Jump to content

ldmtulsa

Honorary Members
 View Profile  See their activity

  • Posts

    35

  • Joined

  • Last visited

 Content Type 

Everything posted by ldmtulsa

  1. ldmtulsa
    The 3 files you asked about are script files for a program called Automate that I have been using for years. Scanned each file but I'm getting this error trying to post the screen prints from virustotal.com. An error occurred You are not allowed to use that image extension on this community.
  2. ldmtulsa
    Ok - I have run ComboFix. Several things happened that were not in the instructions. 1St - on 3 occations I got the following error. "Exception EAcess Violation in module Erunt.3xe. 2nd- a restore point was not created. 3rd - the Microsoft Recovery console process did not happen. Maybe that means it was already installed. Are any of these a problem? ComboFix 13-01-12.01 - Owner 01/12/2013 15:37:06.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4004.2062 [GMT -6:00] Running from: c:\users\Owner\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . Y:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 ))))))))))))))))))))))))))))))) . . 2013-01-12 21:41 . 2013-01-12 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-11 23:44 . 2013-01-11 23:44 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0AE3BF1B-D833-472F-9011-CD0914B8D798}\offreg.dll 2013-01-11 10:03 . 2012-11-19 07:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0AE3BF1B-D833-472F-9011-CD0914B8D798}\mpengine.dll 2013-01-10 13:23 . 2013-01-10 13:23 -------- d-----w- c:\program files (x86)\ESET 2013-01-10 00:01 . 2013-01-10 00:01 -------- d-----w- c:\program files (x86)\IrfanView 2013-01-09 20:11 . 2012-06-01 05:36 192000 ----a-w- c:\windows\system32\iisRtl.dll 2013-01-09 20:11 . 2012-06-01 05:34 55296 ----a-w- c:\windows\system32\admwprox.dll 2013-01-09 20:11 . 2012-06-01 04:37 154624 ----a-w- c:\windows\SysWow64\iisRtl.dll 2013-01-09 20:11 . 2012-06-01 04:35 50688 ----a-w- c:\windows\SysWow64\admwprox.dll 2013-01-09 20:11 . 2012-06-01 05:39 14848 ----a-w- c:\windows\system32\wamregps.dll 2013-01-09 20:11 . 2012-06-01 05:36 11264 ----a-w- c:\windows\system32\iisrstap.dll 2013-01-09 20:11 . 2012-06-01 05:35 60928 ----a-w- c:\windows\system32\ahadmin.dll 2013-01-09 20:11 . 2012-06-01 05:33 16896 ----a-w- c:\windows\system32\iisreset.exe 2013-01-09 20:11 . 2012-06-01 04:40 10752 ----a-w- c:\windows\SysWow64\wamregps.dll 2013-01-09 20:11 . 2012-06-01 04:37 8192 ----a-w- c:\windows\SysWow64\iisrstap.dll 2013-01-09 20:11 . 2012-06-01 04:35 26624 ----a-w- c:\windows\SysWow64\ahadmin.dll 2013-01-09 20:11 . 2012-06-01 04:34 15360 ----a-w- c:\windows\SysWow64\iisreset.exe 2013-01-09 19:17 . 2013-01-09 19:17 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-01-09 19:15 . 2013-01-09 19:15 -------- d-----w- c:\programdata\InstallMate 2013-01-09 19:11 . 2013-01-09 19:11 -------- d-----w- c:\program files (x86)\FileHippo.com 2013-01-09 18:43 . 2013-01-09 18:43 -------- d-----w- c:\windows\SysWow64\BestPractices 2013-01-09 18:43 . 2013-01-09 18:43 -------- d-----w- c:\windows\system32\BestPractices 2013-01-09 18:43 . 2013-01-09 18:43 -------- d-----w- C:\inetpub 2013-01-09 18:30 . 2009-12-30 17:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys 2013-01-09 18:30 . 2013-01-09 18:30 -------- d-----w- c:\program files\VS Revo Group 2013-01-09 14:39 . 2013-01-09 14:39 -------- d-----w- c:\windows\ERUNT 2013-01-09 14:38 . 2013-01-11 23:37 -------- d-----w- C:\JRT 2013-01-09 03:55 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 03:55 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 03:55 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 03:55 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 03:55 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 03:55 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-09 03:55 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 03:55 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 03:55 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-09 03:53 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-09 03:53 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-08 12:35 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2013-01-08 12:35 . 2013-01-08 12:35 -------- dc----w- c:\windows\system32\DRVSTORE 2013-01-08 12:35 . 2013-01-08 12:35 -------- d-----w- c:\program files\iPod 2013-01-08 12:35 . 2013-01-08 12:35 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-01-08 12:35 . 2013-01-08 12:35 -------- d-----w- c:\program files\iTunes 2013-01-08 12:35 . 2013-01-08 12:35 -------- d-----w- c:\program files (x86)\iTunes 2013-01-08 12:35 . 2013-01-08 12:35 -------- d-----w- c:\programdata\Apple Computer 2013-01-08 12:34 . 2013-01-08 12:34 -------- d-----w- c:\program files\Common Files\Apple 2013-01-02 00:01 . 2013-01-02 00:03 -------- d-----w- c:\program files (x86)\ScreenPrint32 v3 2013-01-02 00:01 . 2013-01-02 00:03 249856 ------w- c:\windows\Setup1.exe 2013-01-02 00:01 . 2013-01-02 00:03 73216 ----a-w- c:\windows\ST6UNST.EXE 2012-12-30 14:57 . 2012-12-30 14:57 14794312 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe 2012-12-30 14:57 . 2012-12-30 14:57 -------- d-----w- c:\program files (x86)\LastPass 2012-12-28 19:45 . 2012-12-28 19:45 -------- d-----w- c:\program files\Microsoft Silverlight 2012-12-28 19:45 . 