Jump to content

JoeBob

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Updated Java - directly from Oracle. I dislike the nag updater; in fact a Java spoof was one of the first MBAM quarantines. Updated Adobe Reader. Same nag issue. Drice C:/ is a solid state drive. Did not defrag.
  2. Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! GFI Software VIPRE Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Java 6 Update 31 Java version out of Date! Adobe Reader X 10.1.3 Adobe Reader out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe FireTrust MailWasher MailWasherPro.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  3. Whatever the most recent action was, I think you got it! I've been noticing ilivid pop ups present all morning, even on the sites you sent me to to download tools. But now I seem to be free of the sometimes lewd solicitations and prompts for player downloads. I'll give the thread an update this afternoon. Many thanks! MBAM: Malwarebytes Anti-Malware (PRO) 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.10.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Joe :: MAG7 [administrator] Protection: Enabled 10/10/2012 11:57:24 AM mbam-log-2012-10-10 (11-57-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 245790 Time elapsed: 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. ComboFix 12-10-10.02 - Joe 10/10/2012 11:24:18.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4879 [GMT -4:00] Running from: c:\users\Joe\Desktop\ComboFix.exe AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Setup.exe c:\users\Joe\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe c:\users\Joe\z45174Lf.exe R:\install.exe . . ((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 ))))))))))))))))))))))))))))))) . . 2012-10-09 22:25 . 2012-10-09 22:25 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes 2012-10-09 22:25 . 2012-10-09 22:25 -------- d-----w- c:\programdata\Malwarebytes 2012-10-09 22:25 . 2012-10-09 22:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-10-09 22:25 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-26 11:10 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-11 18:47 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-11 18:47 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-11 18:47 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-11 18:47 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-11 18:47 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-11 18:47 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-11 18:47 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 02:43 . 2010-10-02 14:03 25640 ----a-w- c:\windows\gdrv.sys 2012-10-09 01:35 . 2010-10-02 14:14 30528 ----a-w- c:\windows\GVTDrv64.sys 2012-10-08 18:30 . 2010-10-02 14:14 25640 ----a-w- c:\windows\etdrv.sys 2012-09-12 04:45 . 2010-10-02 13:44 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-07-18 18:15 . 2012-08-15 12:17 3148800 ----a-w- c:\windows\system32\win32k.sys 2011-01-18 08:53 . 2011-01-18 08:53 2994688 ----a-w- c:\program files (x86)\openofficeorg33.msi . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "SBAMTray"="c:\program files (x86)\GFI Software\VIPRE\SBAMTray.exe" [2012-05-02 3050848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Missing Sync for Android Sync Manager.lnk - c:\program files (x86)\MarkSpace\Missing Sync for Android\SyncMarshallerLauncher.exe [2011-4-6 15584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc] @="Service" . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-26 57976] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] R2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-05-02 3289680] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144] R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-10-08 25640] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-10-09 30528] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776] R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504] R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2012-04-14 85248] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-02 1255736] R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-22 78208] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872] S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-05-02 173920] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] . . Contents of the 'Scheduled Tasks' folder . 2012-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430556371-3959146057-3840519633-1000Core.job - c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 22:10] . 2012-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3430556371-3959146057-3840519633-1000UA.job - c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-21 22:10] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://drudgereport.