvc.dll2010-04-14 08:36:26 98304 ----a-w- c:\windows\system32\cabview.dll2010-04-06 20:23:46 -------- d-----w- c:\programdata\Trymedia2010-04-06 20:23:30 -------- d-----w- c:\program files\Supple -- Episode 12010-03-18 17:16:28 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll2010-03-10 08:01:00 24064 ----a-w- c:\windows\system32\nshhttp.dll2010-03-10 08:00:46 411648 ----a-w- c:\windows\system32\drivers\http.sys2010-03-10 08:00:45 30720 ----a-w- c:\windows\system32\httpapi.dll2010-02-27 11:50:12 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe2010-02-27 11:50:12 471552 ----a-w- c:\windows\system32\secproc_isv.dll2010-02-27 11:50:12 471552 ----a-w- c:\windows\system32\secproc.dll2010-02-27 11:50:11 518144 ----a-w- c:\windows\system32\RMActivate.exe2010-02-27 11:50:11 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe2010-02-27 11:50:11 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe2010-02-27 11:50:11 332288 ----a-w- c:\windows\system32\msdrm.dll2010-02-27 11:50:11 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll2010-02-27 11:50:11 152064 ----a-w- c:\windows\system32\secproc_ssp.dll2010-02-18 22:51:23 499712 ----a-w- c:\windows\system32\kerberos.dll2010-02-09 21:43:50 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys2010-02-09 21:43:41 50176 ----a-w- c:\windows\system32\iyuv_32.dll2010-02-09 21:43:41 31744 ----a-w- c:\windows\system32\msvidc32.dll2010-02-09 21:43:41 22528 ----a-w- c:\windows\system32\msyuv.dll2010-02-09 21:43:41 13312 ----a-w- c:\windows\system32\msrle32.dll2010-02-09 21:43:41 12288 ----a-w- c:\windows\system32\tsbyuv.dll2010-02-09 21:43:40 91136 ----a-w- c:\windows\system32\avifil32.dll2010-02-09 21:43:40 82944 ----a-w- c:\windows\system32\mciavi32.dll2010-02-09 21:43:40 123904 ----a-w- c:\windows\system32\msvfw32.dll2010-01-28 18:04:58 -------- d-----w- c:\programdata\McAfee Security Scan2010-01-28 18:04:50 -------- d-----w- c:\program files\McAfee Security Scan2010-01-28 18:04:43 -------- d-----w- c:\users\esther\appdata\local\Adobe2010-01-02 21:05:37 -------- d-----w- c:\windows\system32\N360_BACKUP2010-01-01 15:16:08 -------- d-----w- c:\users\esther\appdata\local\Symantec2009-12-21 11:21:56 -------- d-----w- c:\program files\Windows Portable Devices2009-12-21 11:06:08 92672 ----a-w- c:\windows\system32\UIAnimation.dll2009-12-21 11:06:06 3023360 ----a-w- c:\windows\system32\UIRibbon.dll2009-12-21 11:06:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll2009-12-21 11:05:26 369664 ----a-w- c:\windows\system32\WMPhoto.dll2009-12-21 11:05:23 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll2009-12-21 11:05:23 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll2009-12-21 11:05:23 252928 ----a-w- c:\windows\system32\dxdiag.exe2009-12-21 11:05:23 195584 ----a-w- c:\windows\system32\dxdiagn.dll2009-12-21 11:05:23 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll2009-12-21 11:05:22 519680 ----a-w- c:\windows\system32\d3d11.dll2009-12-18 20:42:00 -------- d-----w- c:\windows\system32\vi-VN2009-12-18 20:42:00 -------- d-----w- c:\windows\system32\eu-ES2009-12-18 20:42:00 -------- d-----w- c:\windows\system32\ca-ES2009-12-15 14:37:52 -------- d-----w- c:\windows\system32\EventProviders2009-12-14 01:11:06 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll2009-12-14 01:11:04 3408896 ----a-w- c:\windows\system32\SLsvc.exe2009-12-14 01:11:04 1081344 ----a-w- c:\windows\system32\SLCExt.dll2009-12-14 01:11:02 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe2009-12-14 01:11:02 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll2009-12-14 01:11:01 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll2009-12-14 01:11:00 1480704 ----a-w- c:\windows\system32\mssrch.dll2009-12-14 01:09:59 83456 ----a-w- c:\windows\system32\wlgpclnt.dll2009-12-10 11:05:47 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin2009-12-09 12:31:59 243712 ----a-w- c:\windows\system32\rastls.dll2009-12-07 11:13:13 -------- d-----w- C:\PerfLogs2009-12-04 02:26:37 265720 ----a-w- c:\program files\internet explorer\msdbg2.dll2009-12-04 02:26:34 355832 ----a-w- c:\program files\internet explorer\pdm.dll2009-12-02 14:36:06 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\default\MpEngine.dll2009-12-02 14:34:59 90680 ----a-w- c:\program files\windows defender\MpOAV.dll2009-12-02 14:33:59 5261312 ----a-w- c:\program files\common files\microsoft shared\ink\mshwita.dll2009-12-02 14:32:59 8704 ----a-w- c:\windows\system32\msidle.dll2009-12-02 14:31:51 35328 ----a-w- c:\windows\system32\mspatcha.dll2009-12-02 14:31:51 305152 ----a-w- c:\windows\system32\msdelta.dll2009-12-02 14:31:51 258560 ----a-w- c:\windows\system32\dpx.dll2009-12-02 11:11:21 -------- d-----w- c:\programdata\Symantec2009-12-01 22:25:59 -------- d-----w- c:\programdata\Norton2009-12-01 22:21:54 -------- d-----w- c:\programdata\NortonInstaller2009-11-28 16:56:21 61440 ----a-w- c:\windows\system32\winipsec.dll2009-11-28 16:56:21 272896 ----a-w- c:\windows\system32\polstore.dll2009-11-28 16:51:24 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE2009-11-28 16:51:24 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE2009-11-28 16:51:24 27136 ----a-w- c:\windows\system32\NETSTAT.EXE2009-11-28 16:51:24 19968 ----a-w- c:\windows\system32\ARP.EXE2009-11-28 16:51:24 17920 ----a-w- c:\windows\system32\ROUTE.EXE2009-11-28 16:51:24 11264 ----a-w- c:\windows\system32\MRINFO.EXE2009-11-28 16:51:24 105984 ----a-w- c:\windows\system32\netiohlp.dll2009-11-28 16:51:24 10240 ----a-w- c:\windows\system32\finger.exe2009-11-28 16:47:45 68096 ----a-w- c:\windows\system32\wlanhlp.dll2009-11-28 16:47:45 65024 ----a-w- c:\windows\system32\wlanapi.dll2009-11-28 16:47:45 127488 ----a-w- c:\windows\system32\L2SecHC.dll2009-11-28 16:47:44 513536 ----a-w- c:\windows\system32\wlansvc.dll2009-11-28 16:47:44 302592 ----a-w- c:\windows\system32\wlansec.dll2009-11-28 16:47:44 293376 ----a-w- c:\windows\system32\wlanmsm.dll2009-11-28 16:47:42 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs2009-11-28 16:46:30 2048 ----a-w- c:\windows\system32\msxml6r.dll2009-11-28 16:46:30 2048 ----a-w- c:\windows\system32\msxml3r.dll2009-11-28 16:45:20 23552 ----a-w- c:\windows\system32\lpk.dll2009-11-28 16:45:20 10240 ----a-w- c:\windows\system32\dciman32.dll2009-11-28 16:44:12 218624 ----a-w- c:\windows\system32\msv1_0.dll2009-11-28 16:44:12 175104 ----a-w- c:\windows\system32\wdigest.dll2009-11-28 16:42:04 53248 ----a-w- c:\windows\system32\rrinstaller.exe2009-11-28 16:42:04 24576 ----a-w- c:\windows\system32\mfpmp.exe2009-11-28 16:42:04 2048 ----a-w- c:\windows\system32\mferror.dll2009-11-28 16:33:56 71680 ----a-w- c:\windows\system32\atl.dll2009-11-28 16:25:46 160256 ----a-w- c:\windows\system32\wkssvc.dll2009-11-28 16:24:49 53248 ----a-w- c:\windows\system32\tsgqec.dll2009-11-28 16:24:49 136192 ----a-w- c:\windows\system32\aaclient.dll2009-11-28 16:21:16 714240 ----a-w- c:\windows\system32\timedate.cpl2009-11-28 16:12:18 65024 ----a-w- c:\windows\system32\avicap32.dll2009-11-28 16:02:35 6656 ----a-w- c:\windows\system32\kbd106n.dll2009-11-28 15:53:41 37888 ----a-w- c:\windows\system32\printcom.dll2009-11-28 15:52:20 14848 ----a-w- c:\windows\system32\wshrm.dll2009-11-28 15:51:31 43520 ----a-w- c:\windows\system32\msdxm.tlb2009-11-28 15:51:31 313344 ----a-w- c:\windows\system32\wmpdxm.dll2009-11-28 15:51:31 18432 ----a-w- c:\windows\system32\amcompat.tlb2009-11-28 15:08:23 84480 ----a-w- c:\windows\system32\INETRES.dll2009-11-28 15:08:01 60928 ----a-w- c:\windows\system32\msasn1.dll2009-11-28 15:06:33 784896 ----a-w- c:\windows\system32\rpcrt4.dll2009-11-28 15:05:29 355328 ----a-w- c:\windows\system32\WSDApi.dll2009-11-28 15:04:07 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL2009-11-28 15:02:55 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe2009-11-28 15:02:54 310784 ----a-w- c:\windows\system32\unregmp2.exe2009-11-28 15:02:48 7680 ----a-w- c:\windows\system32\spwmp.dll2009-11-28 15:02:48 4096 ----a-w- c:\windows\system32\dxmasf.dll2009-11-28 15:02:48 107520 ----a-w- c:\program files\windows media player\wmpshare.exe2009-11-28 15:02:47 4096 ----a-w- c:\windows\system32\msdxm.ocx2009-11-28 15:02:47 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe2009-11-28 14:13:57 -------- d-----w- c:\users\esther\appdata\local\Google2009-11-28 14:12:56 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll2009-11-28 14:12:44 238872 ------w- c:\windows\system32\MpSigStub.exe2009-11-27 21:21:54 -------- d-----w- c:\windows\system32\Lang2009-11-27 21:13:58 -------- d-----w- c:\windows\system32\RTCOM2009-11-27 21:10:31 -------- d-----w- c:\programdata\Citrix2009-11-27 21:10:03 -------- d-----w- c:\program files\Citrix2009-11-27 21:09:40 -------- d-----w- c:\users\esther\appdata\local\Citrix2009-11-27 21:09:39 61224 ----a-w- c:\users\esther\GoToAssistDownloadHelper.exe2009-11-27 21:08:58 -------- d-----w- c:\users\esther\appdata\local\Deployment2009-11-27 21:08:58 -------- d-----w- c:\users\esther\appdata\local\Apps2009-11-27 21:08:29 400152 ----a-w- c:\windows\system32\igxpun.exe2009-11-27 21:08:29 -------- d-----w- c:\windows\system32\x642009-11-27 21:08:28 319456 ----a-w- c:\windows\system32\difxapi.dll2009-11-27 20:59:15 39288 ----a-w- c:\windows\system32\NicInE6.dll2009-11-27 20:59:15 28536 ----a-w- c:\windows\system32\NicCo6.dll2009-11-27 20:59:15 228224 ----a-w- c:\windows\system32\drivers\e1e6032.sys2009-11-27 20:59:15 179048 ----a-w- c:\windows\system32\e1000msg.dll2009-11-27 20:59:15 154496 ----a-w- c:\windows\system32\Prounstl.exe2009-11-27 20:55:07 -------- d-----w- c:\windows\system32\vmm322009-11-27 20:55:07 -------- d-----w- c:\program files\Dell2009-11-27 20:54:36 -------- d-sh--w- c:\windows\Installer2009-11-27 17:44:29 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL2009-11-27 17:36:26 -------- d-----w- c:\windows\Panther2009-11-27 17:35:41 -------- d-----w- c:\windows\system32\OEM2009-11-27 17:19:13 -------- d-----w- C:\Windows.old2009-08-18 15:34:24 602528 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDRES.DLL2009-08-18 15:32:12 403840 ----a-w- c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll2009-08-18 15:30:38 97176 ----a-w- c:\program files\common files\microsoft shared\windows live\LogicalDevice.dll2009-08-18 15:30:38 807832 ----a-w- c:\program files\common files\microsoft shared\windows live\msidcrl40.dll2009-08-18 15:30:38 564632 ----a-w- c:\programdata\microsoft\identitycrl\production\wlidui.dll2009-08-18 15:30:38 233352 ----a-w- c:\program files\common files\microsoft shared\windows live\HWDeviceLogin.dll2009-08-18 15:29:22 344448 ----a-w- c:\program files\common files\microsoft shared\windows live\SIGNINOPTIONS.EXE2009-08-18 15:29:22 183152 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDSVCM.EXE2009-08-18 15:29:22 1529728 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE2009-08-18 15:24:10 18328 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll2009-08-18 15:24:10 134144 ----a-w- c:\program files\common files\microsoft shared\windows live\SQMAPI.DLL2009-07-21 04:05:40 1348432 ----a-w- c:\windows\system32\msxml4.dll2009-04-23 15:19:52 256768 ----a-w- c:\windows\system32\unicows.dll2008-03-25 21:21:46 -------- d-----w- C:\Intel2008-03-20 02:36:52 -------- d-----w- C:\doctemp2008-03-20 02:34:49 -------- d-----w- C:\Drivers2008-03-20 02:34:49 -------- d-----w- C:\DELL2008-02-12 03:55:18 147456 ----a-w- c:\windows\system32\igfxCoIn_v1437.dll2008-02-12 03:34:48 29932 ----a-w- c:\windows\system32\igmedcompkrn.bin2008-02-12 03:34:48 2215364 ----a-w- c:\windows\system32\igklg400.bin2008-02-12 03:34:48 1971732 ----a-w- c:\windows\system32\igklg450.bin2007-04-19 19:15:58 172032 ----a-w- c:\windows\system32\Ncs2Setp.dll2007-04-18 00:44:32 564112 ----a-w- c:\windows\system32\ncs2dmix.dll2007-04-18 00:44:18 449416 ----a-w- c:\windows\system32\accesor.dll2007-04-13 22:17:52 1043304 ----a-w- c:\windows\system32\ncscolib.dll2007-04-12 01:00:46 99728 ----a-w- c:\windows\system32\drivers\iANSW60.sys2007-03-28 00:38:52 146288 ----a-w- c:\windows\system32\ncs2instutility.dll2007-03-14 17:47:20 228200 ----a-w- c:\windows\system32\PRONtObj.dll2007-03-10 01:04:42 31072 ----a-w- c:\windows\system32\drivers\iqvw32.sys2007-02-21 19:49:52 -------- d-----w- c:\windows\Users2007-01-06 17:43:53 -------- d-----w- c:\program files\Microsoft Security Client2007-01-06 17:40:52 -------- d-----w- C:\cd58917cc79bda3113aaa00c1aea2007-01-06 17:31:35 -------- d-----w- c:\program files\CCleaner.==================== Find3M ====================.2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe2013-04-04 21:57:45 420864 ----a-w- c:\windows\system32\vbscript.dll2012-07-26 03:26:03 2560 ----a-w- c:\windows\system32\drivers\en-us\wdf01000.sys.mui2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll2009-12-07 06:39:30 101888 ----a-w- c:\windows\system32\ifxcardm.dll2009-12-07 06:39:29 82432 ----a-w- c:\windows\system32\axaltocm.dll2009-11-28 15:09:57 2560 ----a-w- c:\windows\apppatch\AcRes.dll2009-11-27 21:12:29 319456 ----a-w- c:\windows\DIFxAPI.dll2009-11-27 21:12:07 315392 ----a-w- c:\windows\HideWin.exe2009-11-03 21:46:54 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui2009-10-09 21:56:27 41472 ----a-w- c:\windows\system32\pwrshplugin.dll2009-10-09 21:56:18 1181696 ----a-w- c:\windows\system32\WsmSvc.dll2009-10-09 21:56:17 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll2009-10-09 21:56:04 241152 ----a-w- c:\windows\system32\winrscmd.dll2009-10-09 21:56:03 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe2009-10-09 21:56:01 145408 ----a-w- c:\windows\system32\WsmAuto.dll2009-10-09 21:55:59 79872 ----a-w- c:\windows\system32\wecutil.exe2009-10-09 21:55:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll2009-10-09 21:55:53 54272 ----a-w- c:\windows\system32\WsmRes.dll2009-10-09 21:55:52 146944 ----a-w- c:\windows\system32\wecsvc.dll2009-10-09 21:55:50 81408 ----a-w- c:\windows\system32\wevtfwd.dll2009-10-09 21:55:50 56320 ----a-w- c:\windows\system32\wecapi.dll2009-10-08 23:12:09 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui2009-10-01 01:08:10 3072 ----a-w- c:\windows\system32\drivers\umdf\en-us\wpdmtpdr.dll.mui2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll2009-08-01 06:27:37 201184 ----a-w- c:\windows\system32\winrm.vbs2009-04-11 06:33:19 986600 ----a-w- c:\windows\system32\winload.exe2009-04-11 06:33:19 926184 ----a-w- c:\windows\system32\winresume.exe2009-04-11 06:33:03 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys2009-04-11 06:33:02 614376 ----a-w- c:\windows\system32\ci.dll2009-04-11 06:28:28 56320 ----a-w- c:\windows\system32\xmlfilter.dll2009-04-11 06:27:59 627200 ----a-w- c:\windows\system32\sethc.exe2009-04-11 06:24:00 4096 ----a-w- c:\windows\system32\drivers\en-us\hdaudbus.sys.mui2009-04-11 06:23:02 89088 ----a-w- c:\windows\system32\pintlgnt.ime2009-04-11 06:23:02 125952 ----a-w- c:\windows\system32\tintlgnt.ime2009-04-11 06:23:02 124928 ----a-w- c:\windows\system32\quick.ime2009-04-11 06:23:02 124928 ----a-w- c:\windows\system32\qintlgnt.ime2009-04-11 06:23:02 124928 ----a-w- c:\windows\system32\phon.ime2009-04-11 06:22:59 413696 ----a-w- c:\windows\system32\imkr80.ime2009-04-11 06:22:57 883712 ----a-w- c:\windows\system32\IMJP10.IME2009-04-11 06:22:57 124928 ----a-w- c:\windows\system32\cintlgnt.ime2009-04-11 06:22:53 124928 ----a-w- c:\windows\system32\chajei.ime2009-04-11 06:22:48 8192 ----a-w- c:\windows\system32\drivers\en-us\bthport.sys.mui2009-04-11 06:22:22 7168 ----a-w- c:\windows\system32\f3ahvoas.dll2009-04-11 05:42:55 93696 ----a-w- c:\windows\system32\drivers\bridge.sys2009-04-11 04:46:40 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys2009-04-11 04:46:32 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys2009-04-11 04:46:30 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys2009-04-11 04:46:07 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys2009-04-11 04:45:56 72192 ----a-w- c:\windows\system32\drivers\tdx.sys2009-04-11 04:45:51 72192 ----a-w- c:\windows\system32\drivers\pacer.sys2009-04-11 04:45:37 185856 ----a-w- c:\windows\system32\drivers\netbt.sys2009-04-11 04:45:24 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys2009-04-11 04:45:22 66560 ----a-w- c:\windows\system32\drivers\smb.sys2009-04-11 04:43:28 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys2009-04-11 04:43:16 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys2009-04-11 04:42:57 226304 ----a-w- c:\windows\system32\drivers\usbport.sys2009-04-11 04:42:56 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys2009-04-11 04:42:56 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys2009-04-11 04:42:52 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys2009-04-11 04:42:50 167936 ----a-w- c:\windows\system32\drivers\portcls.sys2009-04-11 04:42:48 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys2009-04-11 04:42:48 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys2009-04-11 04:42:47 52992 ----a-w- c:\windows\system32\drivers\stream.sys2009-04-11 04:42:42 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys2009-04-11 04:39:57 16384 ----a-w- c:\windows\system32\iscsilog.dll2009-04-11 04:39:17 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys2009-04-11 04:39:11 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys2009-04-11 04:38:49 149504 ----a-w- c:\windows\system32\drivers\ks.sys2009-04-11 04:38:40 17408 ----a-w- c:\windows\system32\drivers\kbdhid.sys2009-04-11 04:27:17 2560 ----a-w- c:\windows\system32\msimsg.dll2009-04-11 04:23:23 76288 ----a-w- c:\windows\system32\drivers\dxg.sys2009-04-11 04:22:46 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys.============= FINISH: 12:49:59.63 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3Install Date: 11/27/2009 12:46:33 PMSystem Uptime: 1/6/2007 12:24:59 PM (0 hours ago).Motherboard: Dell Inc. | | 0RY007Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2200/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 288 GiB total, 194.859 GiB free.D: is FIXED (NTFS) - 10 GiB total, 3.884 GiB free..==== Disabled Device Manager Items =============.Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}Description: CD-ROM DriveDevice ID: IDE\CDROMHL-DT-ST_DVD+-RW_GSA-H73N_______________B103____\5&384A886&0&1.0.0Manufacturer: (Standard CD-ROM drives)Name: HL-DT-ST DVD+-RW GSA-H73N ATA DevicePNP Device ID: IDE\CDROMHL-DT-ST_DVD+-RW_GSA-H73N_______________B103____\5&384A886&0&1.0.0Service: cdrom.==== System Restore Points ===================..==== Installed Programs ======================.Acrobat.comAdobe AIRAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.7)AVG 2012Bing BarBing Rewards Client InstallerCCleanerComcast AccessComcast High-Speed Internet Install WizardCouponXplorer ToolbarDell Resource CDGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperGoToAssist 8.0.0.514Hardware HelperHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Intel® Graphics Media Accelerator DriverIntel® PRO Network Connections 12.1.11.0Java Auto UpdaterJava 6 Update 20McAfee Security Scan PlusMicrosoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft UI EngineMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Move Media PlayerMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKMy Web SearchMyPC Backup OLYMPUS Master 2PCHealthBoost 2.3.0Produtools Manuals 2.1 B2 ToolbarQuickTimeRadioPIRealNetworks - Microsoft Visual C++ 2008 RuntimeRealPlayerRealtek High Definition Audio DriverRealUpgrade 1.1Rhapsody MP3 Download ManagerSearch Protect by conduitSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Supple -- Episode 1 (remove only)TelevisionFanatic ToolbarUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Windows Live ID Sign-in AssistantYahoo! Toolbar.==== End Of File ===========================
- June 23, 2013
- 7 replies
search protect/conduit discovered on machine