2012-12-28 19:45 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-12-27 16:04 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-12-27 16:04 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-12-27 16:04 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-12-27 16:04 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-12-27 16:04 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-12-27 16:03 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-12-27 16:03 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-12-27 16:03 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr 2012-12-27 16:03 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-12-27 16:03 . 2013-01-03 13:55 -------- d-----w- c:\program files\AVAST Software 2012-12-27 16:03 . 2012-12-27 16:03 -------- d-----w- c:\programdata\AVAST Software 2012-12-23 12:40 . 2012-12-23 12:40 -------- d-----w- c:\programdata\Microsoft Help 2012-12-21 14:09 . 2012-12-21 14:09 -------- d-----w- c:\programdata\Malwarebytes 2012-12-21 14:09 . 2012-12-30 13:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-21 14:09 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-21 12:21 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 12:21 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 12:21 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 12:21 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-20 17:12 . 2012-12-20 17:12 -------- d-----w- c:\programdata\PC-Doctor for Windows 2012-12-20 13:49 . 2012-12-23 12:24 -------- d-----w- c:\program files (x86)\Google 2012-12-20 12:54 . 2012-12-20 17:11 -------- d-----w- c:\programdata\PCDr 2012-12-19 23:00 . 2012-12-19 23:00 -------- d-----w- c:\programdata\VirtualizedApplications 2012-12-19 21:45 . 2012-12-19 21:45 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-12-19 21:45 . 2012-12-19 21:45 -------- d-----w- c:\program files\Bonjour 2012-12-19 21:45 . 2012-12-19 21:45 -------- d-----w- c:\program files (x86)\Bonjour 2012-12-19 21:45 . 2013-01-08 12:35 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-12-19 21:45 . 2013-01-08 12:34 -------- d-----w- c:\programdata\Apple 2012-12-19 20:59 . 2012-12-19 21:02 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-12-19 20:55 . 2013-01-09 19:05 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-19 20:54 . 2012-12-19 20:54 289768 ----a-w- c:\windows\system32\javaws.exe 2012-12-19 20:54 . 2012-12-19 20:54 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-12-19 20:54 . 2012-12-19 20:54 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2012-12-19 20:54 . 2012-12-19 20:54 189416 ----a-w- c:\windows\system32\javaw.exe 2012-12-19 20:54 . 2012-12-19 20:54 188904 ----a-w- c:\windows\system32\java.exe 2012-12-19 20:54 . 2012-12-19 20:54 -------- d-----w- c:\program files\Java 2012-12-19 20:42 . 2012-12-19 20:42 -------- d-----w- c:\windows\SysWow64\Wat 2012-12-19 20:42 . 2012-12-19 20:42 -------- d-----w- c:\windows\system32\Wat 2012-12-19 20:09 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-19 20:09 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-19 20:09 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-12-19 20:09 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-19 20:03 . 2013-01-09 09:05 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-12-19 19:48 . 2012-11-14 05:53 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-12-19 19:45 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-19 19:45 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-19 19:45 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-19 19:45 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-19 19:45 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-19 19:45 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-19 19:45 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-19 19:44 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-12-19 19:44 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-12-19 19:44 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-12-19 19:44 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-12-19 19:44 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-12-19 19:36 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2012-12-19 19:35 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-12-19 19:33 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-12-19 19:33 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-12-19 19:33 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-12-19 19:33 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-12-19 19:33 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-12-19 19:31 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2012-12-19 19:12 . 2012-12-19 19:12 -------- d-----w- c:\program files (x86)\MSECache 2012-12-19 19:03 . 2012-12-19 19:50 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client 2012-12-19 19:03 . 2012-12-19 19:03 -------- d-----w- c:\program files\Microsoft Office 2012-12-19 18:48 . 2012-12-19 18:48 -------- d-----w- c:\program files (x86)\Evernote 2012-12-19 18:42 . 2012-12-19 18:42 -------- d-----w- c:\program files (x86)\BillP Studios 2012-12-19 17:50 . 2012-12-19 17:50 -------- d-----w- c:\program files (x86)\AutoHotkey 2012-12-19 17:49 . 2013-01-09 19:15 -------- d-----w- c:\program files\CCleaner 2012-12-19 17:40 . 2012-12-19 17:40 8537680 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 19:05 . 2012-03-28 13:27 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-02 00:01 . 2000-05-22 21:58 1077344 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-12-19 20:54 . 2012-03-28 13:27 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-19 16:07 . 2012-03-28 13:28 779704 ------w- c:\windows\SysWow64\deployJava1.dll 2012-11-30 04:45 . 2013-01-09 03:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-08 17:29 . 2012-11-08 17:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-10-16 08:38 . 