Jump to content

musicscott

Members
  • Posts

    18
  • Joined

  • Last visited

Everything posted by musicscott

  1. Hi, all Need some help with my S7. A couple months ago it started serving pop-up ads when I would wake the phone or reboot. I've never clicked on any of the ads, but they all appear to be pointing at the Google Play store and have all been for major brands such as Lyft. The other odd thing I've noticed is that I've always been able to easily and quickly browse the entire phone and sd card when connected to my Ubuntu system. Now, however, when I connect for file transfer the loading times for the directory structures and files are extremely long. Other than these two issues, the phone seems to be working as intended. Carrier: Verizon Phone: Samsung Galaxy S7 OS: Android 8.0.0 (updated 9/11/18, see attached screenshots for details) Phone is NOT rooted No other security software is running Looking forward to chasing this down. All the best, Scott
  2. Dude, this has been such a total nightmare. Good news: I'm back in business and everything is working like it should!!! But, something happened with the virus that resulted in the SATA AHCI settings getting switched to IDE. That's why the system wouldn't recognize my discs. I don't know how I even was able to get it to boot with it set like that. So, I discovered that today. AND: The backup software I was using was Todo EASEUS. Well, I didn't realize that my version only had a 15 day trial period. So, it would start up, accept the settings, and start to run only to crash or hang up. Discovered tonight that I needed to buy the full version. So, between having both the wrong BIOS setting and software that wouldn't run, no wonder I couldn't make any progress. I almost feel like going out in the street and dancing! Anyway, thanks again for all your help and walking me through the steps to figure out what code to run to get rid of the conduit infection. Very kind and generous of you. All the best, Scott
  3. Thanks, I've seen a lot of that stuff. I just poked around in the bios and it isn't recognizing the ssd drives at all. Very odd that it will boot with an ssd that doesn't show up in the bios. I'll keep plugging away at this and see what happens. Again, thanks so much for the help! It is really appreciated and I'll be hitting the Donate button. At this point I think we can consider the virus / trojan issue closed unless you think it did something to the motherboard or bios. All the best, Scott
  4. Thanks, guys. That's exactly what my question was. I was thinking of wiping the drive clean first, then cloning. But, it you're comfortable saying just go ahead and clone and that will get rid of everything on the 120gb ssd, then that saves a step. Thanks! Scott
  5. I think I'll be ok at this point. The ssd boot drive that was in the machine when it got infected is evidently bad now. It isn't being recognized easily by the system and I've tried to clone the drive we just cleaned up to it twice now and it isn't working. Everything looks like it is going well, then toward the end I get an error message that it couldn't write to a sector. Since I only got the ssd two months ago, it is still under warranty, so I'll return it and see what a fresh one does. Does it make sense to you that this is a hardware issue at this point? The bios isn't even recognizing the drive, so I'm think it was damaged from the trojan. Scott
  6. Hi, all This has probably been answered before, but since ssd is only three letters the forum search engine won't let me search for it. I built my system with two drives: SSD boot drive with windows and a traditoinal hard disc for data and programs. I recently upgraded the SSD and replaced the orginal 40gb one with a newer one that is 120gb. After cloning and swapping them, the 120gb drive and hard disc became infected. I was able to put the original 40gb ssd back into the machine to get a clean boot and clean up the infection. My next step is to get the larger drive back into the system. First, tho, I want to wipe the 120gb drive so I can start with a clean drive before i go back through the cloning process. I've tried to created the Parted Magic bootable usb, but it isn't working to boot for some reason. With that background, here's my question: What do I need to do in order to clean the 120gb ssd to get it back into the system? Scott
  7. I think they're in pretty good shape. Give me about 24 hours to really make sure and then we can consider this resolved. Do you think I'm ok at this point to reformat my other ssd drive and clone this one to it? Before I start updating windows and other things, I need to get the bigger ssd in the machine. I don't have enough room on the one that I'm using right now. Scott
  8. Here's the ESET log. Ran it with virus disabled. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK I'm assuming this looks pretty gooD? Scott
  9. This all went well, no problems. Here's the output. sc ComboFix 13-01-12.01 - Scott 01/12/2013 13:12:25.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.5976 [GMT -8:00] Running from: c:\users\Scott\Desktop\ComboFix.exe Command switches used :: c:\users\Scott\Desktop\CFScript.txt.txt AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 ))))))))))))))))))))))))))))))) . . 2013-01-12 21:16 . 2013-01-12 21:16 -------- d-----w- c:\users\Donna\AppData\Local\temp 2013-01-12 21:16 . 2013-01-12 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-11 04:54 . 2013-01-11 04:54 -------- d-----w- c:\windows\ERUNT 2013-01-11 04:54 . 2013-01-11 04:54 -------- d-----w- C:\JRT 2013-01-09 00:36 . 2013-01-09 00:36 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes 2013-01-09 00:36 . 2013-01-09 00:36 -------- d-----w- c:\programdata\Malwarebytes 2013-01-09 00:36 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-09 00:35 . 2013-01-09 00:35 -------- d-----w- c:\users\Scott\AppData\Local\Programs 2013-01-08 04:50 . 2013-01-08 04:50 -------- d-----w- c:\program files (x86)\ESET . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-08 23:45 . 2012-04-05 20:13 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-08 23:45 . 2011-06-03 06:55 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-17 01:31 . 2010-12-27 23:44 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-20 07:02 . 2012-12-01 01:23 24136 ----a-w- c:\windows\system32\fbnative.exe 2012-10-20 07:02 . 2012-12-01 01:24 189000 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys 2012-10-20 07:02 . 2012-12-01 01:24 48200 ----a-w- c:\windows\system32\drivers\EUBKMON.sys 2012-10-20 07:02 . 2012-12-01 01:24 18504 ----a-w- c:\windows\system32\drivers\eudskacs.sys 2012-10-20 07:02 . 2012-12-01 01:24 58952 ----a-w- c:\windows\system32\drivers\eubakup.