arnolfini posted a topic in Malwarebytes for Windows Support Forum

Hello, I have a computer here with browser redirects and and all sorts of funny behavior. Search Protect/Conduit was found in the startup processes among many other odd things. Any help you can provide will be greatly appreciated. Your work is always appreciated! Thank you for your time. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16483Run by esther at 12:48:32 on 2007-01-06Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2036.707 [GMT -5:00].AV: Microsoft Security Essentials *Enabled/Outdated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Outdated* {84E27563-E198-C6D6-D9BC-D9F020245508}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\SLsvc.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\MyPC Backup\BackupStack.exeC:\Program Files\SearchProtect\bin\CltMngSvc.exeC:\PROGRA~1\COUPON~2\bar\1.bin\5zbarsvc.exeC:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exeC:\PROGRA~1\RADIOP~2\bar\1.bin\4ebarsvc.exeC:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\RtHDVCpl.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Real\RealPlayer\Update\realsched.exeC:\Program Files\RadioPI_4e\bar\1.bin\4ebrmon.exeC:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exeC:\Program Files\CouponXplorer_5z\bar\1.bin\5zbrmon.exeC:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXEC:\Windows\ehome\ehtray.exeC:\Users\esther\AppData\Roaming\comsrvr.exeC:\Users\esther\AppData\Roaming\SearchProtect\bin\cltmng.exeC:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exeC:\Program Files\MyPC Backup\MyPC Backup.exeC:\Windows\ehome\ehmsas.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exeC:\Program Files\CCleaner\CCleaner.exeC:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Users\esther\Downloads\mseinstall.exec:\cd58917cc79bda3113aaa00c1aea\epplauncher.exec:\cd58917cc79bda3113aaa00c1aea\x86\Setup.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\vssvc.exeC:\Windows\system32\msiexec.exec:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\igfxsrvc.exec:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\svchost.exe -k swprv.============== Pseudo HJT Report ===============.uProxyOverride = localhostuURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dlluURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\bar\3.bin\MWSSRCAS.DLLuURLSearchHooks: <No Name>: {8bc67b0f-a721-45e0-a0b6-db0121b0aade} - c:\program files\radiopi_4e\bar\1.bin\4eSrcAs.dlluURLSearchHooks: <No Name>: {0696f815-a3a9-490a-bb14-9ec3350b1276} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dlluURLSearchHooks: {cce665dd-f6dd-4808-968e-eaec971f70ef} - <orphaned>uURLSearchHooks: <No Name>: {9b138bf3-1d40-4e7e-84bb-2975198ad938} - c:\program files\couponxplorer_5z\bar\1.bin\5zSrcAs.dlluURLSearchHooks: Produtools Manuals 2.1 B2 Toolbar: {589d7cff-0173-47a9-966a-9afae3e5c249} - c:\program files\produtools_manuals_2.1_b2\prxtbProd.dllmURLSearchHooks: Produtools Manuals 2.1 B2 Toolbar: {589d7cff-0173-47a9-966a-9afae3e5c249} - c:\program files\produtools_manuals_2.1_b2\prxtbProd.dllBHO: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\bar\3.bin\MWSSRCAS.DLLBHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: Toolbar BHO: {0297a026-3011-46d3-ad62-bb9a7612aea7} - c:\program files\couponxplorer_5z\bar\1.bin\5zbar.dllBHO: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\3.bin\MWSBAR.DLLBHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dllBHO: Toolbar BHO: {35fd2bab-ab2b-494f-b5bf-8755ec043784} - c:\program files\radiopi_4e\bar\1.bin\4ebar.dllBHO: Search Assistant BHO: {4adc9c1b-9c50-4c2d-a471-5c06d8de7e80} - c:\program files\radiopi_4e\bar\1.bin\4eSrcAs.dllBHO: Produtools Manuals 2.1 B2 Toolbar: {589d7cff-0173-47a9-966a-9afae3e5c249} - c:\program files\produtools_manuals_2.1_b2\prxtbProd.dllBHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dllBHO: Search Assistant BHO: {7d69ed06-0171-4379-9528-08df51092727} - c:\program files\couponxplorer_5z\bar\1.bin\5zSrcAs.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - c:\program files\televisionfanatic\bar\1.bin\64bar.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Produtools Manuals 2.1 B2 Toolbar: {589D7CFF-0173-47A9-966A-9AFAE3E5C249} - c:\program files\produtools_manuals_2.1_b2\prxtbProd.dllTB: RadioPI: {92926B63-5116-4C6F-A33E-378767B8D15F} - c:\program files\radiopi_4e\bar\1.bin\4ebar.dllTB: TelevisionFanatic: {C98D5B61-B0EA-4D48-9839-1079D352D880} - c:\program files\televisionfanatic\bar\1.bin\64bar.dllTB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllTB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\3.bin\MWSBAR.DLLTB: RadioPI: {92926b63-5116-4c6f-a33e-378767b8d15f} - c:\program files\radiopi_4e\bar\1.bin\4ebar.dllTB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - c:\program files\televisionfanatic\bar\1.bin\64bar.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: CouponXplorer: {65c72339-fb1d-4155-84e1-9afacee02d6f} - c:\program files\couponxplorer_5z\bar\1.bin\5zbar.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Produtools Manuals 2.1 B2 Toolbar: {589d7cff-0173-47a9-966a-9afae3e5c249} - c:\program files\produtools_manuals_2.1_b2\prxtbProd.dlluRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStartuRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [COMServer] "c:\users\esther\appdata\roaming\comsrvr.exe" auRun: [searchProtect] c:\users\esther\appdata\roaming\searchprotect\bin\cltmng.exeuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_7_700_202_ActiveX.exe -update activexuRunOnce: [Microsoft Security Client] c:\program files\microsoft security client\msseces.exe /UpdateAndQuickScan /OpenWebPageOnClosemRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hidemRun: [RtHDVCpl] RtHDVCpl.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\3.bin\mwsoemon.exemRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OMmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osbootmRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /hmRun: [RadioPI_4e Browser Plugin Loader] c:\progra~1\radiop~2\bar\1.bin\4ebrmon.exemRun: [TelevisionFanatic Search Scope Monitor] "c:\progra~1\televi~2\bar\1.bin\64srchmn.exe" /m=2 /w /hmRun: [TelevisionFanatic Browser Plugin Loader] c:\progra~1\televi~2\bar\1.bin\64brmon.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [CouponXplorer Search Scope Monitor] "c:\progra~1\coupon~2\bar\1.bin\5zsrchmn.exe" /m=2 /w /hmRun: [CouponXplorer_5z Browser Plugin Loader] c:\progra~1\coupon~2\bar\1.bin\5zbrmon.exemRun: [searchProtectAll] c:\program files\searchprotect\bin\cltmng.exemRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeyStartupFolder: c:\users\esther\appdata\roaming\micros~1\windows\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exemPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000336&p=ZRxdm429YYUS&si=&a=OVGF7SlKR44IwJObcAQ_fQ&n=2010050802TCP: NameServer = 74.5.116.246 205.244.194.36TCP: Interfaces\{045F92B2-8D4D-4A86-A046-02270758B5B8} : DHCPNameServer = 74.5.116.246 205.244.194.36Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dllNotify: igfxcui - igfxdev.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-5-31 32808]R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-5-8 97056]R2 CouponXplorer_5zService;CouponXplorerService;c:\progra~1\coupon~2\bar\1.bin\5zbarsvc.exe [2012-8-20 42504]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-12-2 21504]R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\3.bin\mwssvc.exe [2011-3-22 28762]R2 RadioPI_4eService;RadioPI Service;c:\progra~1\radiop~2\bar\1.bin\4ebarsvc.exe [2011-9-7 34864]R2 TelevisionFanaticService;TelevisionFanaticService;c:\progra~1\televi~2\bar\1.bin\64barsvc.exe [2012-3-9 42504]R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2013-4-30 10112]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2013-06-06 16:35:35 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{298c5cc9-7f68-4536-bc75-5756f13747d8}\offreg.dll2013-06-06 16:18:23 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{298c5cc9-7f68-4536-bc75-5756f13747d8}\mpengine.dll2013-06-03 17:18:37 -------- d-----w- c:\program files\MyPC Backup2013-06-03 17:17:43 -------- d-----w- c:\program files\PC HealthBoost2013-06-03 17:17:07 -------- d-----w- c:\programdata\PCHealthBoost2013-05-19 19:42:06 -------- d-----w- c:\users\esther\appdata\roaming\supportdotcom2013-05-19 19:41:57 -------- d-----w- c:\program files\common files\supportdotcom2013-05-19 14:34:57 770384 ----a-w- c:\windows\system32\msvcr100.dll2013-05-19 14:34:57 421200 ----a-w- c:\windows\system32\msvcp100.dll2013-05-19 14:34:57 -------- d-----w- c:\program files\SearchProtect2013-05-19 14:34:56 -------- d-----w- c:\users\esther\appdata\roaming\SearchProtect2013-05-19 14:34:45 -------- d-----w- c:\program files\Produtools_Manuals_2.1_B22013-05-15 12:44:25 16948616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe2013-05-15 07:09:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb2013-05-15 00:01:02 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-05-15 00:01:02 37376 ----a-w- c:\windows\system32\cdd.dll2013-05-15 00:00:55 2049024 ----a-w- c:\windows\system32\win32k.sys2013-05-10 07:57:26 187456 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll2013-04-30 06:18:22 28032 ----a-w- c:\windows\system32\ssmirrdr.dll2013-04-30 06:18:22 10112 ----a-w- c:\windows\system32\drivers\ssmirrdr.sys2013-04-15 20:54:36 -------- d-----w- c:\users\esther\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.12013-04-10 07:02:23 64000 ----a-w- c:\windows\system32\smss.exe2013-04-10 07:02:23 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-04-10 07:02:23 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe2013-04-10 07:02:22 49152 ----a-w- c:\windows\system32\csrsrv.dll2013-04-10 07:02:21 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-10 07:02:20 2067968 ----a-w- c:\windows\system32\mstscax.dll2013-04-10 07:02:19 376320 ----a-w- c:\windows\system32\winsrv.dll2013-03-20 10:40:59 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys2013-03-13 11:13:10 -------- d-----w- c:\users\esther\appdata\local\ZeoBIT_LLC2013-03-13 11:11:09 -------- d-----w- c:\programdata\ZeoBIT2013-03-11 18:55:09 -------- d-----w- c:\users\esther\appdata\local\LogMeIn Rescue Applet2013-02-13 14:23:28 1314816 ----a-w- c:\windows\system32\quartz.dll2013-02-13 14:23:27 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-01-20 20:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys2013-01-20 20:59:04 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2013-01-09 13:42:19 204288 ----a-w- c:\windows\system32\ncrypt.dll2013-01-09 13:42:03 1400832 ----a-w- c:\windows\system32\msxml6.dll2013-01-05 17:04:37 22016 ----a-w- c:\users\esther\wgsdgsdgdsgsd.exe2013-01-05 17:04:37 14848 ----a-w- c:\users\esther\appdata\roaming\comsrvr.exe2012-12-22 08:00:33 34304 ----a-w- c:\windows\system32\atmlib.dll2012-12-22 08:00:33 293376 ----a-w- c:\windows\system32\atmfd.dll2012-12-13 08:04:12 9728 ----a-w- c:\windows\system32\Wdfres.dll2012-12-13 08:03:59 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys2012-12-13 08:03:59 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys2012-12-13 08:03:58 73216 ----a-w- c:\windows\system32\WUDFSvc.dll2012-12-13 08:03:58 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll2012-12-13 08:03:58 16896 ----a-w- c:\windows\system32\winusb.dll2012-12-13 