2012-12-19 19:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-12-19 19:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-12-19 19:35 561664 ----a-w- c:\windows\apppatch\AcLayers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}] 2013-01-10 21:59 581984 ----a-w- c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-12-19 5628848] "FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160] "Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440] "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-11-03 957440] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "ScreenPrint32"="c:\program files (x86)\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-16 446464] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-01-04 404712] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-1-10 1078624] libcard.ahk [2011-11-30 70] Paula.ahk [2012-2-10 85] pw.ahk [2013-1-2 65] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2012-12-30 14794312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-05-20 36000] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-05-20 298656] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-05-20 201376] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-05-20 55456] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-05-20 154272] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-05-20 282272] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-19 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-05-20 146592] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2011-05-20 80032] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-09 173568] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-05-20 29344] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - CDFS . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-11 16:54 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 19:05] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 13:49] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 13:49] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448] "Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976] "AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-05-20 627360] "AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-05-20 379552] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2013-01-04 404712] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4 - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html IE: LastPass - file://c:\users\Owner\AppData\LocalLow\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\users\Owner\AppData\LocalLow\LastPass\context.html?cmd=fillforms IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html Trusted Zone: secunia.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oppb01s3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox|http://www.nbcnews.com/|http://drudgereport.com/|http://www.foxnews.com/ FF - ExtSQL: 2012-12-11 19:23; support@lastpass.com; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oppb01s3.default\extensions\support@lastpass.com FF - ExtSQL: 2012-12-18 08:19; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oppb01s3.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi FF - ExtSQL: 2012-12-27 10:04; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF . . Completion time: 2013-01-12 15:42:49 ComboFix-quarantined-files.txt 2013-01-12 21:42 . Pre-Run: 429,320,216,576 bytes free Post-Run: 429,265,137,664 bytes free . - - End Of File - - 8957C1C0D2DE634087514207C3BF3725
  3. ldmtulsa
    ok, but my external hd died this morning. i'm going to go by another one and then do a system image before I proceed
  4. ldmtulsa
    Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. This seems a little scary. Who is the person who is authorized to provide the special supervision?
  5. ldmtulsa
    Am I supposed to be doing anything? I thought I was waiting for you to recommend something to me?
  6. ldmtulsa
    Yesterday only one instance. The 3 days prior, 3 to 4 per day.
  7. ldmtulsa
    I cut and pasted all of the log files this morning. The are above your last post.
  8. ldmtulsa
    --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 2.294000 GHz Memory total: 4198785024, free: 2587250688 ------------ Kernel report ------------ 01/09/2013 08:20:43 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\aswSnx.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\Drivers\aswTdi.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\Drivers\aswrdr2.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\System32\Drivers\aswSP.SYS \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\athrx.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\Apfiltr.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\btath_bus.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\system32\DRIVERS\portcls.sys \SystemRoot\system32\DRIVERS\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\btfilter.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\CtClsFlt.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\drivers\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\DRIVERS\btath_rcp.sys \SystemRoot\system32\drivers\btath_a2dp.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\btath_hcrp.sys \SystemRoot\system32\DRIVERS\btath_flt.sys \??\C:\windows\system32\drivers\aswMonFlt.sys \SystemRoot\system32\DRIVERS\btath_lwflt.sys \??\C:\windows\system32\drivers\mbam.sys \SystemRoot\System32\Drivers\aswFsBlk.SYS \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\psi_mf.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\WSDPrint.sys \??\C:\windows\system32\drivers\mbamchameleon.sys \??