wrund

Rkill 2.5.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/28/2013 10:25:39 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Warren\AppData\Local\Temp\C12A8FE3-8104-41A7-ADAA-BB93833B9FB1\dismhost.exe (PID: 3956) [T-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

     * C:\Users\Warren\AppData\Local\{65f022bc-5c13-990d-42ef-21e1b2e0b37c}\ [ZA Dir]
     * C:\Users\Warren\AppData\Local\{65f022bc-5c13-990d-42ef-21e1b2e0b37c}\L\ [ZA Dir]
     * C:\Users\Warren\AppData\Local\{65f022bc-5c13-990d-42ef-21e1b2e0b37c}\U\ [ZA Dir]
     * C:\windows\Installer\{65f022bc-5c13-990d-42ef-21e1b2e0b37c}\ [ZA Dir]
     * C:\windows\Installer\{65f022bc-5c13-990d-42ef-21e1b2e0b37c}\L\ [ZA Dir]
     * C:\windows\Installer\{65f022bc-5c13-990d-42ef-21e1b2e0b37c}\U\ [ZA Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 07/28/2013 10:26:24 PM
Execution time: 0 hours(s), 0 minute(s), and 44 seconds(s)

July 29, 2013

Here is a DDS log on the desktop-

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Warren at 10:29:43 on 2013-07-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2318 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\HitmanPro\hmpsched.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Becrypt\Media Viewer\DPRMAgent.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\windows\SysWOW64\NLSSRV32.EXE
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\Explorer.EXE
C:\windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\Warren\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Fipsco Life Portraits\AHL\B2BMC-Starter.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Fipsco Life Portraits\AHL\AHLWebServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uSearch Bar = Preserve
uProxyOverride = <local>;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} - <orphaned>
BHO: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
TB: RadioRage: {78ba36c9-6036-482b-b48d-ecca6f964b84} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [{55916796-294E-475F-8D08-53FE0E4707C7}] rundll32 "C:\Users\Warren\AppData\Local\{CCF16F53-5965-4C0D-8295-F2E197D86EFE}\{55916796-294E-475F-8D08-53FE0E4707C7}\egli.dll",DllRegisterServer
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [b2BMC_STARTER] "C:\Fipsco Life Portraits\AHL\B2BMC-Starter.exe" CLT=AHL
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Warren\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Warren\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.1.254
TCP: Interfaces\{5D82369B-D6DB-45AC-9F19-FCBBB2BA6644} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5D82369B-D6DB-45AC-9F19-FCBBB2BA6644}\2375942554432353 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5D82369B-D6DB-45AC-9F19-FCBBB2BA6644}\354716765634F616368623 : DHCPNameServer = 69.239.80.99 69.239.80.99
TCP: Interfaces\{5D82369B-D6DB-45AC-9F19-FCBBB2BA6644}\3557E634F6163747D225F6F6D637D234F687 : DHCPNameServer = 68.105.28.12 68.105.29.11
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 bcfilter;BC Filter Driver;C:\windows\System32\drivers\bcflt64.sys [2010-2-23 18488]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R0 w2kenc;BC Encryption Filter Driver;C:\windows\System32\drivers\bcenc64.sys [2010-2-23 258104]
R2 DPRMAgent;DPRMAgent;C:\Program Files\Becrypt\Media Viewer\DPRMAgent.exe [2010-7-9 1353728]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-7-28 109352]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-4 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-4 682344]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2013-3-25 230408]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-3-25 204304]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-11-29 70152]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-3-2 266680]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-21 2656280]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-12-4 24176]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-5-21 38096]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-5-21 1109096]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-5-21 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-12-20 822704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;C:\windows\System32\drivers\PTUMWBus.sys [2011-7-27 70928]
S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;C:\windows\System32\drivers\PTUMWCDF.sys [2011-7-27 24976]
S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;C:\windows\System32\drivers\PTUMWCSP.sys [2011-7-27 173328]
S3 PTUMWFLT;PTUMWNET Filter Driver;C:\windows\System32\drivers\PTUMWFLT.sys [2011-7-27 12688]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;C:\windows\System32\drivers\PTUMWMdm.sys [2011-7-27 173328]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;C:\windows\System32\drivers\PTUMWNET.sys [2011-7-27 143888]
S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;C:\windows\System32\drivers\PTUMWNSP.sys [2011-7-27 173328]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;C:\windows\System32\drivers\PTUMWVsp.sys [2011-7-27 173328]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-5-21 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-5-21 307304]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-7-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-07-29 06:03:07 -------- d-----w- C:\Users\Warren\AppData\Local\{6BF2D83E-4FE4-4790-9063-93A133677DC7}
2013-07-29 05:53:29 -------- d-----w- C:\Program Files\HitmanPro
2013-07-29 05:51:38 -------- d-----w- C:\ProgramData\HitmanPro
2013-07-29 00:42:43 -------- d-----w- C:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-27 20:49:59 -------- d-----w- C:\Users\Warren\AppData\Local\Smsi-VZam
2013-07-26 17:14:54 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9150298F-C980-47C6-9E55-EE391D9602E7}\mpengine.dll
2013-07-18 16:15:56 -------- d-----w- C:\Users\Warren\AppData\Local\Citrix
2013-07-17 17:31:28 -------- d-----w- C:\Users\Warren\AppData\Local\{11BC6EBE-C8D2-4685-A7A6-75A9CF0AA6F4}
2013-07-15 22:53:48 -------- d-----w- C:\Users\Warren\AppData\Local\{67BBF980-BE09-4463-9CF5-57AF16EA4CCB}
2013-07-13 14:30:45 -------- d-----w- C:\windows\System32\MRT
2013-07-12 22:34:18 -------- d-----r- C:\Users\Warren\Dropbox
2013-07-12 22:32:41 -------- d-----w- C:\Users\Warren\AppData\Roaming\Dropbox
2013-07-11 01:43:26 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 01:43:26 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-11 01:43:26 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-11 01:43:26 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 01:43:26 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-11 01:43:26 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-11 01:43:26 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-11 01:43:24 624128 ----a-w- C:\windows\System32\qedit.dll
2013-07-11 01:43:24 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2013-07-11 01:43:23 1887744 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-11 01:43:23 1620480 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 01:31:10 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-07-11 01:31:08 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-11 01:31:08 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-11 01:31:08 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-11 01:31:08 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 01:31:07 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 01:22:40 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-07-11 01:22:40 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
.
==================== Find3M ====================
.
2013-06-12 03:38:42 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 03:38:42 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-05-02 09:06:08 278800 ------w- C:\windows\System32\MpSigStub.exe
2004-08-04 08:56:44 561179 ----a-w- C:\Program Files (x86)\Common Files\dao360.dll
2004-06-17 17:07:32 570128 ----a-w- C:\Program Files (x86)\Common Files\DAO350.DLL
.
============= FINISH: 10:30:08.77 ===============