08:03:57 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys2012-12-13 08:03:57 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys2012-12-13 08:03:56 613888 ----a-w- c:\windows\system32\WUDFx.dll2012-12-13 08:03:56 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll2012-12-13 08:03:56 196608 ----a-w- c:\windows\system32\WUDFHost.exe2012-12-12 14:03:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-12-12 14:03:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-12-12 09:41:09 376320 ----a-w- c:\windows\system32\dpnet.dll2012-12-12 09:41:09 23040 ----a-w- c:\windows\system32\dpnsvr.exe2012-12-12 09:41:07 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys2012-12-12 09:41:04 2048 ----a-w- c:\windows\system32\tzres.dll2012-11-14 04:08:01 75776 ----a-w- c:\windows\system32\synceng.dll2012-10-10 10:31:30 985088 ----a-w- c:\windows\system32\crypt32.dll2012-10-10 10:31:30 98304 ----a-w- c:\windows\system32\cryptnet.dll2012-10-10 10:31:30 133120 ----a-w- c:\windows\system32\cryptsvc.dll2012-10-10 10:31:27 172544 ----a-w- c:\windows\system32\wintrust.dll2012-08-20 15:50:56 -------- d-----w- c:\program files\CouponXplorer_5z2012-08-15 07:26:22 623616 ----a-w- c:\windows\system32\localspl.dll2012-07-10 20:15:06 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll2012-07-10 20:15:04 1248768 ----a-w- c:\windows\system32\msxml3.dll2012-07-10 20:14:25 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys2012-07-10 20:14:24 278528 ----a-w- c:\windows\system32\schannel.dll2012-07-01 13:16:14 -------- d-----w- c:\users\esther\appdata\local\Facebook2012-06-22 04:04:20 2422272 ----a-w- c:\windows\system32\wucltux.dll2012-06-22 04:03:46 88576 ----a-w- c:\windows\system32\wudriver.dll2012-06-22 04:03:08 33792 ----a-w- c:\windows\system32\wuapp.exe2012-06-22 04:03:08 171904 ----a-w- c:\windows\system32\wuwebv.dll2012-06-17 17:08:47 -------- d-----w- c:\program files\Conduit2012-06-17 17:08:12 -------- d-----w- c:\program files\WhiteSmokeTranslator2012-06-17 17:07:05 -------- d-----w- c:\users\esther\appdata\local\Conduit2012-06-17 17:06:39 -------- d-----w- c:\program files\BasicScan2012-06-17 01:31:50 -------- d-----w- c:\users\esther\appdata\roaming\SpeedMaxPc2012-06-17 01:31:50 -------- d-----w- c:\users\esther\appdata\roaming\DriverCure2012-06-17 01:31:36 -------- d-----w- c:\programdata\SpeedMaxPc2012-06-16 15:34:41 -------- d-----w- c:\users\esther\appdata\local\AVG Secure Search2012-06-16 15:33:16 -------- d-----w- c:\programdata\AVG Secure Search2012-06-16 15:33:05 -------- d-----w- c:\program files\common files\AVG Secure Search2012-06-16 15:33:04 -------- d-----w- c:\program files\AVG Secure Search2012-06-16 15:29:34 -------- d--h--w- C:\$AVG2012-06-16 15:29:34 -------- d-----w- c:\programdata\AVG20122012-06-16 15:27:03 -------- d-----w- c:\program files\AVG2012-06-13 06:46:09 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-05-10 23:29:09 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys2012-05-10 23:29:07 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll2012-05-10 23:29:07 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll2012-05-10 23:29:07 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll2012-05-10 23:29:07 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe2012-05-10 23:29:07 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll2012-05-10 23:29:07 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL2012-05-10 23:29:04 683008 ----a-w- c:\windows\system32\d2d1.dll2012-05-10 23:29:04 219648 ----a-w- c:\windows\system32\d3d10_1core.dll2012-05-10 23:29:04 160768 ----a-w- c:\windows\system32\d3d10_1.dll2012-05-10 23:29:04 1172480 ----a-w- c:\windows\system32\d3d10warp.dll2012-05-10 23:29:04 1069056 ----a-w- c:\windows\system32\DWrite.dll2012-04-13 07:08:03 5120 ----a-w- c:\windows\system32\wmi.dll2012-04-13 07:08:03 157696 ----a-w- c:\windows\system32\imagehlp.dll2012-04-13 07:08:03 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-04-12 14:45:50 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat2012-03-13 21:38:17 613376 ----a-w- c:\windows\system32\rdpencom.dll2012-03-09 14:33:27 -------- d-----w- c:\program files\TelevisionFanatic2012-02-16 18:45:11 680448 ----a-w- c:\windows\system32\msvcrt.dll2012-02-01 15:34:57 1259008 ----a-w- c:\windows\system32\lsasrv.dll2012-02-01 15:34:56 377344 ----a-w- c:\windows\system32\winhttp.dll2012-02-01 15:34:55 9728 ----a-w- c:\windows\system32\lsass.exe2012-02-01 15:34:55 72704 ----a-w- c:\windows\system32\secur32.dll2012-01-11 10:40:25 23552 ----a-w- c:\windows\system32\mciseq.dll2012-01-11 10:40:25 189952 ----a-w- c:\windows\system32\winmm.dll2012-01-11 10:40:24 1205064 ----a-w- c:\windows\system32\ntdll.dll2012-01-11 10:40:23 66560 ----a-w- c:\windows\system32\packager.dll2012-01-11 10:39:52 497152 ----a-w- c:\windows\system32\qdvd.dll2011-12-29 20:51:44 107368 ----a-r- c:\windows\system32\GEARAspi.dll2011-12-29 20:43:23 -------- d--h--w- c:\programdata\Common Files2011-12-29 20:40:34 -------- d-----w- c:\programdata\MFAData2011-12-19 19:32:25 429056 ----a-w- c:\windows\system32\EncDec.dll2011-12-01 19:05:11 -------- d-----w- c:\users\esther\appdata\local\CrashDumps2011-11-13 22:32:15 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS2011-11-13 22:08:48 -------- d-----w- C:\Netgear2011-11-09 21:22:32 707584 ----a-w- c:\program files\common files\system\wab32.dll2011-10-26 03:53:05 6144 ----a-w- c:\program files\internet explorer\iecompat.dll2011-10-12 19:00:38 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax2011-10-12 19:00:38 57856 ----a-w- c:\windows\system32\MSDvbNP.ax2011-10-12 19:00:38 293376 ----a-w- c:\windows\system32\psisdecd.dll2011-10-12 19:00:38 217088 ----a-w- c:\windows\system32\psisrndr.ax2011-10-12 19:00:09 563712 ----a-w- c:\windows\system32\oleaut32.dll2011-10-12 19:00:09 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll2011-10-12 19:00:09 238080 ----a-w- c:\windows\system32\oleacc.dll2011-10-12 19:00:08 4096 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-07 13:34:55 -------- d-----w- c:\program files\RadioPI_4e2011-09-07 13:34:42 -------- d-----w- c:\program files\RadioPI_4eEI2011-08-24 19:12:01 749832 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll2011-08-10 17:00:17 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys2011-06-16 05:35:02 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys2011-06-16 05:34:41 273408 ----a-w- c:\windows\system32\drivers\afd.sys2011-06-16 05:34:37 146432 ----a-w- c:\windows\system32\drivers\srv2.sys2011-06-16 05:34:37 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys2011-06-16 05:34:05 739328 ----a-w- c:\windows\system32\inetcomm.dll2011-06-16 05:34:03 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys2011-06-16 05:34:03 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-05-31 17:02:52 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll2011-05-31 17:02:52 28672 ----a-w- c:\windows\system32\Apphlpdm.dll2011-05-31 17:02:41 876032 ----a-w- c:\windows\system32\XpsPrint.dll2011-04-19 09:47:04 670032 ----a-w- c:\program files\common files\microsoft shared\vc\msdia90.dll2011-04-15 05:35:51 69632 ----a-w- c:\windows\system32\drivers\bowser.sys2011-04-15 05:35:49 1162240 ----a-w- c:\windows\system32\mfc42u.dll2011-04-15 05:35:48 1136640 ----a-w- c:\windows\system32\mfc42.dll2011-04-15 05:35:46 305152 ----a-w- c:\windows\system32\drivers\srv.sys2011-04-15 05:35:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll2011-04-15 05:35:44 25088 ----a-w- c:\windows\system32\dnscacheugc.exe2011-03-23 07:41:30 797696 ----a-w- c:\windows\system32\FntCache.dll2011-03-23 07:41:30 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll2011-03-19 14:26:04 -------- d-----w- c:\users\esther\appdata\local\Real2011-03-19 14:24:48 -------- d-----w- c:\program files\common files\xing shared2011-03-19 14:24:31 499712 ----a-w- c:\windows\system32\msvcp71.dll2011-03-19 14:24:31 348160 ----a-w- c:\windows\system32\msvcr71.dll2011-03-09 20:13:13 322560 ----a-w- c:\windows\system32\sbe.dll2011-03-09 20:13:12 177664 ----a-w- c:\windows\system32\mpg2splt.ax2011-03-09 20:13:12 153088 ----a-w- c:\windows\system32\sbeio.dll2011-03-09 20:13:10 677888 ----a-w- c:\windows\system32\mstsc.exe2011-02-24 08:01:17 2048 ----a-w- c:\windows\system32\winrsmgr.dll2011-02-24 08:01:04 40448 ----a-w- c:\windows\system32\winrs.exe2011-02-24 08:01:04 20480 ----a-w- c:\windows\system32\winrshost.exe2011-02-24 08:01:04 12800 ----a-w- c:\windows\system32\wsmprovhost.exe2011-02-24 08:01:00 10240 ----a-w- c:\windows\system32\wsmplpxy.dll2011-02-24 08:01:00 10240 ----a-w- c:\windows\system32\winrssrv.dll2011-02-09 20:53:20 979456 ----a-w- c:\windows\system32\MFH264Dec.dll2011-01-17 19:42:00 413696 ----a-w- c:\windows\system32\odbc32.dll2011-01-17 19:41:59 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll2011-01-17 19:41:59 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll2011-01-17 19:41:59 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll2011-01-17 19:41:59 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll2011-01-17 19:41:33 1169408 ----a-w- c:\windows\system32\sdclt.exe2010-12-15 10:06:04 66048 ----a-w- c:\program files\windows mail\wabmig.exe2010-12-15 10:06:04 515584 ----a-w- c:\program files\windows mail\wab.exe2010-12-15 10:06:04 33280 ----a-w- c:\program files\windows mail\wabfind.dll2010-12-15 10:06:01 601600 ----a-w- c:\windows\system32\schedsvc.dll2010-12-15 10:06:01 352768 ----a-w- c:\windows\system32\taskschd.dll2010-12-15 10:06:01 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll2010-12-15 10:06:01 270336 ----a-w- c:\windows\system32\taskcomp.dll2010-12-15 10:06:01 171520 ----a-w- c:\windows\system32\taskeng.exe2010-12-15 10:05:59 81920 ----a-w- c:\windows\system32\consent.exe2010-12-15 10:05:58 72704 ----a-w- c:\windows\system32\fontsub.dll2010-10-26 18:03:00 1696256 ----a-w- c:\windows\system32\gameux.dll2010-10-13 04:15:58 168960 ----a-w- c:\program files\windows media player\wmplayer.exe2010-10-13 04:15:57 8147456 ----a-w- c:\windows\system32\wmploc.DLL2010-10-13 04:15:12 125952 ----a-w- c:\windows\system32\srvsvc.dll2010-10-13 04:15:10 17920 ----a-w- c:\windows\system32\netevent.dll2010-10-13 04:14:41 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe2010-10-13 04:14:41 1316864 ----a-w- c:\windows\system32\ole32.dll2010-10-13 04:14:36 157184 ----a-w- c:\windows\system32\t2embed.dll2010-10-13 04:14:14 954752 ----a-w- c:\windows\system32\mfc40.dll2010-10-13 04:14:14 954288 ----a-w- c:\windows\system32\mfc40u.dll2010-10-13 04:14:06 231424 ----a-w- c:\windows\system32\msshsq.dll2010-10-13 04:14:02 867328 ----a-w- c:\windows\system32\wmpmde.dll2010-10-13 04:13:57 531968 ----a-w- c:\windows\system32\comctl32.dll2010-09-15 06:18:28 502272 ----a-w- c:\windows\system32\usp10.dll2010-09-15 06:18:27 128000 ----a-w- c:\windows\system32\spoolsv.exe2010-09-15 06:18:25 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL2010-08-11 18:27:44 81920 ----a-w- c:\windows\system32\iccvid.dll2010-08-11 18:27:37 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll2010-08-11 18:27:35 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe2010-08-11 18:27:27 36864 ----a-w- c:\windows\system32\rtutils.dll2010-08-03 20:08:03 -------- d-----w- c:\program files\Driver-Soft2010-07-13 12:52:01 -------- d-----w- C:\temp2010-07-13 12:51:56 86016 ----a-w- c:\windows\unvise32qt.exe2010-07-13 12:51:54 