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\Scott\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-25 1199576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-18 976832] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904] "CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496] "Acrobat Assistant 8.0"="b:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "QFan Help"="b:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2010-03-25 611968] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-20 98304] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "AirPort Base Station Agent"="b:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360] "EaseUs Watch"="b:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2012-10-20 70728] "EaseUs Tray"="b:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-10-30 1315400] . c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Epson all-in-one Registration.lnk - d:\common\EpsonReg\EpsonReg.exe [N/A] EvernoteClipper.lnk - b:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-12-3 1044320] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Google Calendar Sync.lnk - b:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264] Logitech SetPoint.lnk - b:\program files\Logitech\SetPoint\SetPoint.exe [2010-12-27 1207312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="b:\program files (x86)\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" "Adobe Acrobat Speed Launcher"="b:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Desktop Disc Tool"="b:\program files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe" "TkBellExe"="b:\real player\Update\realsched.exe" -osboot . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288] R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [2010-02-12 1101600] R3 MAUSBMOBILEPREII;Service for M-Audio MobilePre II;c:\windows\system32\DRIVERS\MAudioMobilePreII.sys [2010-06-22 484360] R3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\DRIVERS\MarvinAVS64.sys [2007-05-09 484736] R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-28 1255736] R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 acs6nts;acs6nts;c:\windows\system32\DRIVERS\acs6nts.sys [2010-06-01 29744] S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-10-20 58952] S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-10-20 48200] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [2009-06-02 27120] S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [2009-06-02 19952] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [2012-10-23 1384608] S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-10-20 18504] S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-10-20 189000] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130111.002\IDSvia64.sys [2013-01-05 513184] S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [2009-06-02 27632] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168] S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-03 457200] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896] S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-09-13 39408] S2 EaseUS Agent;EaseUS Agent Service;b:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-10-31 69192] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512] S2 Guard Agent;Guard Agent Service;b:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-10-20 23624] S2 MobilePreIIAudioDevMon;MobilePre Audio Device Monitor;c:\program files (x86)\M-Audio\MobilePre\AudioDevMon.exe [2010-06-22 1923592] S2 NIS;Norton Internet Security;b:\program files\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008] S2 TeamViewer6;TeamViewer 6;b:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-08 2028864] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 SynUSB64;eLicenser;c:\windows\system32\DRIVERS\SynUSB64.sys [2010-09-17 30352] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-11 18:50 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 23:45] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 20:09] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 20:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.linkedin.com/secure/login mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4.0 - b:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - b:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - b:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 10.0.1.1 FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - ExtSQL: 2012-11-23 22:29; {E0B8C461-F8FB-49b4-8373-FE32E9252800}; c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"b:\program files\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"b:\program files\Engine\18.7.2.3\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3919128133-3168595497-1692597096-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-3919128133-3168595497-1692597096-1000) @Denied: (2) (LocalSystem) "Progid"="ThunderbirdEML" . [HKEY_USERS\S-1-5-21-3919128133-3168595497-1692597096-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\04\06\15\13*\180" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-12 13:17:23 ComboFix-quarantined-files.txt 2013-01-12 21:17 ComboFix2.txt 2013-01-11 23:23 . Pre-Run: 1,485,017,088 bytes free Post-Run: 1,750,433,792 bytes free . - - End Of File - - 9A63323ED39E7142C0AC4935B9E9162A
  10. Here ya go. ComboFix ran perfectly, no issues at all. Let me know when I can uninstall it. Here's the log: ComboFix 13-01-11.02 - Scott 01/11/2013 15:18:11.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.6379 [GMT -8:00] Running from: c:\users\Scott\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . B:\install.exe . . ((((((((((((((((((((((((( Files Created from 2012-12-11 to 2013-01-11 ))))))))))))))))))))))))))))))) . . 2013-01-11 04:54 . 2013-01-11 04:54 -------- d-----w- c:\windows\ERUNT 2013-01-11 04:54 . 2013-01-11 04:54 -------- d-----w- C:\JRT 2013-01-09 00:36 . 2013-01-09 00:36 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes 2013-01-09 00:36 . 2013-01-09 00:36 -------- d-----w- c:\programdata\Malwarebytes 2013-01-09 00:36 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-09 00:35 . 2013-01-09 00:35 -------- d-----w- c:\users\Scott\AppData\Local\Programs 2013-01-08 04:50 . 2013-01-08 04:50 -------- d-----w- c:\program files (x86)\ESET . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-08 23:45 . 2012-04-05 20:13 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-08 23:45 . 2011-06-03 06:55 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-17 01:31 . 2010-12-27 23:44 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-20 07:02 . 2012-12-01 01:23 24136 ----a-w- c:\windows\system32\fbnative.exe 2012-10-20 07:02 . 2012-12-01 01:24 189000 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys 2012-10-20 07:02 . 2012-12-01 01:24 48200 ----a-w- c:\windows\system32\drivers\EUBKMON.sys 2012-10-20 07:02 . 2012-12-01 01:24 18504 ----a-w- c:\windows\system32\drivers\eudskacs.sys 2012-10-20 07:02 . 2012-12-01 01:24 58952 ----a-w- c:\windows\system32\drivers\eubakup.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\Scott\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-25 1199576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-18 976832] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904] "CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496] "Acrobat Assistant 8.0"="b:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "QFan Help"="b:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2010-03-25 611968] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-20 98304] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "AirPort Base Station Agent"="b:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360] "EaseUs Watch"="b:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2012-10-20 70728] "EaseUs Tray"="b:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-10-30 1315400] . c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Epson all-in-one Registration.lnk - d:\common\EpsonReg\EpsonReg.exe [N/A] EvernoteClipper.lnk - b:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-12-3 1044320] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Google Calendar Sync.lnk - b:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264] Logitech SetPoint.lnk - b:\program files\Logitech\SetPoint\SetPoint.exe [2010-12-27 1207312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="b:\program files (x86)\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" "Adobe Acrobat Speed Launcher"="b:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Desktop Disc Tool"="b:\program files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe" "TkBellExe"="b:\real player\Update\realsched.exe" -osboot . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288] R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [2010-02-12 1101600] R3 MAUSBMOBILEPREII;Service for M-Audio MobilePre II;c:\windows\system32\DRIVERS\MAudioMobilePreII.sys [2010-06-22 484360] R3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\DRIVERS\MarvinAVS64.sys [2007-05-09 484736] R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-28 1255736] R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 acs6nts;acs6nts;c:\windows\system32\DRIVERS\acs6nts.sys [2010-06-01 29744] S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-10-20 58952] S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-10-20 48200] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [2009-06-02 27120] S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [2009-06-02 19952] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [2012-10-23 1384608] S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-10-20 18504] S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-10-20 189000] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130111.001\IDSvia64.sys [2013-01-05 513184] S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [2009-06-02 27632] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168] S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-03 457200] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896] S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-09-13 39408] S2 EaseUS Agent;EaseUS Agent Service;b:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-10-31 69192] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512] S2 Guard Agent;Guard Agent Service;b:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-10-20 23624] S2 MobilePreIIAudioDevMon;MobilePre Audio Device Monitor;c:\program files (x86)\M-Audio\MobilePre\AudioDevMon.exe [2010-06-22 1923592] S2 NIS;Norton Internet Security;b:\program files\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008] S2 TeamViewer6;TeamViewer 6;b:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-08 2028864] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 SynUSB64;eLicenser;c:\windows\system32\DRIVERS\SynUSB64.sys [2010-09-17 30352] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-11 18:50 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 23:45] . 2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 20:09] . 2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 20:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.linkedin.com/secure/login mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4.0 - b:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - b:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - b:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 10.0.1.1 FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q= FF - ExtSQL: 2012-11-23 22:29; {E0B8C461-F8FB-49b4-8373-FE32E9252800}; c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"b:\program files\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"b:\program files\Engine\18.7.2.3\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3919128133-3168595497-1692597096-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-3919128133-3168595497-1692597096-1000) @Denied: (2) (LocalSystem) "Progid"="ThunderbirdEML" . [HKEY_USERS\S-1-5-21-3919128133-3168595497-1692597096-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\04\06\15\13*\180" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-11 15:23:25 ComboFix-quarantined-files.txt 2013-01-11 23:23 . Pre-Run: 1,368,915,968 bytes free Post-Run: 1,417,003,008 bytes free . - - End Of File - - 26B020E29C67E4791BDC20879CD36D21
  11. Last, but not least, thanks for your help. Really appreciated.
  12. Here's the contents for attach.dds UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/27/2010 3:18:51 PM System Uptime: 1/10/2013 8:41:00 PM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | P7P55D-E PRO Processor: Intel® Core i5 CPU 760 @ 2.80GHz | LGA1156 | 2801/133mhz . ==== Disk Partitions ========================= . B: is FIXED (NTFS) - 932 GiB total, 815.313 GiB free. C: is FIXED (NTFS) - 37 GiB total, 1.638 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 3ivx MPEG-4 5.0.3 (remove only) Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe Acrobat 9.5.2 - CPSID_83708 Adobe AIR Adobe Community Help Adobe Content Viewer Adobe Creative Suite 5 Web Premium Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe InDesign CS5.5 Adobe Media Player Adobe Reader X (10.1.4) Adobe Shockwave Player 11.5 AI Suite Airline Tycoon 2 v1.00 AirPort Alice Greenfingers All My Gods Amazon MP3 Downloader 1.0.15 Amazon Music Importer AmpliTube X-GEAR Apple Application Support Apple Mobile Device Support Apple Software Update Artisteer 2 Assassin's Creed Assassin's Creed II ASUS VGA Driver ASUSUpdate ATI AVIVO64 Codecs ATI Catalyst Install Manager Audio Creator LE 1.5 Avery Wizard 4.0 Big Fish Games: Game Manager Bing Bar BlackBerry Desktop Software 6.1 BlackBerry Device Software Updater Bonjour Bonjour Print Services Boris Graffiti Build-a-lot 2: Town of the Year Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help English CDDRV_Installer City of Fools ConvertHelper 2.2 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition EaseUS Todo Backup Free 5.3 Echoes of the Past: The Citadels of Time eLicenser Control Emerald City Confidential Epson Event Manager Epson FAX Utility Epson PC-FAX Driver EPSON Scan EPSON WorkForce 840 Series Printer Uninstall EpsonNet Print EpsonNet Setup 3.3 erLT ESET Online Scanner v3 Evernote v. 4.5.10 Farm Frenzy 3: Ice Age Farmington Tales Forgotten Lands: First Colony ™ GameSpy Arcade Google Calendar Sync Google Chrome Google Update Helper Haunted Domains Hobby Farm Insaniquarium! Deluxe Ipswitch WS_FTP 12 iTunes Junk Mail filter update KhalInstallWrapper Logitech SetPoint Lost Cases of Sherlock Holmes Love Chronicles: The Spell M-Audio MobilePre Driver 1.0.4 (x64) Magic Bullet Looks Studio Malwarebytes Anti-Malware version 1.70.0.1100 Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Microsoft_VC90_MFCLOC_x86 Midnight Mysteries 3: Devil on the Mississippi MobileMe Control Panel Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Firefox 4.0 (x86 en-US) Mozilla Thunderbird (3.1.9) Mozilla Thunderbird 16.0.2 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Music Creator 5 Musicnotes Software Suite 1.5.5 muvee Plugin 1.0 My Kingdom for the Princess III Mystery Case Files ®: 13th Skull ™ Mystery of Mortlake Mansion Mystery Trackers: Raincliff Mystery Trackers: The Void Nancy Drew: Shadow