\C:\windows\system32\drivers\mbamswissarmy.sys \WINDOWS\System32\ntdll.dll \WINDOWS\System32\smss.exe \WINDOWS\System32\apisetschema.dll \WINDOWS\System32\autochk.exe \WINDOWS\System32\comdlg32.dll \WINDOWS\System32\clbcatq.dll \WINDOWS\System32\oleaut32.dll \WINDOWS\System32\ole32.dll \WINDOWS\System32\sechost.dll \WINDOWS\System32\nsi.dll \WINDOWS\System32\msctf.dll \WINDOWS\System32\usp10.dll \WINDOWS\System32\imm32.dll \WINDOWS\System32\user32.dll \WINDOWS\System32\ws2_32.dll \WINDOWS\System32\shell32.dll \WINDOWS\System32\kernel32.dll \WINDOWS\System32\msvcrt.dll \WINDOWS\System32\Wldap32.dll \WINDOWS\System32\lpk.dll \WINDOWS\System32\advapi32.dll \WINDOWS\System32\imagehlp.dll \WINDOWS\System32\rpcrt4.dll \WINDOWS\System32\shlwapi.dll \WINDOWS\System32\setupapi.dll \WINDOWS\System32\gdi32.dll \WINDOWS\System32\psapi.dll \WINDOWS\System32\urlmon.dll \WINDOWS\System32\iertutil.dll \WINDOWS\System32\wininet.dll \WINDOWS\System32\normaliz.dll \WINDOWS\System32\difxapi.dll \WINDOWS\System32\wintrust.dll \WINDOWS\System32\KernelBase.dll \WINDOWS\System32\devobj.dll \WINDOWS\System32\crypt32.dll \WINDOWS\System32\cfgmgr32.dll \WINDOWS\System32\comctl32.dll \WINDOWS\System32\msasn1.dll \WINDOWS\SysWOW64\normaliz.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8005fe0060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa80040b6050 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor DriverEntry returned 0x0 Function returned 0x0 Downloaded database version: v2013.01.09.07 Downloaded database version: v2013.01.04.01 Initializing... Done! <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8005fe0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005fe0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005fe0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80036ed040, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80040b6050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Upper DeviceData: 0xfffff8a00c15b440, 0xfffffa8005fe0060, 0xfffffa800399a090 Lower DeviceData: 0xfffff8a009e57d70, 0xfffffa80040b6050, 0xfffffa8003c985f0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\windows\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: C6AB1EE9 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 16065 Numsec = 192780 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 208896 Numsec = 30717952 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 30926848 Numsec = 945844272 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-16064-976753168-976773168)... Done! Performing system, memory and registry scan... Done! Scan finished ======================================= Malwarebytes Anti-Rootkit 1.01.0.1011 www.malwarebytes.org Database version: v2013.01.09.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Owner :: OWNER-PC [administrator] 1/9/2013 8:32:03 AM mbar-log-2013-01-09 (08-32-03).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 43550 Time elapsed: 6 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.4.2 (01.08.2013:1) OS: Windows 7 Home Premium x64 Ran by Owner on Wed 01/09/2013 at 8:39:14.97 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\billp studios\detected\startup Successfully deleted: [Registry Key] hkey_current_user\software\softonic ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\installmate" ~~~ FireFox Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\oppb01s3.default\user.js Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\oppb01s3.default\prefs.js user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); user_pref("browser.search.order.1", "Search the web (Babylon)"); user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); user_pref("extensions.BabylonToolbar_i.babExt", ""); user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110141"); user_pref("extensions.BabylonToolbar_i.hardId", "aca8a8d8000000000000001c239a71a6"); user_pref("extensions.BabylonToolbar_i.id", "aca8a8d8000000000000001c239a71a6"); user_pref("extensions.BabylonToolbar_i.instlDay", "15389"); user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); user_pref("extensions.BabylonToolbar_i.newTab", true); user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?AF=110141&babsrc=NT_ss&mntrId=aca8a8d8000000000000001c239a71a6"); user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:02:16"); user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); user_pref("extensions.personas.lastselected3", "{\"id\":\"17926\",\"name\":\"Live With Music\",\"accentcolor\":\"#ffae00\",\"textcolor\":\"#000000\",\"header\":\"http://getper user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}"); user_pref("extensions.wrc.SearchRules.baidu.com.url", "^http\\:\\/\\/www\\.baidu\\.com\\/.*"); user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .searchResult .resultTitlePane .WRCN {display:inline !important; background: url(\"IMAGE\") righ user_pref("extensions.wrc.SearchRules.excite.com.url", "^http\\:\\/\\/msxml\\.excite\\.com\\/search\\/.*"); user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,ezLooker,pagerage,buzzdock,toprelatedtopics,YontooNewOffers"); user_pref("extentions.y2layers.installId", "e804b7d0-8594-46e4-9952-008fb7051961"); user_pref("keyword.URL", "http://search.babylon.com/?AF=110141&babsrc=adbartrp&mntrId=aca8a8d8000000000000001c239a71a6&q="); user_pref("samfind.social.notused", "100zakladok,2linkme,2tag,7live7,a1webmarks,addio,adifni,aero,allmyfaves,allvoices,aollifestream,aolmail,arto,attentionmeter,aviary,baang,b Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\oppb01s3.default\minidumps [30 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 01/09/2013 at 8:49:31.65 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2 Run by Owner at 8:55:03 on 2013-01-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4004.1869 [GMT -6:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\windows\system32\svchost.exe -k GPSvcGroup C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\windows\system32\Dwm.