90112 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll2010-07-13 12:51:54 90112 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll2010-07-13 12:51:54 90112 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll2010-07-13 12:51:54 90112 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll2010-07-13 12:51:54 90112 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll2010-07-13 12:51:46 -------- d-----w- c:\windows\system32\QuickTime2010-07-13 12:51:05 -------- d-----w- c:\windows\system32\BWKDLogs2010-07-13 12:49:59 -------- d-----w- c:\program files\Kodak2010-07-13 12:49:59 -------- d-----w- c:\program files\common files\MSSoap2010-07-13 12:48:44 -------- d-----w- c:\programdata\Kodak2010-06-25 08:34:09 -------- d-----w- c:\program files\ComcastAccess2010-06-25 08:32:50 -------- d-----w- c:\users\esther\appdata\roaming\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.12010-06-25 08:23:14 -------- d-----w- c:\programdata\com.comcast.access2010-06-25 08:23:13 -------- d-----w- c:\users\esther\appdata\local\ComcastAccess2010-06-23 07:00:22 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll2010-06-23 07:00:21 49472 ----a-w- c:\windows\system32\netfxperf.dll2010-06-23 07:00:21 297808 ----a-w- c:\windows\system32\mscoree.dll2010-06-23 07:00:21 295264 ----a-w- c:\windows\system32\PresentationHost.exe2010-06-23 07:00:20 1130824 ----a-w- c:\windows\system32\dfshim.dll2010-06-18 08:02:09 -------- d-----w- c:\program files\support.com2010-06-18 08:02:08 -------- d-----w- c:\users\esther\appdata\local\SupportSoft2010-06-18 08:02:02 -------- d-----w- c:\program files\common files\SupportSoft2010-06-10 17:26:57 67072 ----a-w- c:\windows\system32\asycfilt.dll2010-06-01 22:19:02 -------- d-----w- c:\program files\Microsoft2010-06-01 22:18:51 -------- d-----w- c:\program files\MSN Toolbar2010-06-01 22:16:33 411368 ----a-w- c:\windows\system32\deployJava1.dll2010-05-25 13:00:46 652296 ----a-w- c:\programdata\microsoft\ehome\packages\sportstemplate\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll2010-05-25 13:00:22 416128 ----a-w- c:\programdata\microsoft\ehome\packages\nettv\browse\NetTVResources.dll2010-05-18 16:23:28 -------- d-----w- c:\users\esther\appdata\local\OLYMPUS2010-05-18 16:22:27 -------- d-----w- c:\program files\OLYMPUS2010-05-18 16:21:19 -------- d-----w- c:\program files\MSXML 4.02010-05-12 07:15:56 1616384 ----a-w- c:\program files\windows mail\msoe.dll2010-05-08 06:23:15 32768 ----a-w- c:\windows\system32\f3PSSavr.scr2010-05-08 06:23:14 -------- d-----w- c:\program files\MyWebSearch2010-05-08 06:22:50 -------- d-----w- c:\program files\FunWebProducts2010-05-05 12:32:52 -------- d-----w- c:\program files\Yahoo!2010-04-14 08:37:47 62464 ----a-w- c:\windows\system32\l3codeca.acm2010-04-14 08:37:47 220672 ----a-w- c:\windows\system32\l3codecp.acm2010-04-14 08:36:42 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys2010-04-14 08:36:42 200704 ----a-w- c:\windows\system32\iphlpsvc.dll2010-04-14 08:36:26 98304 ----a-w- c:\windows\system32\cabview.dll2010-04-06 20:23:46 -------- d-----w- c:\programdata\Trymedia2010-04-06 20:23:30 -------- d-----w- c:\program files\Supple -- Episode 12010-03-18 17:16:28 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll2010-03-10 08:01:00 24064 ----a-w- c:\windows\system32\nshhttp.dll2010-03-10 08:00:46 411648 ----a-w- c:\windows\system32\drivers\http.sys2010-03-10 08:00:45 30720 ----a-w- c:\windows\system32\httpapi.dll2010-02-27 11:50:12 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe2010-02-27 11:50:12 471552 ----a-w- c:\windows\system32\secproc_isv.dll2010-02-27 11:50:12 471552 ----a-w- c:\windows\system32\secproc.dll2010-02-27 11:50:11 518144 ----a-w- c:\windows\system32\RMActivate.exe2010-02-27 11:50:11 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe2010-02-27 11:50:11 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe2010-02-27 11:50:11 332288 ----a-w- c:\windows\system32\msdrm.dll2010-02-27 11:50:11 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll2010-02-27 11:50:11 152064 ----a-w- c:\windows\system32\secproc_ssp.dll2010-02-18 22:51:23 499712 ----a-w- c:\windows\system32\kerberos.dll2010-02-09 21:43:50 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys2010-02-09 21:43:41 50176 ----a-w- c:\windows\system32\iyuv_32.dll2010-02-09 21:43:41 31744 ----a-w- c:\windows\system32\msvidc32.dll2010-02-09 21:43:41 22528 ----a-w- c:\windows\system32\msyuv.dll2010-02-09 21:43:41 13312 ----a-w- c:\windows\system32\msrle32.dll2010-02-09 21:43:41 12288 ----a-w- c:\windows\system32\tsbyuv.dll2010-02-09 21:43:40 91136 ----a-w- c:\windows\system32\avifil32.dll2010-02-09 21:43:40 82944 ----a-w- c:\windows\system32\mciavi32.dll2010-02-09 21:43:40 123904 ----a-w- c:\windows\system32\msvfw32.dll2010-01-28 18:04:58 -------- d-----w- c:\programdata\McAfee Security Scan2010-01-28 18:04:50 -------- d-----w- c:\program files\McAfee Security Scan2010-01-28 18:04:43 -------- d-----w- c:\users\esther\appdata\local\Adobe2010-01-02 21:05:37 -------- d-----w- c:\windows\system32\N360_BACKUP2010-01-01 15:16:08 -------- d-----w- c:\users\esther\appdata\local\Symantec2009-12-21 11:21:56 -------- d-----w- c:\program files\Windows Portable Devices2009-12-21 11:06:08 92672 ----a-w- c:\windows\system32\UIAnimation.dll2009-12-21 11:06:06 3023360 ----a-w- c:\windows\system32\UIRibbon.dll2009-12-21 11:06:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll2009-12-21 11:05:26 369664 ----a-w- c:\windows\system32\WMPhoto.dll2009-12-21 11:05:23 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll2009-12-21 11:05:23 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll2009-12-21 11:05:23 252928 ----a-w- c:\windows\system32\dxdiag.exe2009-12-21 11:05:23 195584 ----a-w- c:\windows\system32\dxdiagn.dll2009-12-21 11:05:23 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll2009-12-21 11:05:22 519680 ----a-w- c:\windows\system32\d3d11.dll2009-12-18 20:42:00 -------- d-----w- c:\windows\system32\vi-VN2009-12-18 20:42:00 -------- d-----w- c:\windows\system32\eu-ES2009-12-18 20:42:00 -------- d-----w- c:\windows\system32\ca-ES2009-12-15 14:37:52 -------- d-----w- c:\windows\system32\EventProviders2009-12-14 01:11:06 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll2009-12-14 01:11:04 3408896 ----a-w- c:\windows\system32\SLsvc.exe2009-12-14 01:11:04 1081344 ----a-w- c:\windows\system32\SLCExt.dll2009-12-14 01:11:02 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe2009-12-14 01:11:02 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll2009-12-14 01:11:01 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll2009-12-14 01:11:00 1480704 ----a-w- c:\windows\system32\mssrch.dll2009-12-14 01:09:59 83456 ----a-w- c:\windows\system32\wlgpclnt.dll2009-12-10 11:05:47 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin2009-12-09 12:31:59 243712 ----a-w- c:\windows\system32\rastls.dll2009-12-07 11:13:13 -------- d-----w- C:\PerfLogs2009-12-04 02:26:37 265720 ----a-w- c:\program files\internet explorer\msdbg2.dll2009-12-04 02:26:34 355832 ----a-w- c:\program files\internet explorer\pdm.dll2009-12-02 14:36:06 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\default\MpEngine.dll2009-12-02 14:34:59 90680 ----a-w- c:\program files\windows defender\MpOAV.dll2009-12-02 14:33:59 5261312 ----a-w- c:\program files\common files\microsoft shared\ink\mshwita.dll2009-12-02 14:32:59 8704 ----a-w- c:\windows\system32\msidle.dll2009-12-02 14:31:51 35328 ----a-w- c:\windows\system32\mspatcha.dll2009-12-02 14:31:51 305152 ----a-w- c:\windows\system32\msdelta.dll2009-12-02 14:31:51 258560 ----a-w- c:\windows\system32\dpx.dll2009-12-02 11:11:21 -------- d-----w- c:\programdata\Symantec2009-12-01 22:25:59 -------- d-----w- c:\programdata\Norton2009-12-01 22:21:54 -------- d-----w- c:\programdata\NortonInstaller2009-11-28 16:56:21 61440 ----a-w- c:\windows\system32\winipsec.dll2009-11-28 16:56:21 272896 ----a-w- c:\windows\system32\polstore.dll2009-11-28 16:51:24 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE2009-11-28 16:51:24 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE2009-11-28 16:51:24 27136 ----a-w- c:\windows\system32\NETSTAT.EXE2009-11-28 16:51:24 19968 ----a-w- c:\windows\system32\ARP.EXE2009-11-28 16:51:24 17920 ----a-w- c:\windows\system32\ROUTE.EXE2009-11-28 16:51:24 11264 ----a-w- c:\windows\system32\MRINFO.EXE2009-11-28 16:51:24 105984 ----a-w- c:\windows\system32\netiohlp.dll2009-11-28 16:51:24 10240 ----a-w- c:\windows\system32\finger.exe2009-11-28 16:47:45 68096 ----a-w- c:\windows\system32\wlanhlp.dll2009-11-28 16:47:45 65024 ----a-w- c:\windows\system32\wlanapi.dll2009-11-28 16:47:45 127488 ----a-w- c:\windows\system32\L2SecHC.dll2009-11-28 16:47:44 513536 ----a-w- c:\windows\system32\wlansvc.dll2009-11-28 16:47:44 302592 ----a-w- c:\windows\system32\wlansec.dll2009-11-28 16:47:44 293376 ----a-w- c:\windows\system32\wlanmsm.dll2009-11-28 16:47:42 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs2009-11-28 16:46:30 2048 ----a-w- c:\windows\system32\msxml6r.dll2009-11-28 16:46:30 2048 ----a-w- c:\windows\system32\msxml3r.dll2009-11-28 16:45:20 23552 ----a-w- c:\windows\system32\lpk.dll2009-11-28 16:45:20 10240 ----a-w- c:\windows\system32\dciman32.dll2009-11-28 16:44:12 218624 ----a-w- c:\windows\system32\msv1_0.dll2009-11-28 16:44:12 175104 ----a-w- c:\windows\system32\wdigest.dll2009-11-28 16:42:04 53248 ----a-w- c:\windows\system32\rrinstaller.exe2009-11-28 16:42:04 24576 ----a-w- c:\windows\system32\mfpmp.exe2009-11-28 16:42:04 2048 ----a-w- c:\windows\system32\mferror.dll2009-11-28 16:33:56 71680 ----a-w- c:\windows\system32\atl.dll2009-11-28 16:25:46 160256 ----a-w- c:\windows\system32\wkssvc.dll2009-11-28 16:24:49 53248 ----a-w- c:\windows\system32\tsgqec.dll2009-11-28 16:24:49 136192 ----a-w- c:\windows\system32\aaclient.dll2009-11-28 16:21:16 714240 ----a-w- c:\windows\system32\timedate.cpl2009-11-28 16:12:18 65024 ----a-w- c:\windows\system32\avicap32.dll2009-11-28 16:02:35 6656 ----a-w- c:\windows\system32\kbd106n.dll2009-11-28 15:53:41 37888 ----a-w- c:\windows\system32\printcom.dll2009-11-28 15:52:20 14848 ----a-w- c:\windows\system32\wshrm.dll2009-11-28 15:51:31 43520 ----a-w- c:\windows\system32\msdxm.tlb2009-11-28 15:51:31 313344 ----a-w- c:\windows\system32\wmpdxm.dll2009-11-28 15:51:31 18432 ----a-w- c:\windows\system32\amcompat.tlb2009-11-28 15:08:23 84480 ----a-w- c:\windows\system32\INETRES.dll2009-11-28 15:08:01 60928 ----a-w- c:\windows\system32\msasn1.dll2009-11-28 15:06:33 784896 ----a-w- c:\windows\system32\rpcrt4.dll2009-11-28 15:05:29 355328 ----a-w- c:\windows\system32\WSDApi.dll2009-11-28 15:04:07 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL2009-11-28 15:02:55 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe2009-11-28 15:02:54 310784 ----a-w- c:\windows\system32\unregmp2.exe2009-11-28 15:02:48 7680 ----a-w- c:\windows\system32\spwmp.dll2009-11-28 15:02:48 4096 ----a-w- c:\windows\system32\dxmasf.dll2009-11-28 15:02:48 107520 ----a-w- c:\program files\windows media player\wmpshare.exe2009-11-28 15:02:47 4096 ----a-w- c:\windows\system32\msdxm.ocx2009-11-28 15:02:47 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe2009-11-28 14:13:57 -------- d-----w- c:\users\esther\appdata\local\Google2009-11-28 14:12:56 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll2009-11-28 14:12:44 238872 ------w- c:\windows\system32\MpSigStub.exe2009-11-27 