at the Water's Edge NEC Electronics USB 3.0 Host Controller Driver New Yankee in King Arthur's Court Northern Tale Norton Internet Security Notepad++ Paranormal Crime Investigations: Brotherhood of the Crescent Snake Collector's Edition PC Probe II PDF Settings CS5 Pinnacle Studio 12 Pinnacle Studio 12 Ultimate Plugins Pinnacle Video Driver Pioneer Lands Plantasia Plants vs. Zombies proDAD Vitascene 1.0 QuickTime Rainbow Web 3 Ravensburger Puzzle Selection RBVirtualFolder64Inst RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Rescue Team Roads of Rome II Roads of Rome III Roxio BackOnTrack Roxio Burn Roxio CinePlayer Roxio CinePlayer Decoder Pack Roxio Creator 2011 Roxio PhotoShow Roxio Video Capture USB Royal Envoy 2 Collector's Edition Sacra Terra: Angelic Night Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition SmartSound Common Data SmartSound Quicktracks 5 Spotify Stamps.com Stamps.com Address Book Support for Microsoft Outlook 97-2010 Stamps.com Application Support for Microsoft Outlook 2000-2010 Stamps.com Application Support for Microsoft Word 2000-2010 Stamps.com support for Microsoft Outlook 2000-2010 Stamps.com support for Microsoft Outlook 97-2010 Stamps.com support for Microsoft Word 2000-2010 Steinberg Cubase 5 64bit Steinberg Groove Agent ONE Content Steinberg Groove Agent ONE Vintage Beatboxes Steinberg HALionOne 64bit Steinberg HALionOne Expression Set Steinberg HALionOne GM Drum Set Steinberg HALionOne GM Set Steinberg HALionOne Pro Set Steinberg HALionOne Studio Drum Set Steinberg HALionOne Studio Set Steinberg LoopMash Content Steinberg REVerence Content 01 Stronghold Stronghold 2 Stronghold Crusader Extreme Stronghold Legends TeamViewer 6 The Island: Castaway The Island: Castaway 2 The Promised Land The TimeBuilders: Pyramid Rising 2 TuneUp Utilities 2011 TuneUp Utilities Language Pack (en-US) TV Farm Ubisoft Game Launcher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition US122 Driver 3.30 Vacation Quest: Australia VD64Inst WampServer 2.2 Westward II: Heroes of the Frontier Westward III: Gold Rush Westward IV: All Aboard Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinZip 15.5 WinZip Courier Zoo Tycoon 2 - Extinct Animals . ==== End Of File =========================== Here's the contents of the dds log (which is still showing a BHO object as the URLREDIR.dll file) DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16450 Run by Scott at 21:48:35 on 2013-01-10 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.6166 [GMT -8:00] . AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe b:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE b:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe C:\Program Files (x86)\M-Audio\MobilePre\AudioDevMon.exe B:\Program files\Engine\18.7.2.3\ccSvcHst.exe C:\Windows\system32\taskhost.exe B:\Program files\Engine\18.7.2.3\ccSvcHst.exe C:\Windows\system32\Dwm.exe B:\Program files\Logitech\SetPoint\LBTWiz.exe C:\Users\Scott\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe B:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe B:\Program files\Logitech\SetPoint\SetPoint.exe C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe B:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe B:\Program files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe B:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe B:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE B:\Program Files (x86)\AirPort\APAgent.exe B:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe B:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted b:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\System32\vds.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wuauclt.exe C:\Windows\explorer.exe B:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\explorer.exe B:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe B:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxps://www.linkedin.com/secure/login mWinlogon: Userinit = C:\Windows\System32\userinit.exe BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - B:\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - B:\Program files\Engine\18.7.2.3\coieplg.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - B:\Program files\Engine\18.7.2.3\ips\ipsbho.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - B:\Program Files (x86)\WinZip Courier\wzwmcie.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - B:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - B:\Program files\Engine\18.7.2.3\coieplg.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - B:\Program files\Engine\18.7.2.3\coieplg.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - B:\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll uRun: [EPSONB81B65 (WorkForce 840)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGMA.EXE /FU "C:\Windows\TEMP\E_S1F23.tmp" /EF "HKCU" uRun: [EPSON WorkForce 840 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGMA.EXE /FU "C:\Windows\TEMP\E_S4D35.tmp" /EF "HKCU" uRun: [spotify Web Helper] "C:\Users\Scott\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [Acrobat Assistant 8.0] "B:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [QFan Help] "B:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AirPort Base Station Agent] "B:\Program Files (x86)\AirPort\APAgent.exe" mRun: [EaseUs Watch] "b:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" mRun: [EaseUs Tray] "b:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" mRunOnce: [Z1] B:\Users\Scott\Downloads\mbar-1.01.0.1011\mbar\mbar.exe /cleanup /s StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONA~1.LNK - D:\Common\EpsonReg\EpsonReg.exe StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - B:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - B:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - B:\Program files\Logitech\SetPoint\SetPoint.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Evernote 4.0 - B:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - B:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - B:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - B:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - B:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - B:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: NameServer = 10.0.1.1 TCP: Interfaces\{048FC948-2133-4906-ABFA-E6F7D1200C14} : DHCPNameServer = 10.0.1.1 TCP: Interfaces\{1002CBC1-91EE-4A6A-8C9D-5481E0A2A963} : DHCPNameServer = 10.0.1.1 TCP: Interfaces\{76D9561D-DEFC-4CFD-9482-D77DA5935764} : DHCPNameServer = 10.0.1.1 TCP: Interfaces\{93E2F36C-5396-421D-B4B6-87E1F6A98F60} : DHCPNameServer = 10.0.1.1 TCP: Interfaces\{C11890CA-6852-43CD-90A6-918707133DE7} : DHCPNameServer = 10.0.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE x64-Run: [bluetooth Connection Assistant] LBTWIZ.EXE -silent x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q= FF - component: B:\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll FF - plugin: B:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: B:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: B:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll FF - plugin: b:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll FF - plugin: B:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: B:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: B:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll FF - plugin: B:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll FF - plugin: b:\Program Files (x86)\Musicnotes\npmusicn.dll FF - plugin: b:\Program Files (x86)\Musicnotes\NPSibelius.dll FF - plugin: B:\Program Files (x86)\WinZip Courier\npwzwmc.dll FF - plugin: b:\real player\Netscape6\nppl3260.dll FF - plugin: b:\real player\Netscape6\nprjplug.dll FF - plugin: b:\real player\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll FF - ExtSQL: 2012-11-23 22:29; {E0B8C461-F8FB-49b4-8373-FE32E9252800}; C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} . ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ============= SERVICES / DRIVERS =============== . R0 acs6nts;acs6nts;C:\Windows\System32\drivers\acs6nts.sys [2010-6-1 29744] R0 EUBAKUP;EUBAKUP;C:\Windows\System32\drivers\eubakup.sys [2012-11-30 58952] R0 EUBKMON;EUBKMON;C:\Windows\System32\drivers\EUBKMON.sys [2012-11-30 48200] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-25 55856] R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2011-3-25 27120] R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2011-3-25 19952] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys [2012-6-11 450680] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2012-6-11 912504] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [2013-1-9 1384608] R1 EUDSKACS;EUDSKACS;C:\Windows\System32\drivers\eudskacs.sys [2012-11-30 18504] R1 EUFDDISK;EUFDDISK;C:\Windows\System32\drivers\EuFdDisk.sys [2012-11-30 189000] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130111.001\IDSviA64.sys [2013-1-10 513184] R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2011-3-25 27632] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2012-6-11 171128] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys [2012-6-11 386168] R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-10-19 203776] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-12-27 96896] R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-8-30 39408] R2 EaseUS Agent;EaseUS Agent Service;B:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-11-30 69192] R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-6-12 166400] R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-6-12 128512] R2 Guard Agent;Guard Agent Service;B:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-11-30 23624] R2 MobilePreIIAudioDevMon;MobilePre Audio Device Monitor;C:\Program Files (x86)\M-Audio\MobilePre\AudioDevMon.exe [2010-6-21 1923592] R2 NIS;Norton Internet Security;B:\Program files\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008] R2 TeamViewer6;TeamViewer 6;B:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-28 2337144] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-8 2028864] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-10 138912] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-10-26 75264] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-10-26 176640] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] R3 SynUSB64;eLicenser;C:\Windows\System32\drivers\synusb64.sys [2011-1-3 30352] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-2-10 11856] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288] S3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2010-12-27 1101600] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-18 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 MAUSBMOBILEPREII;Service for M-Audio MobilePre II;C:\Windows\System32\drivers\MAudioMobilePreII.sys [2010-6-21 484360] S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\Windows\System32\drivers\MarvinAVS64.sys [2011-4-1 484736] S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-11 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-27 1255736] S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . FileExt: .js: jsfile="B:\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1" ShellExec: dreamweaver.exe: Open="B:\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-01-11 04:54:59 -------- d-----w- C:\Windows\ERUNT 2013-01-11 04:54:44 -------- d-----w- C:\JRT 2013-01-09 00:36:40 -------- d-----w- C:\Users\Scott\AppData\Roaming\Malwarebytes 2013-01-09 00:36:29 -------- d-----w- C:\ProgramData\Malwarebytes 2013-01-09 00:36:27 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-01-09 00:35:44 -------- d-----w- C:\Users\Scott\AppData\Local\Programs 2013-01-08 04:50:15 -------- d-----w- C:\Program Files (x86)\ESET . ==================== Find3M ==================== . 2013-01-08 23:45:19 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-08 23:45:19 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-25 11:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-10-25 11:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-10-20 07:02:22 24136 ----a-w- C:\Windows\System32\fbnative.exe 2012-10-20 07:02:16 189000 ----a-w- C:\Windows\System32\drivers\EuFdDisk.sys 2012-10-20 07:02:12 48200 ----a-w- C:\Windows\System32\drivers\EUBKMON.sys 2012-10-20 07:02:06 18504 ----a-w- C:\Windows\System32\drivers\eudskacs.sys 2012-10-20 07:02:04 58952 ----a-w- C:\Windows\System32\drivers\eubakup.sys . ============= FINISH: 21:48:42.70 ===============
  13. Here's the JRT log, looks like there was a couple of things there. Junkware Removal Tool (JRT) by Thisisu Version: 4.4.2 (01.08.2013:1) OS: Windows 7 Professional x64 Ran by Scott on Thu 01/10/2013 at 20:55:00.95 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ba14329e-9550-4989-b3f2-9732e92d17cc} Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440} ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\conduit Successfully deleted: [Registry Key] hkey_local_machine\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2504091 Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afbcb7e0-f91a-4951-9f31-58fee57a25c4} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Scott\AppData\Roaming\opencandy" Successfully deleted: [Folder] "C:\Users\Scott\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\Scott\appdata\local\opencandy" Successfully deleted: [Folder] "C:\Users\Scott\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\Scott\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Program Files (x86)\conduit" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 01/10/2013 at 21:00:13.67 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malware bytes system log: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: B:\ DRIVE_FIXED, C:\ DRIVE_FIXED CPU speed: 2.808000 GHz Memory total: 8587890688, free: 6371524608 ------------ Kernel report ------------ 01/10/2013 21:07:37 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\vmbus.sys \SystemRoot\system32\drivers\winhv.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\DRIVERS\acs6nts.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\NISx64\1207020.003\SYMDS64.SYS \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\system32\drivers\sbp2port.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\Saibad64.sys \SystemRoot\System32\Drivers\Sahdad64.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\EUBKMON.sys \SystemRoot\system32\drivers\eubakup.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS \SystemRoot\system32\drivers\NISx64\1207020.003\Ironx64.SYS \SystemRoot\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS \SystemRoot\System32\Drivers\SaibVdAd64.