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;192.168.*.* IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html Trusted Zone: google.com\b.mail Trusted Zone: google.com\mail Trusted Zone: google.com\www Trusted Zone: paypal.com\www TCP: DhcpNameServer = 192.168.0.1 DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} - hxxp://www.zenfolio.com/zf/code/upload-ie-win-x86.cab . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKCU-Run-HLBackupScheduler - c:\program files\Backup Assistant Plus\Backup Assistant Plus Service.exe Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe SafeBoot-42150152.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-SBRegRebootCleaner - c:\program files (x86)\Sunbelt Software\VIPRE\SBRC.exe AddRemove-ThumbsPlus - c:\users\Joe\AppData\Local\{B39A860D-D810-4AC5-AE96-C8A6F044859E}\ThumbsPlus8sp1setup-3535.exe AddRemove-{AD1FE8DD-0A6A-46E7-9B5F-8A70DD75CA93} - c:\users\Joe\AppData\Local\{B39A860D-D810-4AC5-AE96-C8A6F044859E}\ThumbsPlus8sp1setup-3535.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-10-10 11:27:22 ComboFix-quarantined-files.txt 2012-10-10 15:27 . Pre-Run: 167,099,609,088 bytes free Post-Run: 166,482,354,176 bytes free . - - End Of File - - 49F44405875008E9F8D6C3168609E369
  5. # AdwCleaner v2.004 - Logfile created 10/10/2012 at 11:09:28 # Updated 06/10/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Joe - MAG7 # Boot Mode : Normal # Running from : C:\Users\Joe\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\Ask ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v22.0.1229.92 File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1453 octets] - [10/10/2012 11:02:11] AdwCleaner[R2].txt - [1513 octets] - [10/10/2012 11:08:53] AdwCleaner[s1].txt - [1307 octets] - [10/10/2012 11:09:28] ########## EOF - C:\AdwCleaner[s1].txt - [1367 octets] ##########
  6. # AdwCleaner v2.004 - Logfile created 10/10/2012 at 11:02:11 # Updated 06/10/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Joe - MAG7 # Boot Mode : Normal # Running from : C:\Users\Joe\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\ProgramData\Ask ***** [Registry] ***** Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKU\S-1-5-21-3430556371-3959146057-3840519633-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v22.0.1229.92 File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1328 octets] - [10/10/2012 11:02:11] ########## EOF - C:\AdwCleaner[R1].txt - [1388 octets] ##########
  7. TFC ran fine. adwcleaner was blocked by SmartScreen Filter (ie9) Want me to try Chrome?
  8. TDSSKiller.2.8.10.0_10.10.2012_10.04.36_log.txt
  9. BTW: Did the MS FixIt. Kapersky 1 : 10:01:56.0217 4464 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 10:01:56.0545 4464 ============================================================ 10:01:56.0545 4464 Current date / time: 2012/10/10 10:01:56.0545 10:01:56.0545 4464 SystemInfo: 10:01:56.0545 4464 10:01:56.0545 4464 OS Version: 6.1.7601 ServicePack: 1.0 10:01:56.0545 4464 Product type: Workstation 10:01:56.0545 4464 ComputerName: MAG7 10:01:56.0545 4464 UserName: Joe 10:01:56.0545 4464 Windows directory: C:\Windows 10:01:56.0545 4464 System windows directory: C:\Windows 10:01:56.0545 4464 Running under WOW64 10:01:56.0545 4464 Processor architecture: Intel x64 10:01:56.0545 4464 Number of processors: 8 10:01:56.0545 4464 Page size: 0x1000 10:01:56.0545 4464 Boot type: Normal boot 10:01:56.0545 4464 ============================================================ 10:01:56.0748 4464 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:01:56.0748 4464 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1700000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B602, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:01:56.0763 4464 ============================================================ 10:01:56.0763 4464 \Device\Harddisk0\DR0: 10:01:56.0763 4464 MBR partitions: 10:01:56.0763 4464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 10:01:56.0763 4464 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1BEF1000 10:01:56.0763 4464 \Device\Harddisk1\DR1: 10:01:56.0763 4464 MBR partitions: 10:01:56.0763 4464 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E0A000 10:01:56.0763 4464 ============================================================ 10:01:56.0763 4464 C: <-> \Device\Harddisk0\DR0\Partition2 10:01:56.0779 4464 R: <-> \Device\Harddisk1\DR1\Partition1 10:01:56.0779 4464 ============================================================ 10:01:56.0779 4464 Initialize success 10:01:56.0779 4464 ============================================================ 10:02:33.0143 4672 Deinitialize success Kapersky 2 "Post Too Long Error": Trying to figure out how to attach.