21:21:54 -------- d-----w- c:\windows\system32\Lang2009-11-27 21:13:58 -------- d-----w- c:\windows\system32\RTCOM2009-11-27 21:10:31 -------- d-----w- c:\programdata\Citrix2009-11-27 21:10:03 -------- d-----w- c:\program files\Citrix2009-11-27 21:09:40 -------- d-----w- c:\users\esther\appdata\local\Citrix2009-11-27 21:09:39 61224 ----a-w- c:\users\esther\GoToAssistDownloadHelper.exe2009-11-27 21:08:58 -------- d-----w- c:\users\esther\appdata\local\Deployment2009-11-27 21:08:58 -------- d-----w- c:\users\esther\appdata\local\Apps2009-11-27 21:08:29 400152 ----a-w- c:\windows\system32\igxpun.exe2009-11-27 21:08:29 -------- d-----w- c:\windows\system32\x642009-11-27 21:08:28 319456 ----a-w- c:\windows\system32\difxapi.dll2009-11-27 20:59:15 39288 ----a-w- c:\windows\system32\NicInE6.dll2009-11-27 20:59:15 28536 ----a-w- c:\windows\system32\NicCo6.dll2009-11-27 20:59:15 228224 ----a-w- c:\windows\system32\drivers\e1e6032.sys2009-11-27 20:59:15 179048 ----a-w- c:\windows\system32\e1000msg.dll2009-11-27 20:59:15 154496 ----a-w- c:\windows\system32\Prounstl.exe2009-11-27 20:55:07 -------- d-----w- c:\windows\system32\vmm322009-11-27 20:55:07 -------- d-----w- c:\program files\Dell2009-11-27 20:54:36 -------- d-sh--w- c:\windows\Installer2009-11-27 17:44:29 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL2009-11-27 17:36:26 -------- d-----w- c:\windows\Panther2009-11-27 17:35:41 -------- d-----w- c:\windows\system32\OEM2009-11-27 17:19:13 -------- d-----w- C:\Windows.old2009-08-18 15:34:24 602528 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDRES.DLL2009-08-18 15:32:12 403840 ----a-w- c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll2009-08-18 15:30:38 97176 ----a-w- c:\program files\common files\microsoft shared\windows live\LogicalDevice.dll2009-08-18 15:30:38 807832 ----a-w- c:\program files\common files\microsoft shared\windows live\msidcrl40.dll2009-08-18 15:30:38 564632 ----a-w- c:\programdata\microsoft\identitycrl\production\wlidui.dll2009-08-18 15:30:38 233352 ----a-w- c:\program files\common files\microsoft shared\windows live\HWDeviceLogin.dll2009-08-18 15:29:22 344448 ----a-w- c:\program files\common files\microsoft shared\windows live\SIGNINOPTIONS.EXE2009-08-18 15:29:22 183152 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDSVCM.EXE2009-08-18 15:29:22 1529728 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE2009-08-18 15:24:10 18328 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll2009-08-18 15:24:10 134144 ----a-w- c:\program files\common files\microsoft shared\windows live\SQMAPI.DLL2009-07-21 04:05:40 1348432 ----a-w- c:\windows\system32\msxml4.dll2009-04-23 15:19:52 256768 ----a-w- c:\windows\system32\unicows.dll2008-03-25 21:21:46 -------- d-----w- C:\Intel2008-03-20 02:36:52 -------- d-----w- C:\doctemp2008-03-20 02:34:49 -------- d-----w- C:\Drivers2008-03-20 02:34:49 -------- d-----w- C:\DELL2008-02-12 03:55:18 147456 ----a-w- c:\windows\system32\igfxCoIn_v1437.dll2008-02-12 03:34:48 29932 ----a-w- c:\windows\system32\igmedcompkrn.bin2008-02-12 03:34:48 2215364 ----a-w- c:\windows\system32\igklg400.bin2008-02-12 03:34:48 1971732 ----a-w- c:\windows\system32\igklg450.bin2007-04-19 19:15:58 172032 ----a-w- c:\windows\system32\Ncs2Setp.dll2007-04-18 00:44:32 564112 ----a-w- c:\windows\system32\ncs2dmix.dll2007-04-18 00:44:18 449416 ----a-w- c:\windows\system32\accesor.dll2007-04-13 22:17:52 1043304 ----a-w- c:\windows\system32\ncscolib.dll2007-04-12 01:00:46 99728 ----a-w- c:\windows\system32\drivers\iANSW60.sys2007-03-28 00:38:52 146288 ----a-w- c:\windows\system32\ncs2instutility.dll2007-03-14 17:47:20 228200 ----a-w- c:\windows\system32\PRONtObj.dll2007-03-10 01:04:42 31072 ----a-w- c:\windows\system32\drivers\iqvw32.sys2007-02-21 19:49:52 -------- d-----w- c:\windows\Users2007-01-06 17:43:53 -------- d-----w- c:\program files\Microsoft Security Client2007-01-06 17:40:52 -------- d-----w- C:\cd58917cc79bda3113aaa00c1aea2007-01-06 17:31:35 -------- d-----w- c:\program files\CCleaner.==================== Find3M ====================.2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe2013-04-04 21:57:45 420864 ----a-w- c:\windows\system32\vbscript.dll2012-07-26 03:26:03 2560 ----a-w- c:\windows\system32\drivers\en-us\wdf01000.sys.mui2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll2009-12-07 06:39:30 101888 ----a-w- c:\windows\system32\ifxcardm.dll2009-12-07 06:39:29 82432 ----a-w- c:\windows\system32\axaltocm.dll2009-11-28 15:09:57 2560 ----a-w- c:\windows\apppatch\AcRes.dll2009-11-27 21:12:29 319456 ----a-w- c:\windows\DIFxAPI.dll2009-11-27 21:12:07 315392 ----a-w- c:\windows\HideWin.exe2009-11-03 21:46:54 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui2009-10-09 21:56:27 41472 ----a-w- c:\windows\system32\pwrshplugin.dll2009-10-09 21:56:18 1181696 ----a-w- c:\windows\system32\WsmSvc.dll2009-10-09 21:56:17 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll2009-10-09 21:56:04 241152 ----a-w- c:\windows\system32\winrscmd.dll2009-10-09 21:56:03 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe2009-10-09 21:56:01 145408 ----a-w- c:\windows\system32\WsmAuto.dll2009-10-09 21:55:59 79872 ----a-w- c:\windows\system32\wecutil.exe2009-10-09 21:55:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll2009-10-09 21:55:53 54272 ----a-w- c:\windows\system32\WsmRes.dll2009-10-09 21:55:52 146944 ----a-w- c:\windows\system32\wecsvc.dll2009-10-09 21:55:50 81408 ----a-w- c:\windows\system32\wevtfwd.dll2009-10-09 21:55:50 56320 ----a-w- c:\windows\system32\wecapi.dll2009-10-08 23:12:09 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui2009-10-01 01:08:10 3072 ----a-w- c:\windows\system32\drivers\umdf\en-us\wpdmtpdr.dll.mui2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll2009-08-01 06:27:37 201184 ----a-w- c:\windows\system32\winrm.vbs2009-04-11 06:33:19 986600 ----a-w- c:\windows\system32\winload.exe2009-04-11 06:33:19 926184 ----a-w- c:\windows\system32\winresume.exe2009-04-11 06:33:03 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys2009-04-11 06:33:02 614376 ----a-w- c:\windows\system32\ci.dll2009-04-11 06:28:28 56320 ----a-w- c:\windows\system32\xmlfilter.dll2009-04-11 06:27:59 627200 ----a-w- c:\windows\system32\sethc.exe2009-04-11 06:24:00 4096 ----a-w- c:\windows\system32\drivers\en-us\hdaudbus.sys.mui2009-04-11 06:23:02 89088 ----a-w- c:\windows\system32\pintlgnt.ime2009-04-11 06:23:02 125952 ----a-w- c:\windows\system32\tintlgnt.ime2009-04-11 06:23:02 124928 ----a-w- c:\windows\system32\quick.ime2009-04-11 06:23:02 124928 ----a-w- c:\windows\system32\qintlgnt.ime2009-04-11 06:23:02 124928 ----a-w- c:\windows\system32\phon.ime2009-04-11 06:22:59 413696 ----a-w- c:\windows\system32\imkr80.ime2009-04-11 06:22:57 883712 ----a-w- c:\windows\system32\IMJP10.IME2009-04-11 06:22:57 124928 ----a-w- c:\windows\system32\cintlgnt.ime2009-04-11 06:22:53 124928 ----a-w- c:\windows\system32\chajei.ime2009-04-11 06:22:48 8192 ----a-w- c:\windows\system32\drivers\en-us\bthport.sys.mui2009-04-11 06:22:22 7168 ----a-w- c:\windows\system32\f3ahvoas.dll2009-04-11 05:42:55 93696 ----a-w- c:\windows\system32\drivers\bridge.sys2009-04-11 04:46:40 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys2009-04-11 04:46:32 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys2009-04-11 04:46:30 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys2009-04-11 04:46:07 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys2009-04-11 04:45:56 72192 ----a-w- c:\windows\system32\drivers\tdx.sys2009-04-11 04:45:51 72192 ----a-w- c:\windows\system32\drivers\pacer.sys2009-04-11 04:45:37 185856 ----a-w- c:\windows\system32\drivers\netbt.sys2009-04-11 04:45:24 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys2009-04-11 04:45:22 66560 ----a-w- c:\windows\system32\drivers\smb.sys2009-04-11 04:43:28 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys2009-04-11 04:43:16 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys2009-04-11 04:42:57 226304 ----a-w- c:\windows\system32\drivers\usbport.sys2009-04-11 04:42:56 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys2009-04-11 04:42:56 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys2009-04-11 04:42:52 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys2009-04-11 04:42:50 167936 ----a-w- c:\windows\system32\drivers\portcls.sys2009-04-11 04:42:48 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys2009-04-11 04:42:48 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys2009-04-11 04:42:47 52992 ----a-w- c:\windows\system32\drivers\stream.sys2009-04-11 04:42:42 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys2009-04-11 04:39:57 16384 ----a-w- c:\windows\system32\iscsilog.dll2009-04-11 04:39:17 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys2009-04-11 04:39:11 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys2009-04-11 04:38:49 149504 ----a-w- c:\windows\system32\drivers\ks.sys2009-04-11 04:38:40 17408 ----a-w- c:\windows\system32\drivers\kbdhid.sys2009-04-11 04:27:17 2560 ----a-w- c:\windows\system32\msimsg.dll2009-04-11 04:23:23 76288 ----a-w- c:\windows\system32\drivers\dxg.sys2009-04-11 04:22:46 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys.============= FINISH: 12:49:59.63 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3Install Date: 11/27/2009 12:46:33 PMSystem Uptime: 1/6/2007 12:24:59 PM (0 hours ago).Motherboard: Dell Inc. | | 0RY007Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2200/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 288 GiB total, 194.859 GiB free.D: is FIXED (NTFS) - 10 GiB total, 3.884 GiB free..==== Disabled Device Manager Items =============.Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}Description: CD-ROM DriveDevice ID: IDE\CDROMHL-DT-ST_DVD+-RW_GSA-H73N_______________B103____\5&384A886&0&1.0.0Manufacturer: (Standard CD-ROM drives)Name: HL-DT-ST DVD+-RW GSA-H73N ATA DevicePNP Device ID: IDE\CDROMHL-DT-ST_DVD+-RW_GSA-H73N_______________B103____\5&384A886&0&1.0.0Service: cdrom.==== System Restore Points ===================..==== Installed Programs ======================.Acrobat.comAdobe AIRAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.7)AVG 2012Bing BarBing Rewards Client InstallerCCleanerComcast AccessComcast High-Speed Internet Install WizardCouponXplorer ToolbarDell Resource CDGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperGoToAssist 8.0.0.514Hardware HelperHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Intel® Graphics Media Accelerator DriverIntel® PRO Network Connections 12.1.11.0Java Auto UpdaterJava 6 Update 20McAfee Security Scan PlusMicrosoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft UI EngineMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Move Media PlayerMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKMy Web SearchMyPC Backup OLYMPUS Master 2PCHealthBoost 2.3.0Produtools Manuals 2.1 B2 ToolbarQuickTimeRadioPIRealNetworks - Microsoft Visual C++ 2008 RuntimeRealPlayerRealtek High Definition Audio DriverRealUpgrade 1.1Rhapsody MP3 Download ManagerSearch Protect by conduitSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Supple -- Episode 1 (remove only)TelevisionFanatic ToolbarUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Windows Live ID Sign-in AssistantYahoo! Toolbar.==== End Of File ===========================
- June 23, 2013
- 7 replies
Browser redirect to search.conduit.com