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\windows\system32\taskhost.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\ScreenPrint32 v3\ScreenPrint32.exe C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\svchost.exe -k bthsvcs C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Secunia\PSI\sua.exe C:\windows\SysWOW64\ctfmon.exe C:\windows\explorer.exe C:\windows\SysWOW64\notepad.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\windows\system32\taskeng.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [screenPrint32] C:\Program Files (x86)\ScreenPrint32 v3\ScreenPrint32.exe -startup mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [Z1] C:\Users\Owner\Desktop\MBAR rootkit\mbar-1.01.0.1011\mbar\mbar.exe /cleanup /s StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe StartupFolder: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\libcard.ahk StartupFolder: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Paula.ahk StartupFolder: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pw.ahk StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: LastPass - C:\Users\Owner\AppData\LocalLow\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - C:\Users\Owner\AppData\LocalLow\LastPass\context.html?cmd=fillforms IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{A3406AAC-684E-4B1C-ABAF-83490EBEAE26} : DHCPNameServer = 192.168.1.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup x64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oppb01s3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox|http://www.nbcnews.com/|http://drudgereport.com/|http://www.foxnews.com/ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-12-11 19:23; support@lastpass.com; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oppb01s3.default\extensions\support@lastpass.com FF - ExtSQL: 2012-12-18 08:19; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oppb01s3.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi FF - ExtSQL: 2012-12-27 10:04; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-3-28 55856] R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-12-27 984144] R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-12-27 370288] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-28 89600] R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-12-27 25232] R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-12-27 71600] R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-5-20 146592] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-5-20 80032] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-27 44808] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-9 173568] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-28 13336] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-21 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-21 682344] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080] R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-11-26 1225312] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-11-26 659040] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-28 1692480] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-28 2656280] R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2011-5-20 36000] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2011-5-20 298656] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2011-5-20 29344] R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2011-5-20 201376] R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2011-5-20 55456] R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2011-5-20 154272] R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2011-5-20 282272] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-3-28 176096] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-3-28 317440] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-12-21 24176] R3 PSI;PSI;C:\windows\System32\drivers\psi_mf.sys [2010-9-1 17976] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-12-19 19456] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-3-28 250984] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-12-19 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-12-19 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-12-19 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-01-09 14:39:10 -------- d-----w- C:\windows\ERUNT 2013-01-09 14:38:45 -------- d-----w- C:\JRT 2013-01-09 09:10:41 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F49D9E94-FF60-42F2-B6F4-9F60F33D00BE}\offreg.dll 2013-01-09 03:55:15 750592 ----a-w- C:\windows\System32\win32spl.dll 2013-01-09 03:55:15 492032 ----a-w- C:\windows\SysWow64\win32spl.dll 2013-01-09 03:55:02 2002432 ----a-w- C:\windows\System32\msxml6.dll 2013-01-09 03:55:02 1882624 ----a-w- C:\windows\System32\msxml3.dll 2013-01-09 03:55:01 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll 2013-01-09 03:55:01 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2013-01-09 03:55:00 800768 ----a-w- C:\windows\System32\usp10.dll 2013-01-09 03:55:00 307200 ----a-w- C:\windows\System32\ncrypt.dll 2013-01-09 03:55:00 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll 2013-01-09 03:53:48 68608 ----a-w- C:\windows\System32\taskhost.exe 2013-01-09 03:53:47 3149824 ----a-w- C:\windows\System32\win32k.sys 2013-01-08 12:35:34 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys 2013-01-08 12:35:11 -------- d-----w- C:\Program Files\iPod 2013-01-08 12:35:10 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-01-08 12:35:10 -------- d-----w- C:\Program Files\iTunes 2013-01-08 12:35:10 -------- d-----w- C:\Program Files (x86)\iTunes 2013-01-08 09:38:56 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F49D9E94-FF60-42F2-B6F4-9F60F33D00BE}\mpengine.dll 2013-01-05 00:06:54 -------- d-----w- C:\Users\Owner\AppData\Roaming\IDT 2013-01-04 21:36:59 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics 2013-01-02 00:01:55 -------- d-----w- C:\Program Files (x86)\ScreenPrint32 v3 2013-01-02 00:01:30 249856 ------w- C:\windows\Setup1.exe 2013-01-02 00:01:29 73216 ----a-w- C:\windows\ST6UNST.EXE 2012-12-30 14:57:44 14794312 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe 2012-12-30 14:57:39 -------- d-----w- C:\Program Files (x86)\LastPass 2012-12-30 13:56:45 -------- d-----w- C:\Users\Owner\AppData\Local\Programs 2012-12-28 19:02:51 -------- d-----w- C:\Users\Owner\AppData\Local\{CAA83A7F-2267-4AA7-A0DC-CF3EB57BC77E} 2012-12-28 06:54:59 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-12-27 16:04:00 984144 ----a-w- C:\windows\System32\drivers\aswSnx.sys 2012-12-27 16:04:00 54072 ----a-w- C:\windows\System32\drivers\aswRdr2.sys 2012-12-27 16:03:59 71600 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2012-12-27 16:03:46 41224 ----a-w- C:\windows\avastSS.scr 2012-12-27 16:03:34 -------- d-----w- C:\ProgramData\AVAST Software 2012-12-27 16:03:34 -------- d-----w- C:\Program Files\AVAST Software 2012-12-25 01:17:53 -------- d-----w- C:\Users\Owner\AppData\Roaming\Roxio Log Files 2012-12-24 15:48:04 -------- d-----w- C:\Users\Owner\SyncUP 2012-12-24 15:43:43 -------- d-----w- C:\Users\Owner\AppData\Local\Nero_AG 2012-12-24 15:43:40 -------- d-----w- C:\Users\Owner\AppData\Local\Nero 2012-12-23 12:40:36 -------- d-----w- C:\Users\Owner\AppData\Local\Microsoft Help 2012-12-21 14:09:26 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes 2012-12-21 14:09:20 -------- d-----w- C:\ProgramData\Malwarebytes 2012-12-21 14:09:19 24176 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-12-21 14:09:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-21 12:21:07 46080 ----a-w- C:\windows\System32\atmlib.dll 2012-12-21 12:21:07 34304 ----a-w- C:\windows\SysWow64\atmlib.dll 2012-12-21 12:21:06 367616 ----a-w- C:\windows\System32\atmfd.dll 2012-12-21 12:21:06 295424 ----a-w- C:\windows\SysWow64\atmfd.dll 2012-12-20 20:20:36 -------- d-----w- C:\Users\Owner\AppData\Local\Adobe 2012-12-20 17:12:00 -------- d-----w- C:\ProgramData\PC-Doctor for Windows 2012-12-20 17:08:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\PCDr 2012-12-20 13:49:31 -------- d-----w- C:\Users\Owner\AppData\Local\Google 2012-12-20 12:54:56 -------- d-----w- C:\ProgramData\PCDr 2012-12-19 23:00:15 -------- d-----w- C:\ProgramData\VirtualizedApplications 2012-12-19 22:23:55 -------- d-----w- C:\Users\Owner\AppData\Local\Macromedia 2012-12-19 21:50:56 -------- d-----w- C:\Users\Owner\AppData\Local\Apple Computer 2012-12-19 21:45:54 -------- d-----w- C:\Users\Owner\AppData\Local\Apple 2012-12-19 21:45:47 -------- d-----w- C:\Program Files\Bonjour 2012-12-19 21:45:47 -------- d-----w- C:\Program Files (x86)\Bonjour 2012-12-19 20:59:31 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2012-12-19 20:55:45 697272 ------w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-12-19 20:54:40 1034216 ----a-w- C:\windows\System32\npDeployJava1.dll 2012-12-19 20:54:36 108008 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll 2012-12-19 20:47:36 -------- d-----w- C:\Users\Owner\AppData\Local\Secunia PSI 2012-12-19 20:47:21 -------- d-----w- C:\Program Files (x86)\Secunia 2012-12-19 20:42:47 -------- d-----w- C:\windows\SysWow64\Wat 2012-12-19 20:42:47 -------- d-----w- C:\windows\System32\Wat 2012-12-19 20:09:16 9728 ----a-w- C:\windows\System32\Wdfres.dll 2012-12-19 20:09:16 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys 2012-12-19 20:09:16 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys 2012-12-19 20:09:16 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui 2012-12-19 19:45:41 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys 2012-12-19 19:45:41 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys 2012-12-19 19:45:40 84992 ----a-w- C:\windows\System32\WUDFSvc.dll 2012-12-19 19:45:40 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll 2012-12-19 19:45:39 744448 ----a-w- C:\windows\System32\WUDFx.dll 2012-12-19 19:45:39 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll 2012-12-19 19:45:39 229888 ----a-w- C:\windows\System32\WUDFHost.exe 2012-12-19 19:44:47 81408 ----a-w- C:\windows\System32\imagehlp.dll 2012-12-19 19:44:47 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys 2012-12-19 19:44:47 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll 2012-12-19 19:44:46 5120 ----a-w- C:\windows\SysWow64\wmi.dll 2012-12-19 19:44:46 5120 ----a-w- C:\windows\System32\wmi.dll 2012-12-19 19:36:44 458712 ----a-w- C:\windows\System32\drivers\cng.sys 2012-12-19 19:33:32 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-12-19 19:33:32 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-12-19 19:33:32 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-12-19 19:33:32 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-12-19 19:33:31 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-12-19 19:31:06 956928 ----a-w- C:\windows\System32\localspl.dll 2012-12-19 19:12:11 -------- d-----w- C:\Program Files (x86)\MSECache 2012-12-19 19:04:00 -------- d-----w- C:\Users\Owner\AppData\Local\SoftGrid Client 2012-12-19 19:03:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\SoftGrid Client 2012-12-19 19:03:04 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client 2012-12-19 19:02:50 -------- d-----w- C:\Users\Owner\AppData\Roaming\TP 2012-12-19 18:48:29 -------- d-----w- C:\Users\Owner\AppData\Local\Evernote 2012-12-19 18:48:09 -------- d-----w- C:\Program Files (x86)\Evernote 2012-12-19 18:42:52 -------- d-----w- C:\Users\Owner\AppData\Roaming\WinPatrol 2012-12-19 18:42:44 -------- d-----w- C:\Program Files (x86)\BillP Studios 2012-12-19 17:50:12 -------- d-----w- C:\Program Files (x86)\AutoHotkey 2012-12-19 17:49:25 -------- d-----w- C:\Program Files\CCleaner 2012-12-19 17:40:39 8537680 ----a-w- C:\ProgramData\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE 2012-12-19 17:39:06 -------- d-----w- C:\Program Files (x86)\MozBackup 2012-12-19 16:07:23 859072 ------w- C:\windows\SysWow64\npDeployJava1.dll 2012-12-19 16:07:18 95184 ------w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-19 16:06:24 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery 2012-12-19 16:00:35 1031680 ----a-w- C:\windows\System32\rdpcore.dll 2012-12-19 16:00:34 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll 2012-12-19 16:00:34 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys 2012-12-19 15:58:12 -------- d-----w- C:\Users\Owner\AppData\Roaming\Dell 2012-12-19 15:58:08 -------- d-----w- C:\Users\Owner\AppData\Roaming\Intel Corporation 2012-12-19 15:58:06 -------- d-----w- C:\Users\Owner\AppData\Roaming\Fingertapps 2012-12-19 15:58:05 -------- d-----w- C:\Users\Owner\AppData\Local\BMExplorer 2012-12-19 15:58:04 -------- d-----w- C:\Users\Owner\AppData\Local\Dell 2012-12-19 15:57:31 -------- d-sh--w- C:\$RECYCLE.BIN 2012-12-19 15:55:37 2622464 ----a-w- C:\windows\System32\wucltux.dll 2012-12-19 15:55:35 99840 ----a-w- C:\windows\System32\wudriver.dll 2012-12-19 15:55:27 36864 ----a-w- C:\windows\System32\wuapp.exe 2012-12-19 15:55:27 186752 ----a-w- C:\windows\System32\wuwebv.dll 2012-12-19 15:55:00 -------- d-----w- C:\Users\Owner\AppData\Local\VirtualStore 2012-12-19 03:32:52 -------- d-----w- C:\windows\SMINST . ==================== Find3M ==================== . 2013-01-02 00:01:59 1077344 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX 2012-12-19 22:23:21 73656 ------w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-19 20:54:30 916456 ----a-w- C:\windows\System32\deployJava1.dll 2012-12-19 16:07:11 779704 ------w- C:\windows\SysWow64\deployJava1.dll 2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2012-11-30 05:41:07 424448 ----a-w- C:\windows\System32\KernelBase.dll 2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-11-08 17:29:12 1402312 ----a-w- C:\windows\SysWow64\msxml4.dll 2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll 2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll . ===. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 12/19/2012 9:54:55 AM System Uptime: 1/9/2013 7:59:25 AM (1 hours ago) . Motherboard: Dell Inc. | | 01HXXJ Processor: Intel® Core i3-2350M CPU @ 2.30GHz | CPU 1 | 782/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 417.945 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP3: 1/7/2013 12:00:02 AM - Scheduled Checkpoint RP4: 1/8/2013 3:38:22 AM - Windows Update RP5: 1/8/2013 6:34:36 AM - Installed iTunes RP6: 1/9/2013 3:00:18 AM - Windows Update . ==== Installed Programs ====================== . Accidental Damage Services Agreement Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Advanced Audio FX Engine Apple Application Support Apple Mobile Device Support Apple Software Update AutoHotkey 1.0.48.05 avast! Free Antivirus Banctec Service Agreement Bing Bar Blio Bluetooth Win7 Suite (64) Bonjour CCleaner Complete Care Business Service Agreement Consumer In-Home Service Agreement D3DX10 Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Digital Delivery Dell Edoc Viewer Dell Getting Started Guide Dell Home Systems Service Agreement Dell MusicStage Dell PhotoStage Dell Product Registration Dell Stage Dell Stage Remote Dell Touchpad Dell VideoStage Dell Webcam Central Dell WLAN and Bluetooth Client Installation Evernote v. 4.6 Google Chrome Google Update Helper High-Definition Video Playback IDT Audio Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology iTunes Java 7 Update 10 Java 7 Update 9 (64-bit) Java Auto Updater Junk Mail filter update LastPass(uninstall only) Malwarebytes Anti-Malware version 1.70.0.1100 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft PowerPoint Viewer Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MozBackup 1.5.1 Mozilla Firefox 17.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) Nero 10 Movie ThemePack Basic Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero Update PlayReady PC Runtime x86 Premium Service Agreement QualxServ Service Agreement Quickset64 Realtek Ethernet Controller Driver Realtek USB 2.0 Card Reader ScreenPrint32 v3.5 ScreenPrint32 v3.5 (C:\Program Files (x86)\ScreenPrint32 v3\) Secunia PSI (3.0.0.6001) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) SyncUP Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinPatrol Zinio Reader 4 . ==== End Of File =========================== ========== FINISH: 8:55:30.51 ===============
  9. ldmtulsa
    thank you for you offer of support. I have attached the log files you requested. attach.txt dds.txt JRT.txt system-log.txt mbar-log-2013-01-09 (08-32-03).txt
  10. ldmtulsa