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \??\C:\Windows\system32\drivers\EuFdDisk.sys \??\C:\Windows\system32\drivers\eudskacs.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130107.001\BHDrvx64.sys \SystemRoot\SysWow64\drivers\AsUpIO.sys \SystemRoot\SysWow64\drivers\AsIO.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\nusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\ASACPI.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\System32\Drivers\RootMdm.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\MarvinBus64.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\nusb3hub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtiHdmi.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\Drivers\LUsbFilt.Sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\LHidFilt.Sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\LMouFilt.Sys \SystemRoot\system32\DRIVERS\SynUSB64.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20121130.016\EX64.SYS \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20121130.016\ENG64.SYS \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130108.002\IDSvia64.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\shell32.dll \Windows\System32\imagehlp.dll \Windows\System32\difxapi.dll \Windows\System32\msvcrt.dll \Windows\System32\urlmon.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa800780f060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP7T0L0-d\ Lower Device Object: 0xfffffa8007536060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800780e790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-b\ Lower Device Object: 0xfffffa8007538060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Downloaded database version: v2013.01.11.05 Downloaded database version: v2013.01.04.01 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800780e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007657b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800780e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007656a20, DeviceName: Unknown, DriverName: \Driver\Sahdad64\ DevicePointer: 0xfffffa8007538060, DeviceName: \Device\Ide\IdeDeviceP0T1L0-b\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffff8a015b910d0, 0xfffffa800780e790, 0xfffffa80074d3090 Lower DeviceData: 0xfffff8a010e8a680, 0xfffffa8007538060, 0xfffffa800a1dbcf0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... The directory C:\Windows\system32\drivers seems inaccessible or encrypted. Drivers scan is aborted. Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 32B446F4 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 77950976 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 40018599936 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-78141328-78161328)... Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa800780f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800780fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800780f060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007658a20, DeviceName: Unknown, DriverName: \Driver\Sahdad64\ DevicePointer: 0xfffffa800754a520, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8007536060, DeviceName: \Device\Ide\IdeDeviceP7T0L0-d\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffff8a015243520, 0xfffffa800780f060, 0xfffffa8008f36790 Lower DeviceData: 0xfffff8a00ffd0590, 0xfffffa8007536060, 0xfffffa80073ee670 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: A42F7845 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1953519616 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... <<<2>>> Device number: 1, partition: 1 <<<3>>> Volume: B: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Scan finished ======================================= The Malware bytes log Malwarebytes Anti-Rootkit 1.01.0.1011 www.malwarebytes.org Database version: v2013.01.11.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Scott :: CUNNINGHAM [administrator] 1/10/2013 9:26:28 PM mbar-log-2013-01-10 (21-26-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 32586 Time elapsed: 18 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS logs will be in next post
  14. Hey, Maniac My bad...got confused with the note at the top of this saying not to post it. Here it is: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/27/2010 3:18:51 PM System Uptime: 1/8/2013 10:08:39 PM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | P7P55D-E PRO Processor: Intel® Core i5 CPU 760 @ 2.80GHz | LGA1156 | 2808/133mhz . ==== Disk Partitions ========================= . B: is FIXED (NTFS) - 932 GiB total, 814.616 GiB free. C: is FIXED (NTFS) - 37 GiB total, 0.815 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 3ivx MPEG-4 5.0.3 (remove only) Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe Acrobat 9.5.2 - CPSID_83708 Adobe AIR Adobe Community Help Adobe Content Viewer Adobe Creative Suite 5 Web Premium Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe InDesign CS5.5 Adobe Media Player Adobe Reader X (10.1.4) Adobe Shockwave Player 11.5 AI Suite Airline Tycoon 2 v1.00 AirPort Alice Greenfingers All My Gods Amazon MP3 Downloader 1.0.15 Amazon Music Importer AmpliTube X-GEAR Apple Application Support Apple Mobile Device Support Apple Software Update Artisteer 2 Assassin's Creed Assassin's Creed II ASUS VGA Driver ASUSUpdate ATI AVIVO64 Codecs ATI Catalyst Install Manager Audio Creator LE 1.5 Avery Wizard 4.0 Big Fish Games: Game Manager Bing Bar BlackBerry Desktop Software 6.1 BlackBerry Device Software Updater Bonjour Bonjour Print Services Boris Graffiti Build-a-lot 2: Town of the Year Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help English CDDRV_Installer City of Fools ConvertHelper 2.2 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition EaseUS Todo Backup Free 5.3 Echoes of the Past: The Citadels of Time eLicenser Control Emerald City Confidential Epson Event Manager Epson FAX Utility Epson PC-FAX Driver EPSON Scan EPSON WorkForce 840 Series Printer Uninstall EpsonNet Print EpsonNet Setup 3.3 erLT ESET Online Scanner v3 Evernote v. 4.5.10 Farm Frenzy 3: Ice Age Farmington Tales Forgotten Lands: First Colony ™ GameSpy Arcade Google Calendar Sync Google Chrome Google Update Helper Haunted Domains Hobby Farm Insaniquarium! Deluxe Ipswitch WS_FTP 12 iTunes Junk Mail filter update KhalInstallWrapper Logitech SetPoint Lost Cases of Sherlock Holmes Love Chronicles: The Spell M-Audio MobilePre Driver 1.0.4 (x64) Magic Bullet Looks Studio Malwarebytes Anti-Malware version 1.70.0.1100 Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Microsoft_VC90_MFCLOC_x86 Midnight Mysteries 3: Devil on the Mississippi MobileMe Control Panel Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Firefox 4.0 (x86 en-US) Mozilla Thunderbird (3.1.9) Mozilla Thunderbird 16.0.2 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Music Creator 5 Musicnotes Software Suite 1.5.5 muvee Plugin 1.0 My Kingdom for the Princess III Mystery Case Files ®: 13th Skull ™ Mystery of Mortlake Mansion Mystery Trackers: Raincliff Mystery Trackers: The Void Nancy Drew: Shadow at the Water's Edge NEC Electronics USB 3.0 Host Controller Driver New Yankee in King Arthur's Court Northern Tale Norton Internet Security Notepad++ Paranormal Crime Investigations: Brotherhood of the Crescent Snake Collector's Edition PC Probe II PDF Settings CS5 