arnolfini replied to arnolfini's topic in Resolved Malware Removal Logs

Everything seems to be running well again. Thanks for all your help and for re-opening the topic.
- May 6, 2013
- 41 replies
Browser redirect to search.conduit.com

arnolfini replied to arnolfini's topic in Resolved Malware Removal Logs

No threats were found on Eset.
- May 6, 2013
- 41 replies
Browser redirect to search.conduit.com

arnolfini replied to arnolfini's topic in Resolved Malware Removal Logs

Gringo, adobe reader xi is unavailable for Vista. I updated to the latest version of X. Here are the logs: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.05.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 eva :: EVA-PC [administrator] Protection: Disabled 5/5/2013 9:24:22 PM mbam-log-2013-05-05 (21-24-22).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 201143 Time elapsed: 7 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:29:15 PM, on 5/5/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16476) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\system32\MsiExec.exe C:\Users\eva\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - c:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: QBCFMonitorService - Intuit - c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- End of file - 5432 bytes
- May 6, 2013
- 41 replies
Browser redirect to search.conduit.com

arnolfini replied to arnolfini's topic in Resolved Malware Removal Logs

Okay Gringo, I'm back up and running. There is an issue with these Toshiba laptops where the video processor becomes unsoldered from the main board. After a "rebake" the chip is now secured to the board once again and I have video. Thanks for staying with me on this. Here is the log: ComboFix 13-05-04.01 - eva 05/05/2013 15:17:52.5.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.893.334 [GMT -4:00] Running from: c:\users\eva\Downloads\ComboFix.exe Command switches used :: c:\users\eva\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-04-05 to 2013-05-05 ))))))))))))))))))))))))))))))) . . 2013-05-05 19:27 . 2013-05-05 19:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-05 00:48 . 2013-04-10 00:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CAD1EEC6-ACCB-4C8B-83F6-90E1C17E154F}\mpengine.dll 2013-05-01 22:39 . 2013-05-01 22:39 -------- d-----w- c:\windows\en 2013-05-01 22:37 . 2013-05-01 22:37 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2013-05-01 22:34 . 2013-05-01 22:39 -------- d-----w- c:\program files\Windows Live 2013-05-01 22:33 . 2009-09-04 21:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2013-05-01 22:33 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2013-05-01 22:33 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2013-05-01 22:33 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2013-05-01 21:38 . 2013-05-02 01:34 -------- d-----w- c:\users\eva 2013-05-01 07:00 . 2013-05-01 07:00 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2013-05-01 02:36 . 2013-04-10 00:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-05-01 02:22 . 2013-05-01 02:22 -------- d-----w- c:\program files\Common Files\Windows Live 2013-05-01 02:21 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll 2013-04-30 16:40 . 2013-04-30 16:40 -------- d-----w- c:\program files\Jewel Quest - The Sleepless Star 2013-04-30 16:39 . 2013-04-30 16:39 -------- d-----w- c:\windows\system32\3045 2013-04-30 16:33 . 2013-05-01 07:30 -------- d-----w- c:\program files\Microsoft Silverlight 2013-04-30 15:58 . 2013-04-30 15:58 -------- d-----w- c:\program files\TurboTax 2013-04-30 15:53 . 2008-01-30 20:36 90112 ----a-w- c:\windows\unvise32.exe 2013-04-30 15:53 . 2013-04-30 15:53 -------- d-----w- c:\program files\Quicken WillMaker Plus 2009 2013-04-30 15:37 . 2009-02-27 07:42 31640 ----a-w- c:\windows\system32\msonpmon.dll 2013-04-30 15:37 . 2006-10-26 23:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2013-04-30 15:34 . 2013-05-01 07:07 -------- d-----w- c:\program files\Microsoft Works 2013-04-30 15:33 . 2013-04-30 15:33 -------- d-----w- c:\windows\PCHEALTH 2013-04-30 15:31 . 2013-04-30 15:31 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2013-04-30 15:29 . 2013-05-01 12:30 -------- d-----w- c:\programdata\Microsoft Help 2013-04-30 15:27 . 2013-04-30 15:27 -------- d-----r- C:\MSOCache 2013-04-30 15:22 . 2013-04-30 15:22 -------- d-----w- c:\programdata\PopCap Games 2013-04-30 15:21 . 2013-04-30 17:13 -------- d-----w- c:\program files\Zuma Deluxe 2013-04-30 15:14 . 2013-04-30 15:14 -------- d-----w- c:\program files\Jewel Quest II 2013-04-30 15:04 . 2009-06-22 13:14 4194304 ----a-w- c:\windows\system32\cdintf400.dll 2013-04-30 14:59 . 2013-04-30 14:59 -------- d-----w- c:\programdata\Nuance 2013-04-30 14:59 . 2013-04-30 16:15 -------- d-----w- c:\programdata\Intuit 2013-04-30 14:59 . 2013-04-30 15:59 -------- d-----w- c:\program files\Common Files\Intuit 2013-04-30 14:59 . 2013-04-30 14:59 -------- d-----w- c:\program files\Intuit 2013-04-30 14:58 . 2013-04-30 14:58 -------- d-----w- c:\programdata\SQL Anywhere 11 2013-04-30 14:58 . 2013-04-30 14:58 -------- d-----w- c:\programdata\COMMON FILES 2013-04-30 14:57 . 2013-04-30 14:57 -------- d-----w- c:\windows\system32\Macromed 2013-04-30 14:57 . 2013-04-30 14:57 -------- d-----w- c:\program files\MSXML 4.0 2013-04-30 14:36 . 2013-04-30 14:36 -------- d-----w- c:\windows\Intuit 2013-04-30 14:27 . 2013-04-30 14:27 -------- d-----w- c:\program files\Atari 2013-04-30 14:20 . 2013-04-30 14:20 -------- d-----w- c:\programdata\ZoomBrowser 2013-04-30 14:20 . 2013-04-30 14:21 -------- d-----w- c:\program files\Canon 2013-04-30 14:19 . 2013-04-30 14:19 -------- d-----w- c:\program files\Common Files\Canon 2013-04-30 14:12 . 2013-04-30 14:12 -------- d-----w- c:\programdata\VS Revo Group 2013-04-29 03:12 . 2013-04-29 03:13 -------- d-----w- c:\program files\Common Files\Adobe 2013-04-29 00:33 . 2013-04-29 13:52 -------- d-----w- C:\Windows.old 2013-04-28 17:34 . 2013-04-28 17:34 -------- d-----w- C:\VirtualStore 2013-04-27 04:34 . 2013-04-27 04:34 -------- d-----w- C:\components 2013-04-27 01:58 . 2013-04-11 14:22 770384 ----a-w- c:\windows\system32\msvcr100.dll 2013-04-27 01:58 . 2013-04-11 14:22 421200 ----a-w- c:\windows\system32\msvcp100.dll 2013-04-27 00:35 . 2006-03-23 01:44 9728 ----a-w- c:\windows\system32\TCMSVR.dll 2013-04-27 00:35 . 2004-03-09 04:00 152848 ----a-w- c:\windows\system32\Comdlg32.ocx 2013-04-27 00:35 . 2013-04-27 00:35 -------- d-----w- c:\program files\TOSHIBA 2013-04-27 00:35 . 2006-11-20 02:11 7168 ----a-w- c:\windows\system32\drivers\FwLnk.sys 2013-04-27 00:31 . 2013-04-27 00:31 -------- d-----w- c:\program files\Common Files\InstallShield 2013-04-27 00:14 . 2013-04-27 00:14 706640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8CBC70F-E53F-4408-9318-E9D2C2874778}\gapaengine.dll 2013-04-27 00:13 . 2013-04-27 03:20 -------- d-----w- c:\windows\Panther 2013-04-27 00:13 . 2013-05-01 11:26 -------- d-----w- C:\Boot 2013-04-27 00:04 . 2013-04-27 00:05 -------- d-----w- c:\program files\Microsoft Security Client 2013-04-27 00:04 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2013-04-26 23:59 . 2013-04-26 23:59 -------- d-----w- c:\program files\Mozilla Maintenance Service 2013-04-26 23:55 . 2013-04-26 23:55 -------- d-----w- c:\programdata\Malwarebytes 2013-04-26 23:55 . 2013-04-26 23:55 -------- d-----w- c:\program files\CCleaner 2013-04-26 23:54 . 2013-04-29 02:59 -------- d-----w- c:\windows\Debug 2013-04-26 23:41 . 2013-04-26 23:41 -------- d-----w- c:\program files\Synaptics 2013-04-26 22:54 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2013-04-26 22:54 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-04-26 22:54 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2013-04-26 22:54 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2013-04-26 22:54 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll 2013-04-26 22:54 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll 2013-04-26 22:40 . 2013-04-30 15:33 -------- d-----w- c:\program files\Microsoft.NET 2013-04-26 22:32 . 2013-04-26 22:32 0 ----a-w- c:\windows\ativpsrm.bin 2013-04-26 22:30 . 2013-04-26 22:30 -------- d-----w- c:\program files\Windows Portable Devices 2013-04-26 22:08 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2013-04-26 22:08 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2013-04-26 22:08 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2013-04-26 22:07 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2013-04-26 22:07 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2013-04-26 22:07 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2013-04-26 22:07 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2013-04-26 22:07 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2013-04-26 22:07 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2013-04-26 22:07 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2013-04-26 22:07 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2013-04-26 22:07 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2013-04-26 22:07 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll 2013-04-26 22:07 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2013-04-26 22:07 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2013-04-26 22:00 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll 2013-04-26 22:00 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll 2013-04-26 22:00 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-04-26 21:47 . 2013-04-26 21:47 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2013-04-26 21:47 . 2013-04-26 21:47 252928 ----a-w- c:\windows\system32\dxdiag.exe 2013-04-26 21:47 . 2013-04-26 21:47 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2013-04-26 21:47 . 2013-04-26 21:47 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-04-26 21:47 . 2013-04-26 21:47 519680 ----a-w- c:\windows\system32\d3d11.dll 2013-04-26 21:47 . 2013-04-26 21:47 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2013-04-26 21:47 . 2013-04-26 21:47 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-04-26 21:44 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2013-04-26 21:44 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2013-04-26 21:44 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2013-04-26 21:44 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2013-04-26 21:44 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2013-04-26 21:37 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-04-26 21:37 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-04-26 21:37 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-04-26 21:37 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll 2013-04-26 21:37 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-04-26 21:37 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-04-26 21:37 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2013-04-26 21:37 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-04-26 21:37 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2013-04-26 21:37 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-04-26 21:37 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-04-26 21:33 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll 2013-04-26 21:33 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll 2013-04-26 21:33 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll 2013-04-26 21:31 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll 2013-04-26 21:31 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe 2013-04-26 21:31 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe 2013-04-26 21:31 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll 2013-04-26 21:31 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll 2013-04-26 21:31 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-05 00:24 . 2011-03-28 22:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-04-26 21:47 . 2013-04-26 21:47 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui 2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr 2013-04-10 06:58 . 2013-04-26 23:59 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-05-01 23:06 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-05-01 23:04] . 2013-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-05-01 23:04] . . ------- Supplementary Scan ------- . IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 74.5.116.246 205.244.194.36 FF - ProfilePath - c:\users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\ekn2o7n6.default\ FF - ExtSQL: 2013-04-28 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-05-05 15:27 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2013-05-05 15:29:13 ComboFix-quarantined-files.txt 2013-05-05 19:29 ComboFix2.txt 2013-05-05 03:24 ComboFix3.txt 2013-05-05 00:41 . Pre-Run: 219,226,800,128 bytes free Post-Run: 219,206,139,904 bytes free . - - End Of File - - D72A66DBE903B2FE3CA36F9D340E0DF7
- May 5, 2013
- 41 replies
Browser redirect to search.conduit.com