  10. First Action: ListParts by Farbar Version: 02-10-2012 Ran by Joe (administrator) on 10-10-2012 at 09:57:18 Windows 7 (X64) Running From: C:\Users\Joe\Desktop Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 23% Total physical RAM: 6142.4 MB Available physical RAM: 4703.95 MB Total Pagefile: 12282.99 MB Available Pagefile: 10669.33 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (SSD-BOOT) (Fixed) (Total:223.47 GB) (Free:151.93 GB) NTFS 8 Drive r: (RAID-5) (Fixed) (Total:1863.02 GB) (Free:1076.15 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 223 GB 0 B Disk 1 Online 1863 GB 1024 KB Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 223 GB 101 MB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 System Rese NTFS Partition 100 MB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C SSD-BOOT NTFS Partition 223 GB Healthy Boot ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1863 GB 1024 KB ====================================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 R RAID-5 NTFS Partition 1863 GB Healthy ====================================================================================================== ****** End Of Log ******
  11. Profile cruising - Nice Labs! Mine:
  12. Sorry, I must not have run as administrator last night. Last night's report was from inside a folder that RK put on the desktop, "RK_Quarantine" This .txt file came up when I repeated the scan this morning : RogueKiller V8.1.1 [10/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Joe [Admin rights] Mode : Scan -- Date : 10/09/2012 22:59:37 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [TASK][sUSP PATH] {A7095D19-6EC3-46EC-A4EF-008202A475A7} : C:\Windows\system32\pcalua.exe -a "C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WM3RMKC\Setup[1].exe" -d C:\Users\Joe\Desktop -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Users\Joe\Desktop\dds.scr) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 198.15.104.132 www.google-analytics.com. 198.15.104.132 ad-emea.doubleclick.net. 198.15.104.132 www.statcounter.com. 72.29.93.243 www.google-analytics.com. 72.29.93.243 ad-emea.doubleclick.net. 72.29.93.243 www.statcounter.com. ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: OCZ-AGILITY2 3.5 +++++ --- User --- [MBR] 0d5b3bf30d937369b9712cc9508de717 [bSP] 8c133aa30c978a900275124ec97c7230 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 228834 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: RAID-5 +++++ --- User --- [MBR] 493f892f4c1cbe9d12577fc8c4927ed7 [bSP] 7cac6029736adb5bfc00f36f3bd3ed37 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907732 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt
  13. MiniToolBox by Farbar Version: 23-07-2012 Ran by Joe (administrator) on 09-10-2012 at 22:56:41 Microsoft Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** =========================== Installed Programs ============================ @BIOS (Version: 2.08) Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.152) Adobe Media Player (Version: 1.8) Adobe Photoshop CS5 (Version: 12.0) Adobe Reader X (10.1.3) (Version: 10.1.3) Apple Application Support (Version: 1.4.1) Apple Mobile Device Support (Version: 3.3.0.69) Apple Software Update (Version: 2.1.3.127) Bonjour (Version: 2.0.4.0) Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001) Easy Tune 6 B10.0728.1 (Version: 1.00.0000) EpsonNet Print (Version: 2.4j) FastPrint 1.70 Build 090115 FileZilla Client 3.5.3 (Version: 3.5.3) Google Chrome (Version: 22.0.1229.92) Google SketchUp 8 (Version: 3.0.14346) Intel® Rapid Storage Technology (Version: 9.6.0.1014) iTunes (Version: 10.1.1.4) Java Auto Updater (Version: 2.0.7.1) Java 6 Update 31 (Version: 6.0.310) KONICA MINOLTA Universal PS MailWasherPro (Version: 1.3.0) Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Office Access database engine 2007 (English) (Version: 12.0.4518.1031) Microsoft Office Small Business Edition 2003 (Version: 11.0.5614.0) Microsoft Store Download Manager (Version: 2.8.4431.2) Microsoft Streets & Trips 2010 (Version: 17.0.18.2200) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable Package (Version: 1.0.0) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Missing Sync for Android (Version: 1.6.1.201) MobileMe Control Panel (Version: 3.1.6.0) MotoHelper 2.1.32 Driver 5.4.0 (Version: 2.1.32) MotoHelper MergeModules (Version: 