    2013/01/08 02:57:04 -0600 OWNER-PC Owner MESSAGE Executing scheduled update: Hourly 2013/01/08 02:57:11 -0600 OWNER-PC Owner MESSAGE Scheduled update executed successfully: database updated from version v2013.01.07.09 to version v2013.01.08.02 2013/01/08 02:57:11 -0600 OWNER-PC Owner MESSAGE Starting database refresh 2013/01/08 02:57:11 -0600 OWNER-PC Owner MESSAGE Stopping IP protection 2013/01/08 02:57:12 -0600 OWNER-PC Owner MESSAGE IP Protection stopped successfully 2013/01/08 02:57:26 -0600 OWNER-PC Owner MESSAGE Database refreshed successfully 2013/01/08 02:57:26 -0600 OWNER-PC Owner MESSAGE Starting IP protection 2013/01/08 02:57:27 -0600 OWNER-PC Owner MESSAGE IP Protection started successfully 2013/01/08 03:10:01 -0600 OWNER-PC Owner IP-BLOCK 58.241.162.110 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 03:10:01 -0600 OWNER-PC Owner IP-BLOCK 58.241.162.110 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 03:10:09 -0600 OWNER-PC Owner IP-BLOCK 58.241.162.110 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 03:10:09 -0600 OWNER-PC Owner IP-BLOCK 58.241.162.110 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 03:13:08 -0600 OWNER-PC Owner IP-BLOCK 222.64.197.147 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 03:13:16 -0600 OWNER-PC Owner IP-BLOCK 222.64.197.147 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 03:13:16 -0600 OWNER-PC Owner IP-BLOCK 222.64.197.147 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 03:13:16 -0600 OWNER-PC Owner IP-BLOCK 222.64.197.147 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 04:31:32 -0600 OWNER-PC Owner MESSAGE Starting protection 2013/01/08 04:31:32 -0600 OWNER-PC Owner MESSAGE Protection started successfully 2013/01/08 04:31:32 -0600 OWNER-PC Owner MESSAGE Starting IP protection 2013/01/08 04:31:33 -0600 OWNER-PC Owner MESSAGE IP Protection started successfully 2013/01/08 05:00:00 -0600 OWNER-PC Owner MESSAGE Executing scheduled scan: Quick Scan | Daily | -remove | -terminate | -log 2013/01/08 05:00:00 -0600 OWNER-PC Owner MESSAGE Scheduled scan executed successfully 2013/01/08 13:53:26 -0600 OWNER-PC Owner IP-BLOCK 222.69.213.115 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 13:53:26 -0600 OWNER-PC Owner IP-BLOCK 222.69.213.115 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 13:53:26 -0600 OWNER-PC Owner IP-BLOCK 222.69.213.115 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 13:53:35 -0600 OWNER-PC Owner IP-BLOCK 222.69.213.115 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 13:53:35 -0600 OWNER-PC Owner IP-BLOCK 222.69.213.115 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 13:53:35 -0600 OWNER-PC Owner IP-BLOCK 222.69.213.115 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 14:42:44 -0600 OWNER-PC Owner IP-BLOCK 80.82.65.247 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 14:42:52 -0600 OWNER-PC Owner IP-BLOCK 80.82.65.247 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 14:42:52 -0600 OWNER-PC Owner IP-BLOCK 80.82.65.247 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 14:45:00 -0600 OWNER-PC Owner MESSAGE Executing scheduled update: Hourly 2013/01/08 14:45:10 -0600 OWNER-PC Owner MESSAGE Scheduled update executed successfully: database updated from version v2013.01.08.02 to version v2013.01.08.12 2013/01/08 14:45:10 -0600 OWNER-PC Owner MESSAGE Starting database refresh 2013/01/08 14:45:10 -0600 OWNER-PC Owner MESSAGE Stopping IP protection 2013/01/08 14:45:11 -0600 OWNER-PC Owner MESSAGE IP Protection stopped successfully 2013/01/08 14:45:13 -0600 OWNER-PC Owner MESSAGE Database refreshed successfully 2013/01/08 14:45:13 -0600 OWNER-PC Owner MESSAGE Starting IP protection 2013/01/08 14:45:14 -0600 OWNER-PC Owner MESSAGE IP Protection started successfully 2013/01/08 16:04:35 -0600 OWNER-PC Owner MESSAGE Executing scheduled update: Hourly 2013/01/08 16:04:36 -0600 OWNER-PC Owner MESSAGE Database already up-to-date 2013/01/08 17:10:45 -0600 OWNER-PC Owner MESSAGE Executing scheduled update: Hourly 2013/01/08 17:10:52 -0600 OWNER-PC Owner MESSAGE Scheduled update executed successfully: database updated from version v2013.01.08.12 to version v2013.01.08.13 2013/01/08 17:10:52 -0600 OWNER-PC Owner MESSAGE Starting database refresh 2013/01/08 17:10:52 -0600 OWNER-PC Owner MESSAGE Stopping IP protection 2013/01/08 17:10:52 -0600 OWNER-PC Owner MESSAGE IP Protection stopped successfully 2013/01/08 17:11:11 -0600 OWNER-PC Owner MESSAGE Database refreshed successfully 2013/01/08 17:11:11 -0600 OWNER-PC Owner MESSAGE Starting IP protection 2013/01/08 17:11:12 -0600 OWNER-PC Owner MESSAGE IP Protection started successfully 2013/01/08 17:46:46 -0600 OWNER-PC Owner MESSAGE Executing scheduled update: Hourly 2013/01/08 17:46:47 -0600 OWNER-PC Owner MESSAGE Database already up-to-date 2013/01/08 17:58:39 -0600 OWNER-PC Owner IP-BLOCK 222.69.214.28 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 17:58:39 -0600 OWNER-PC Owner IP-BLOCK 222.69.214.28 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 17:58:39 -0600 OWNER-PC Owner IP-BLOCK 222.69.214.28 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 17:58:47 -0600 OWNER-PC Owner IP-BLOCK 222.69.214.28 (Type: outgoing, Port: 58389, Process: svchost.exe) 2013/01/08 18:19:44 -0600 OWNER-PC Owner MESSAGE Starting protection 2013/01/08 18:19:44 -0600 OWNER-PC Owner MESSAGE Protection started successfully 2013/01/08 18:19:44 -0600 OWNER-PC Owner MESSAGE Starting IP protection 2013/01/08 18:19:46 -0600 OWNER-PC Owner MESSAGE IP Protection started successfully attach.txt dds.txt protection-log-2013-01-05.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.