arnolfini replied to arnolfini's topic in Resolved Malware Removal Logs

Gringo, I can't see anything on the screen. I believe the video output has failed since connecting to external monitor doesn't reveal any results either.
- May 5, 2013
- 41 replies
Browser redirect to search.conduit.com

arnolfini replied to arnolfini's topic in Resolved Malware Removal Logs

Gringo, during the process of the last script, the computer shut down and now it doesn't boot. It just has a black screen when I turn it on.
- May 5, 2013
- 41 replies
Browser redirect to search.conduit.com

arnolfini replied to arnolfini's topic in Resolved Malware Removal Logs

Here is the combofix log. ComboFix 13-05-04.01 - eva 05/04/2013 20:31:50.3.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1917.679 [GMT -4:00] Running from: c:\users\eva\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-04-05 to 2013-05-05 ))))))))))))))))))))))))))))))) . . 2013-05-05 00:39 . 2013-05-05 00:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-05 00:28 . 2013-05-05 00:28 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABC9ED02-1495-4103-986C-4C0FED8AE6E3}\MpKsl85a67ceb.sys 2013-05-02 13:23 . 2013-04-10 00:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABC9ED02-1495-4103-986C-4C0FED8AE6E3}\mpengine.dll 2013-05-01 22:39 . 2013-05-01 22:39 -------- d-----w- c:\windows\en 2013-05-01 22:37 . 2013-05-01 22:37 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2013-05-01 22:34 . 2013-05-01 22:39 -------- d-----w- c:\program files\Windows Live 2013-05-01 22:33 . 2009-09-04 21:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2013-05-01 22:33 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2013-05-01 22:33 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2013-05-01 22:33 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2013-05-01 21:38 . 2013-05-02 01:34 -------- d-----w- c:\users\eva 2013-05-01 07:00 . 2013-05-01 07:00 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2013-05-01 02:36 . 2013-04-10 00:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-05-01 02:22 . 2013-05-01 02:22 -------- d-----w- c:\program files\Common Files\Windows Live 2013-05-01 02:21 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll 2013-04-30 16:40 . 2013-04-30 16:40 -------- d-----w- c:\program files\Jewel Quest - The Sleepless Star 2013-04-30 16:39 . 2013-04-30 16:39 -------- d-----w- c:\windows\system32\3045 2013-04-30 16:33 . 2013-05-01 07:30 -------- d-----w- c:\program files\Microsoft Silverlight 2013-04-30 15:58 . 2013-04-30 15:58 -------- d-----w- c:\program files\TurboTax 2013-04-30 15:53 . 2008-01-30 20:36 90112 ----a-w- c:\windows\unvise32.exe 2013-04-30 15:53 . 2013-04-30 15:53 -------- d-----w- c:\program files\Quicken WillMaker Plus 2009 2013-04-30 15:37 . 2009-02-27 07:42 31640 ----a-w- c:\windows\system32\msonpmon.dll 2013-04-30 15:37 . 2006-10-26 23:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2013-04-30 15:34 . 2013-05-01 07:07 -------- d-----w- c:\program files\Microsoft Works 2013-04-30 15:33 . 2013-04-30 15:33 -------- d-----w- c:\windows\PCHEALTH 2013-04-30 15:31 . 2013-04-30 15:31 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2013-04-30 15:29 . 2013-05-01 12:30 -------- d-----w- c:\programdata\Microsoft Help 2013-04-30 15:27 . 2013-04-30 15:27 -------- d-----r- C:\MSOCache 2013-04-30 15:22 . 2013-04-30 15:22 -------- d-----w- c:\programdata\PopCap Games 2013-04-30 15:21 . 2013-04-30 17:13 -------- d-----w- c:\program files\Zuma Deluxe 2013-04-30 15:14 . 2013-04-30 15:14 -------- d-----w- c:\program files\Jewel Quest II 2013-04-30 15:04 . 2009-06-22 13:14 4194304 ----a-w- c:\windows\system32\cdintf400.dll 2013-04-30 14:59 . 2013-04-30 14:59 -------- d-----w- c:\programdata\Nuance 2013-04-30 14:59 . 2013-04-30 16:15 -------- d-----w- c:\programdata\Intuit 2013-04-30 14:59 . 2013-04-30 15:59 -------- d-----w- c:\program files\Common Files\Intuit 2013-04-30 14:59 . 2013-04-30 14:59 -------- d-----w- c:\program files\Intuit 2013-04-30 14:58 . 2013-04-30 14:58 -------- d-----w- c:\programdata\SQL Anywhere 11 2013-04-30 14:58 . 2013-04-30 14:58 -------- d-----w- c:\programdata\COMMON FILES 2013-04-30 14:57 . 2013-04-30 14:57 -------- d-----w- c:\windows\system32\Macromed 2013-04-30 14:57 . 2013-04-30 14:57 -------- d-----w- c:\program files\MSXML 4.0 2013-04-30 14:36 . 2013-04-30 14:36 -------- d-----w- c:\windows\Intuit 2013-04-30 14:27 . 2013-04-30 14:27 -------- d-----w- c:\program files\Atari 2013-04-30 14:20 . 2013-04-30 14:20 -------- d-----w- c:\programdata\ZoomBrowser 2013-04-30 14:20 . 2013-04-30 14:21 -------- d-----w- c:\program files\Canon 2013-04-30 14:19 . 2013-04-30 14:19 -------- d-----w- c:\program files\Common Files\Canon 2013-04-30 14:12 . 2013-04-30 14:12 -------- d-----w- c:\programdata\VS Revo Group 2013-04-29 03:12 . 2013-04-29 03:13 -------- d-----w- c:\program files\Common Files\Adobe 2013-04-29 00:33 . 2013-04-29 13:52 -------- d-----w- C:\Windows.old 2013-04-28 17:34 . 2013-04-28 17:34 -------- d-----w- C:\VirtualStore 2013-04-27 04:34 . 2013-04-27 04:34 -------- d-----w- C:\components 2013-04-27 01:58 . 2013-04-11 14:22 770384 ----a-w- c:\windows\system32\msvcr100.dll 2013-04-27 01:58 . 2013-04-11 14:22 421200 ----a-w- c:\windows\system32\msvcp100.dll 2013-04-27 00:35 . 2006-03-23 01:44 9728 ----a-w- c:\windows\system32\TCMSVR.dll 2013-04-27 00:35 . 2004-03-09 04:00 152848 ----a-w- c:\windows\system32\Comdlg32.ocx 2013-04-27 00:35 . 2013-04-27 00:35 -------- d-----w- c:\program files\TOSHIBA 2013-04-27 00:35 . 2006-11-20 02:11 7168 ----a-w- c:\windows\system32\drivers\FwLnk.sys 2013-04-27 00:31 . 2013-04-27 00:31 -------- d-----w- c:\program files\Common Files\InstallShield 2013-04-27 00:14 . 2013-04-27 00:14 706640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8CBC70F-E53F-4408-9318-E9D2C2874778}\gapaengine.dll 2013-04-27 00:13 . 2013-04-27 03:20 -------- d-----w- c:\windows\Panther 2013-04-27 00:13 . 2013-05-01 11:26 -------- d-----w- C:\Boot 2013-04-27 00:04 . 2013-04-27 00:05 -------- d-----w- c:\program files\Microsoft Security Client 2013-04-27 00:04 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2013-04-26 23:59 . 2013-04-26 23:59 -------- d-----w- c:\program files\Mozilla Maintenance Service 2013-04-26 23:55 . 2013-04-26 23:55 -------- d-----w- c:\programdata\Malwarebytes 2013-04-26 23:55 . 2013-04-26 23:55 -------- d-----w- c:\program files\CCleaner 2013-04-26 23:54 . 2013-04-29 02:59 -------- d-----w- c:\windows\Debug 2013-04-26 23:41 . 2013-04-26 23:41 -------- d-----w- c:\program files\Synaptics 2013-04-26 22:54 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2013-04-26 22:54 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-04-26 22:54 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2013-04-26 22:54 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2013-04-26 22:54 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll 2013-04-26 22:54 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll 2013-04-26 22:40 . 2013-04-30 15:33 -------- d-----w- c:\program files\Microsoft.NET 2013-04-26 22:32 . 2013-04-26 22:32 0 ----a-w- c:\windows\ativpsrm.bin 2013-04-26 22:30 . 2013-04-26 22:30 -------- d-----w- c:\program files\Windows Portable Devices 2013-04-26 22:08 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2013-04-26 22:08 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2013-04-26 22:08 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2013-04-26 22:07 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2013-04-26 22:07 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2013-04-26 22:07 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2013-04-26 22:07 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2013-04-26 22:07 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2013-04-26 22:07 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2013-04-26 22:07 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2013-04-26 22:07 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2013-04-26 22:07 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2013-04-26 22:07 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll 2013-04-26 22:07 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2013-04-26 22:07 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2013-04-26 22:00 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll 2013-04-26 22:00 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll 2013-04-26 22:00 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-04-26 21:47 . 2013-04-26 21:47 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2013-04-26 21:47 . 2013-04-26 21:47 252928 ----a-w- c:\windows\system32\dxdiag.exe 2013-04-26 21:47 . 2013-04-26 21:47 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2013-04-26 21:47 . 2013-04-26 21:47 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-04-26 21:47 . 2013-04-26 21:47 519680 ----a-w- c:\windows\system32\d3d11.dll 2013-04-26 21:47 . 2013-04-26 21:47 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2013-04-26 21:47 . 2013-04-26 21:47 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-04-26 21:44 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2013-04-26 21:44 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2013-04-26 21:44 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2013-04-26 21:44 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2013-04-26 21:44 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2013-04-26 21:37 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-04-26 21:37 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-04-26 21:37 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-04-26 21:37 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll 2013-04-26 21:37 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-04-26 21:37 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-04-26 21:37 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2013-04-26 21:37 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-04-26 21:37 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2013-04-26 21:37 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-04-26 21:37 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-04-26 21:33 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll 2013-04-26 21:33 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll 2013-04-26 21:33 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll 2013-04-26 21:31 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll 2013-04-26 21:31 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe 2013-04-26 21:31 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe 2013-04-26 21:31 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll 2013-04-26 21:31 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-05 00:24 . 2011-03-28 22:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-04-26 21:47 . 2013-04-26 21:47 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui 2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr 2013-04-10 06:58 . 2013-04-26 23:59 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL85A67CEB . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-05-01 23:06 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-05-01 23:04] . 2013-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-05-01 23:04] . . ------- Supplementary Scan ------- . IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 74.5.116.246 205.244.194.36 FF - ProfilePath - c:\users\eva\AppData\Roaming\Mozilla\Firefox\Profiles\ekn2o7n6.default\ FF - ExtSQL: 2013-04-28 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . BHO-{4DB74D06-491C-440D-305E-012400990F3E} - (no file) SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-05-04 20:39 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2013-05-04 20:41:17 ComboFix-quarantined-files.txt 2013-05-05 00:41 . Pre-Run: 218,135,400,448 bytes free Post-Run: 218,113,921,024 bytes free . - - End Of File - - 403491330B8BF8A1F11A95689BCC86BF
- May 5, 2013
- 41 replies
Browser redirect to search.conduit.com

arnolfini replied to arnolfini's topic in Resolved Malware Removal Logs

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : eva [Admin rights] Mode : Remove -- Date : 05/01/2013 21:04:23 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST320LM001 HN-M320MBB ATA Device +++++ --- User --- [MBR] 102c632399d3e6f785deeb4d39a99bd5 [bSP] 7184a5a0bfc9ad3c7c46a3f470675c0b : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_05012013_02d2104.txt >> RKreport[1]_S_05012013_02d2026.txt ; RKreport[2]_D_05012013_02d2104.txt
- May 2, 2013
- 41 replies

Events

Profiles

Forums

Everything posted by arnolfini

Important Information