1.2.0) Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Music Manager NEF Codec (Version: 1.00.0000) NeoComposite3 NeoPackProfessional3 Notepad++ version 6.1.2 (Version: 6.1.2) NVIDIA Control Panel 275.33 (Version: 275.33) NVIDIA Display Control Panel (Version: 6.14.12.5896) NVIDIA Graphics Driver 275.33 (Version: 275.33) NVIDIA Install Application (Version: 2.275.78.0) NVIDIA Update 1.3.5 (Version: 1.3.5) NVIDIA Update Components (Version: 1.3.5) OpenOffice.org 3.3 (Version: 3.3.9567) PDF Settings CS5 (Version: 10.0) PVSonyDll (Version: 1.00.0001) QuickTime (Version: 7.69.80.9) Realtek Ethernet Controller Driver For Windows 7 (Version: 7.18.322.2010) Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0) ThumbsPlus ThumbsPlus (Version: 8.1.0.3537) Timestone License Manager Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) VIPRE Antivirus (Version: 5.2.5162) Zenfolio Uploader **** End of log **** QuarantineReport.txt from RogueKiller: Time : 09/10/2012 22:59:37 -------------------------- ERROR [pcalua.exe.vir] -> C:\Windows\system32\pcalua.exe ERROR [setup[1].exe.vir] -> C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WM3RMKC\Setup[1].exe [dds.scr.vir] -> C:\Users\Joe\Desktop\dds.scr See you AM as well. Thanks again, Joe
  14. Found Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 10/2/2010 9:14:20 AM System Uptime: 10/9/2012 9:42:02 PM (1 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | X58A-UD3R Processor: Intel® Core i7 CPU 960 @ 3.20GHz | Socket 1366 | 3238/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 223 GiB total, 152.314 GiB free. D: is CDROM () E: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable R: is FIXED (NTFS) - 1863 GiB total, 1076.15 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP161: 8/16/2012 1:32:38 AM - Windows Update RP162: 8/23/2012 7:58:51 AM - Scheduled Checkpoint RP163: 8/30/2012 10:24:37 AM - Scheduled Checkpoint RP164: 9/7/2012 12:24:47 PM - Scheduled Checkpoint RP165: 9/12/2012 12:45:09 AM - Windows Update RP166: 9/19/2012 7:30:40 PM - Scheduled Checkpoint RP167: 9/24/2012 3:00:10 AM - Windows Update RP168: 9/26/2012 6:01:22 PM - Windows Update RP169: 10/4/2012 3:45:12 PM - Scheduled Checkpoint RP170: 10/9/2012 3:55:20 PM - Windows Modules Installer . ==== Hosts File Hijack ====================== . Hosts: 198.15.104.132 www.google-analytics.com. Hosts: 198.15.104.132 ad-emea.doubleclick.net. Hosts: 198.15.104.132 www.statcounter.com. Hosts: 72.29.93.243 www.google-analytics.com. Hosts: 72.29.93.243 ad-emea.doubleclick.net. Hosts: 72.29.93.243 www.statcounter.com. . ==== Installed Programs ====================== . @BIOS Adobe Media Player Adobe Photoshop CS5 Adobe Reader X (10.1.3) Apple Application Support Apple Software Update Compatibility Pack for the 2007 Office system Easy Tune 6 B10.0728.1 EpsonNet Print FastPrint 1.70 Build 090115 FileZilla Client 3.5.3 Google Chrome Google SketchUp 8 Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 31 MailWasherPro Malwarebytes Anti-Malware version 1.65.0.1400 Microsoft Office Access database engine 2007 (English) Microsoft Office Small Business Edition 2003 Microsoft Store Download Manager Microsoft Streets & Trips 2010 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable Package Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Missing Sync for Android MotoHelper 2.1.32 Driver 5.4.0 MotoHelper MergeModules MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Music Manager NEF Codec NeoComposite3 NeoPackProfessional3 Notepad++ version 6.1.2 OpenOffice.org 3.3 PDF Settings CS5 QuickTime Realtek Ethernet Controller Driver For Windows 7 Renesas Electronics USB 3.0 Host Controller Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) ThumbsPlus Timestone License Manager Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VIPRE Antivirus Zenfolio Uploader . ==== Event Viewer Messages From Past Week ======== . 10/9/2012 9:43:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 10/9/2012 6:08:09 PM, Error: Service Control Manager [7031] - The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. . ==== End Of File =========================== Working on your reply - thanks for being so quick! Joe