Pinnacle Studio 12 Pinnacle Studio 12 Ultimate Plugins Pinnacle Video Driver Pioneer Lands Plantasia Plants vs. Zombies proDAD Vitascene 1.0 QuickTime Rainbow Web 3 Ravensburger Puzzle Selection RBVirtualFolder64Inst RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Rescue Team Roads of Rome II Roads of Rome III Roxio BackOnTrack Roxio Burn Roxio CinePlayer Roxio CinePlayer Decoder Pack Roxio Creator 2011 Roxio PhotoShow Roxio Video Capture USB Royal Envoy 2 Collector's Edition Sacra Terra: Angelic Night Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition SmartSound Common Data SmartSound Quicktracks 5 Spotify Stamps.com Stamps.com Address Book Support for Microsoft Outlook 97-2010 Stamps.com Application Support for Microsoft Outlook 2000-2010 Stamps.com Application Support for Microsoft Word 2000-2010 Stamps.com support for Microsoft Outlook 2000-2010 Stamps.com support for Microsoft Outlook 97-2010 Stamps.com support for Microsoft Word 2000-2010 Steinberg Cubase 5 64bit Steinberg Groove Agent ONE Content Steinberg Groove Agent ONE Vintage Beatboxes Steinberg HALionOne 64bit Steinberg HALionOne Expression Set Steinberg HALionOne GM Drum Set Steinberg HALionOne GM Set Steinberg HALionOne Pro Set Steinberg HALionOne Studio Drum Set Steinberg HALionOne Studio Set Steinberg LoopMash Content Steinberg REVerence Content 01 Stronghold Stronghold 2 Stronghold Crusader Extreme Stronghold Legends TeamViewer 6 The Island: Castaway The Island: Castaway 2 The Promised Land The TimeBuilders: Pyramid Rising 2 TuneUp Utilities 2011 TuneUp Utilities Language Pack (en-US) TV Farm Ubisoft Game Launcher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition US122 Driver 3.30 Vacation Quest: Australia VD64Inst Vuze Vuze Remote Toolbar WampServer 2.2 Westward II: Heroes of the Frontier Westward III: Gold Rush Westward IV: All Aboard Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinZip 15.5 WinZip Courier Zoo Tycoon 2 - Extinct Animals . ==== Event Viewer Messages From Past Week ======== . 1/8/2013 10:11:22 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 1/8/2013 10:09:19 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 1/8/2013 10:09:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 1/8/2013 10:09:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 1/8/2013 10:09:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO BHDrvx64 discache eeCtrl EUDSKACS EUFDDISK IDSVia64 MpFilter SaibVdAd64 spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6 1/7/2013 8:47:19 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004 1/7/2013 8:47:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect. 1/7/2013 8:46:31 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File ===========================
  15. musicscott

    Newbie

    Hi, all Just joined the forums and wanted to introduce myself. At 45, just left a professor position and am looking for a career change toward music. Been involved in one way or another for about 8 years now. I've always been fascinated by pc's and have a knack for picking up programs and using them pretty easily. Have written html and css, would like to learn Android to make some apps. Looking forward to hanging around here and seeing what all I can pick up (that is virus free). Cheers, Scott
  16. I forgot to mention that the dds scan was in safe mode with networking enabled. sc
  17. Hi, all Brand new to the site, so I hope I've got everything here I need. Running Win7/64-bit. Have two drives: an SSD for booting and OS and a second drive for programs and storage. In December, I replaced my 40gb SSD with a new 120GB SSD. Fortunately, I still have the original one. About 7 days ago, the machine went all funky while my wife was playing a game online through Big Fish Games. She's never had an issue with this site. We lost all control over the mouse, I couldn't get into my profile on the machine, Firefox was acting very strange (loading slow, not getting to pages). Firefox would not let me get to any anti-malware sites and would lock up any time I tried. I ran several scans from safe mode with Avast and RootKit Killer, none of them found anything on either drive. I then thought of swapping out the SSD cards and seeing if I could get a clean boot with the original card. I can do that and have managed to do a couple of things. The first thing I did was run the eset online scan. It came back with this: B:\Program Files (x86)\EaseUS\Todo Backup\bin\PxeServer.dll a variant of Win32/TFTPD32.A application cleaned by deleting - quarantined B:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll a variant of Win32/Bunndle application cleaned by deleting - quarantined B:\Users\Scott\Downloads\musicnotesSuite.exe Win32/OpenCandy application cleaned by deleting - quarantined B:\Users\Scott\Downloads\winzip155.exe Win32/OpenCandy application deleted - quarantined B:\Users\Scott\Downloads\wzcourier30.exe Win32/OpenCandy application deleted - quarantined The next thing I did was run Hijack This. I'm seeing some references to a redirect dll file on my programs and storage drive. The dds.txt file is below. I do know that my AV defs are out of date on the original boot SSD. This is simply because of space issues on that drive. Everything was on and current at the time the machine started having issues. Thanks and I look forward to hearing back for you. Scott DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 9.0.8112.16450 Run by Scott at 22:11:39 on 2013-01-08 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.6697 [GMT -8:00] . AV: Norton Internet Security *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Norton Internet Security *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\explorer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxps://www.linkedin.com/secure/login uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll mWinlogon: Userinit = C:\Windows\System32\userinit.exe BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - B:\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - B:\Program files\Engine\18.7.2.3\coieplg.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - B:\Program files\Engine\18.7.2.3\ips\ipsbho.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - B:\Program Files (x86)\WinZip Courier\wzwmcie.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - B:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - B:\Program files\Engine\18.7.2.3\coieplg.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - B:\Program files\Engine\18.7.2.3\coieplg.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - B:\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll uRun: [EPSONB81B65 (WorkForce 840)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGMA.EXE /FU "C:\Windows\TEMP\E_S1F23.tmp" /EF "HKCU" uRun: [EPSON WorkForce 840 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGMA.EXE /FU "C:\Windows\TEMP\E_S4D35.tmp" /EF "HKCU" uRun: [spotify Web Helper] "C:\Users\Scott\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [Acrobat Assistant 8.0] "B:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [QFan Help] "B:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AirPort Base Station Agent] "B:\Program Files (x86)\AirPort\APAgent.exe" mRun: [EaseUs Watch] "b:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" mRun: [EaseUs Tray] "b:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" mRunOnce: [Malwarebytes Anti-Malware] b:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONA~1.LNK - D:\Common\EpsonReg\EpsonReg.exe StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - B:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - B:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - B:\Program files\Logitech\SetPoint\SetPoint.