July 29, 2013

Hopefully I posted the above correctly.

July 29, 2013

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/13/2011 4:46:01 PM
System Uptime: 7/29/2013 7:52:09 AM (3 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU1 | 2100/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 405.738 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Officejet Pro 8600
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer:
Name: Officejet Pro 8600
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
RP247: 7/28/2013 5:42:27 PM - Removed SpyHunter
.
==== Installed Programs ======================
.
4500_G510gm_Help_Web
4500G510gm_Software_Min
4500G510gm_web
64 Bit HP CIO Components Installer
7-Zip 9.22beta
7Zip
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) MUI
AllApp
AllApp - LPES
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Becrypt Media Viewer
Best Buy pc app
Bonjour
BufferChm
Cisco EAP-FAST Module

July 29, 2013

Starting a few days ago, Internet Explorer does the redirect whenever clicking on a link. Plus, now I get a window popping up all the time say Malware Bytes is blocking an outgoing address.

As always, any help is much appreciated.

December 3, 2012

The 14th time was it, it finally posted the log-

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 7/13/2011 4:46:01 PM

System Uptime: 12/3/2012 1:21:04 PM (1 hours ago)

.

Motherboard: Intel Corp. | | Base Board Product Name

Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU1 | 2100/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 402.857 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP161: 10/10/2012 11:49:52 AM - Scheduled Checkpoint

RP162: 10/18/2012 8:46:20 AM - Scheduled Checkpoint

RP163: 10/29/2012 12:33:03 PM - Scheduled Checkpoint

RP164: 11/10/2012 8:21:30 AM - Scheduled Checkpoint

RP165: 11/17/2012 10:53:30 PM - Scheduled Checkpoint

RP166: 11/29/2012 9:30:16 PM - Installed TOSHIBA Service Station

RP167: 12/2/2012 12:06:27 AM - Installed SpyHunter

RP168: 12/2/2012 12:40:13 AM - Removed SpyHunter

RP169: 12/2/2012 12:40:56 AM - Removed SpyHunter

RP170: 12/2/2012 12:53:19 AM - Removed SpyHunter

RP171: 12/2/2012 8:35:31 PM - Removed VZAccess Manager.

.

==== Image File Execution Options =============

.

==== Installed Programs ======================

.

7-Zip 9.22beta

7Zip

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4) MUI

AllApp

AllApp - LPES

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Becrypt Media Viewer

Best Buy pc app

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Conexant HD Audio

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Google Chrome

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 20

Junk Mail filter update

Label@Once 1.0

Malwarebytes Anti-Malware version 1.65.1.1000

MediaBar

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nitro Reader 2

PANTECH USB Modem V2

PlayReady PC Runtime amd64

PlayReady PC Runtime x86

Realtek USB 2.0 Reader Driver

Realtek WLAN Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Synaptics Pointing Device Driver

TOSHIBA Application Installer

TOSHIBA Assist

Toshiba Book Place

TOSHIBA Bulletin Board

TOSHIBA Disc Creator

TOSHIBA eco Utility

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

TOSHIBA PC Health Monitor

TOSHIBA Quality Application

TOSHIBA Recovery Media Creator

TOSHIBA ReelTime

TOSHIBA Resolution+ Plug-in for Windows Media Player

TOSHIBA Service Station

TOSHIBA Sleep Utility

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

TOSHIBA Wireless LAN Indicator

ToshibaRegistration

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Verizon Wireless UM190 Firmware Updates

WebEx

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinZip 15.0

.

==== Event Viewer Messages From Past Week ========

.

12/3/2012 1:20:40 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

12/3/2012 1:20:40 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

12/3/2012 1:20:40 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

11/29/2012 5:37:13 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state.

11/29/2012 5:37:08 PM, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting.

.

==== End Of File ===========================

December 3, 2012

Whe I went to check the version of Malwarebytes anti-malware PRO version I have, the fake FBI page came up. I thought thats why I bought his program, so I wouldn't get all these viruses?

December 3, 2012

This computer has Windows 7 on it.

December 3, 2012

I think this computer has Vista on it. When I double click DDS, it runs and says it wll create a log, but I don't know where the log is, if any. It's not on the desktop.

December 3, 2012

Also, I didn't mention that I have the PRO version, and still got infected, nor will the program find the problems.

December 3, 2012

I tried the initial steps listed on your website- downloaded DDS.com, it's on my desktop. But their is no option to "run it as the Administrator", and it didn't save any logs to my desktop.

I also don't find options to be able to "track this topic" with instant email notification.

Events

Profiles

Forums

Posts posted by wrund

Important Information