  15. I'm pretty sure that I got this from a Boy Scout forum. No good deed, etc. Malwarebytes Pro scanned and found two false Java updates and removed them, but the main pop-up continues to appear in the lower right corner with a variety of offers. Ran DDS. Attach.txt did not appear. DDS.txt: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Joe at 22:22:32 on 2012-10-09 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6142.4389 [GMT -4:00] . AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\StikyNot.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe C:\Program Files (x86)\FireTrust\MailWasher\MailWasherPro.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://drudgereport.com/ uWindow Title = Internet Explorer, optimized for Bing and MSN uInternet Settings,ProxyOverride = *.local;192.168.*.* mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [AdobeBridge] uRun: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\Backup Assistant Plus Service.exe uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Google Update] "C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MISSIN~1.LNK - C:\Program Files (x86)\MarkSpace\Missing Sync for Android\SyncMarshallerLauncher.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL Trusted Zone: google.com\b.mail Trusted Zone: google.com\mail Trusted Zone: google.com\www Trusted Zone: paypal.com\www DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} - hxxp://www.zenfolio.com/zf/code/upload-ie-win-x86.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{C1F0840F-0CDC-4EAF-8DBA-F1C6F5D5D5B5} : DhcpNameServer = 192.168.0.1 mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe" Hosts: 198.15.104.132 www.google-analytics.com. Hosts: 198.15.104.132 ad-emea.doubleclick.net. Hosts: 198.15.104.132 www.statcounter.com. Hosts: 72.29.93.243 www.google-analytics.com. Hosts: 72.29.93.243 ad-emea.doubleclick.net. . Note: multiple HOSTS entries found. Please refer to Attach.txt . ============= SERVICES / DRIVERS =============== . R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2012-1-25 101112] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 aksdf;aksdf;\??\C:\Windows\system32\drivers\aksdf.sys --> C:\Windows\system32\drivers\aksdf.sys [?] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-2 13336] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-9 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-9 676936] R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896] R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-5-2 3289680] R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?] R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-5-2 173920] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?] S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-10-2 25640] S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-10-2 30528] S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?] S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?] S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?] S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?] S3 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-25 2214504] S3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] . =============== Created Last 30 ================ . 2012-10-09 22:25:44 -------- d-----w- C:\Users\Joe\AppData\Roaming\Malwarebytes 2012-10-09 22:25:39 -------- d-----w- C:\ProgramData\Malwarebytes 2012-10-09 22:25:38 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-10-09 22:25:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-26 11:10:47 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-09-11 18:47:42 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-09-11 18:47:42 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2012-09-11 18:47:33 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-11 18:47:33 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-11 18:47:24 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-09-11 18:47:24 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-09-11 18:47:24 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ==================== Find3M ==================== . 2012-10-09 02:43:35 25640 ----a-w- C:\Windows\gdrv.sys 2012-10-09 01:35:46 30528 ----a-w- C:\Windows\GVTDrv64.sys 2012-10-08 18:30:18 25640 ----a-w- C:\Windows\etdrv.sys 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2011-01-18 08:53:32 2994688 ----a-w- C:\Program Files (x86)\openofficeorg33.msi 2011-01-18 08:52:10 475016 ----a-w- C:\Program Files (x86)\setup.exe . ============= FINISH: 22:22:45.76 =============== Many thanks in advance! Joe
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.