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Evernote 4.0 - B:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - B:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - B:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - B:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - B:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - B:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: NameServer = 10.0.1.1 TCP: Interfaces\{048FC948-2133-4906-ABFA-E6F7D1200C14} : DHCPNameServer = 10.0.1.1 TCP: Interfaces\{1002CBC1-91EE-4A6A-8C9D-5481E0A2A963} : DHCPNameServer = 10.0.1.1 TCP: Interfaces\{76D9561D-DEFC-4CFD-9482-D77DA5935764} : DHCPNameServer = 10.0.1.1 TCP: Interfaces\{93E2F36C-5396-421D-B4B6-87E1F6A98F60} : DHCPNameServer = 10.0.1.1 TCP: Interfaces\{C11890CA-6852-43CD-90A6-918707133DE7} : DHCPNameServer = 10.0.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [bluetooth Connection Assistant] LBTWIZ.EXE -silent x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q= FF - component: B:\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll FF - plugin: B:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: B:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: B:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll FF - plugin: b:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll FF - plugin: B:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: B:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: B:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll FF - plugin: B:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll FF - plugin: b:\Program Files (x86)\Musicnotes\npmusicn.dll FF - plugin: b:\Program Files (x86)\Musicnotes\NPSibelius.dll FF - plugin: B:\Program Files (x86)\WinZip Courier\npwzwmc.dll FF - plugin: b:\real player\Netscape6\nppl3260.dll FF - plugin: b:\real player\Netscape6\nprjplug.dll FF - plugin: b:\real player\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll FF - ExtSQL: 2012-11-23 22:29; {E0B8C461-F8FB-49b4-8373-FE32E9252800}; C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\e0ooa1ze.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} . ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ============= SERVICES / DRIVERS =============== . R0 acs6nts;acs6nts;C:\Windows\System32\drivers\acs6nts.sys [2010-6-1 29744] R0 EUBAKUP;EUBAKUP;C:\Windows\System32\drivers\eubakup.sys [2012-11-30 58952] R0 EUBKMON;EUBKMON;C:\Windows\System32\drivers\EUBKMON.sys [2012-11-30 48200] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-25 55856] R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2011-3-25 27120] R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2011-3-25 19952] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys [2012-6-11 450680] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2012-6-11 912504] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-10-26 75264] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-10-26 176640] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 203888] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2013-1-8 1384608] S1 EUDSKACS;EUDSKACS;C:\Windows\System32\drivers\eudskacs.sys [2012-11-30 18504] S1 EUFDDISK;EUFDDISK;C:\Windows\System32\drivers\EuFdDisk.sys [2012-11-30 189000] S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130105.001\IDSviA64.sys [2013-1-5 513184] S1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2011-3-25 27632] S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2012-6-11 171128] S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys [2012-6-11 386168] S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-10-19 203776] S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-12-27 96896] S2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-8-30 39408] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 EaseUS Agent;EaseUS Agent Service;B:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2012-11-30 69192] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-6-12 166400] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-6-12 128512] S2 Guard Agent;Guard Agent Service;B:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2012-11-30 23624] S2 MobilePreIIAudioDevMon;MobilePre Audio Device Monitor;C:\Program Files (x86)\M-Audio\MobilePre\AudioDevMon.exe [2010-6-21 1923592] S2 NIS;Norton Internet Security;B:\Program files\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288] S2 TeamViewer6;TeamViewer 6;B:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-28 2337144] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-8 2028864] S3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2010-12-27 1101600] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-10 138912] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-18 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 MAUSBMOBILEPREII;Service for M-Audio MobilePre II;C:\Windows\System32\drivers\MAudioMobilePreII.sys [2010-6-21 484360] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 98688] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\Windows\System32\drivers\MarvinAVS64.sys [2011-4-1 484736] S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 SynUSB64;eLicenser;C:\Windows\System32\drivers\synusb64.sys [2011-1-3 30352] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-11 59392] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-2-10 11856] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-27 1255736] S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . FileExt: .js: jsfile="B:\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1" ShellExec: dreamweaver.exe: Open="B:\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-01-09 04:57:54 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB95B980-3A4C-4878-AF98-B10AFB410607}\mpengine.dll 2013-01-09 00:36:40 -------- d-----w- C:\Users\Scott\AppData\Roaming\Malwarebytes 2013-01-09 00:36:29 -------- d-----w- C:\ProgramData\Malwarebytes 2013-01-09 00:36:27 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-01-09 00:35:44 -------- d-----w- C:\Users\Scott\AppData\Local\Programs 2013-01-08 04:57:44 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-08 04:50:15 -------- d-----w- C:\Program Files (x86)\ESET . ==================== Find3M ==================== . 2013-01-08 23:45:19 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-08 23:45:19 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-25 11:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-10-25 11:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-10-20 07:02:22 24136 ----a-w- C:\Windows\System32\fbnative.exe 2012-10-20 07:02:16 189000 ----a-w- C:\Windows\System32\drivers\EuFdDisk.sys 2012-10-20 07:02:12 48200 ----a-w- C:\Windows\System32\drivers\EUBKMON.sys 2012-10-20 07:02:06 18504 ----a-w- C:\Windows\System32\drivers\eudskacs.sys 2012-10-20 07:02:04 58952 ----a-w- C:\Windows\System32\drivers\eubakup.sys . ============= FINISH: 22:11:47.35 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.