thunderstruck

Members

View Profile See their activity

Posts
6
Joined
April 22, 2013
Last visited
April 23, 2013

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by thunderstruck

I'm infected, help would be appreciated!

thunderstruck replied to thunderstruck's topic in Resolved Malware Removal Logs

Awesome, I'm back in normal mode and everything seems to be working! Thanks for all your help!! Kevin
- April 23, 2013
- 11 replies
I'm infected, help would be appreciated!

thunderstruck replied to thunderstruck's topic in Resolved Malware Removal Logs

ComboFix 13-04-22.01 - Kevin 04/22/2013 19:12:07.2.4 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4824 [GMT -7:00] Running from: c:\users\Kevin\Desktop\ComboFix.exe Command switches used :: c:\users\Kevin\Desktop\CFScript.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "c:\program files (x86)\Industriya\privitize\1.8.16.22\bh\privitize.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Industriya c:\program files (x86)\Industriya\privitize\1.8.16.22\bh\privitize.dll c:\program files (x86)\Industriya\privitize\1.8.16.22\escortShld.dll c:\program files (x86)\Industriya\privitize\1.8.16.22\privitizeApp.dll c:\program files (x86)\Industriya\privitize\1.8.16.22\privitizeEng.dll c:\program files (x86)\Industriya\privitize\1.8.16.22\privitizesrv.exe c:\program files (x86)\Industriya\privitize\1.8.16.22\uninstall.exe . . ((((((((((((((((((((((((( Files Created from 2013-03-23 to 2013-04-23 ))))))))))))))))))))))))))))))) . . 2013-04-23 02:22 . 2013-04-23 02:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-23 01:40 . 2013-04-23 01:40 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFFDD98B-189E-45D5-8580-EB9112C78EC0}\offreg.dll 2013-04-22 06:42 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-22 06:42 . 2013-04-22 06:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-04-22 05:31 . 2013-04-22 05:31 -------- d-----w- c:\programdata\Innovative Solutions 2013-04-22 05:31 . 2013-04-22 05:31 -------- d-----w- c:\users\Kevin\AppData\Local\Innovative Solutions 2013-04-22 05:31 . 2013-04-22 05:31 -------- d-----w- c:\program files (x86)\Common Files\Innovative Solutions 2013-04-22 05:31 . 2009-11-05 19:24 42496 ----a-w- c:\windows\SysWow64\AdvUninstCPL.cpl 2013-04-22 05:31 . 2013-04-22 05:31 -------- d-----w- c:\program files (x86)\Innovative Solutions 2013-04-22 05:29 . 2013-04-22 05:29 -------- d-----w- c:\users\Kevin\AppData\Local\Programs 2013-04-22 05:28 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFFDD98B-189E-45D5-8580-EB9112C78EC0}\mpengine.dll 2013-04-06 02:15 . 2013-04-06 02:15 -------- d-----w- c:\programdata\WEBREG 2013-04-04 03:39 . 2013-04-04 03:39 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2013-04-04 03:10 . 2013-04-22 02:47 -------- d-----w- c:\users\Kevin\AppData\Roaming\uTorrent 2013-04-04 03:02 . 2013-04-22 07:25 -------- d-----w- c:\programdata\MaginniiPic 2013-04-04 03:02 . 2013-04-22 02:47 -------- d-----w- c:\users\Kevin\AppData\Roaming\Industriya . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-14 14:38 . 2011-07-31 08:37 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-13 05:20 . 2012-09-13 11:16 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 05:20 . 2012-09-13 11:16 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-28 13:57 . 2013-03-13 16:19 1188864 ----a-w- c:\windows\system32\wininet.dll 2013-02-28 13:57 . 2013-03-13 16:19 1493504 ----a-w- c:\windows\system32\urlmon.dll 2013-02-28 13:57 . 2013-03-13 16:19 134144 ----a-w- c:\windows\system32\url.dll 2013-02-28 13:57 . 2013-03-13 16:19 9061376 ----a-w- c:\windows\system32\mshtml.dll 2013-02-28 13:57 . 2013-03-13 16:19 735744 ----a-w- c:\windows\system32\msfeeds.dll 2013-02-28 13:57 . 2013-03-13 16:19 97792 ----a-w- c:\windows\system32\mshtmled.dll 2013-02-28 13:57 . 2013-03-13 16:19 12296192 ----a-w- c:\windows\system32\ieframe.dll 2013-02-28 13:57 . 2013-03-13 16:19 2458112 ----a-w- c:\windows\system32\iertutil.dll 2013-02-28 13:57 . 2013-03-13 16:19 65024 ----a-w- c:\windows\system32\jsproxy.dll 2013-02-28 13:57 . 2013-03-13 16:19 247808 ----a-w- c:\windows\system32\ieui.dll 2013-02-28 13:37 . 2013-03-13 16:19 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2013-02-28 12:03 . 2013-03-13 16:19 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-28 11:38 . 2013-03-13 16:19 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-02-24 03:01 . 2013-02-24 03:02 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-24 03:01 . 2012-05-09 03:53 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-02-24 03:01 . 2011-04-08 20:56 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-12 05:45 . 2013-03-13 16:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 16:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 16:18 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 16:18 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 16:18 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 16:18 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-14 23:09 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B182C84D-CD22-40DF-A7F1-1D7444A8EE47}] c:\users\Kevin\AppData\Local\getsavin\ie\getsavin_1362381602.dll [bU] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdloader"="c:\users\Kevin\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592] "GoogleChromeAutoLaunch_585CBC2D9CEE64E85FE3A6084EF9DC86"="c:\users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-03-21 1312720] "googletalk"="c:\users\Kevin\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AprvRemoveLegacyExcelKeys"="c:\program files (x86)\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn" [X] "AprvRemoveLegacyWordKeys"="c:\program files (x86)\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn" [X] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-11-24 113288] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2011-8-8 484976] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904] ApproveIt StartUp.lnk - c:\windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico [2011-8-19 9216] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032] R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-12-08 89600] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] R2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-07-20 260424] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520] R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592] R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-24 2413056] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R2 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2008-09-16 352312] R2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2009-08-10 119680] R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240] R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-11-24 338536] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136] R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2013-01-07 74112] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-31 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-07 14464] R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-02-17 42392] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-11-24 91648] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-11-24 208896] S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-13 05:20] . 2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-07 19:56] . 2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-07 19:56] . 2013-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-673977973-4057243969-57090864-1000Core.job - c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 13:29] . 2013-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-673977973-4057243969-57090864-1000UA.job - c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 13:29] . 2013-04-22 c:\windows\Tasks\HPCeeScheduleForKevin.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 418328] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-08 1128448] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . BHO-{1ACB5ABE-4890-4747-952C-F13BDB93FB75} - c:\program files (x86)\Industriya\privitize\1.8.16.22\bh\privitize.dll Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-GetSavin - c:\users\Kevin\AppData\Local\getsavin\uninst.exe AddRemove-privitize - c:\program files (x86)\Industriya\privitize\1.8.16.22\uninstall.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-22 19:26:46 ComboFix-quarantined-files.txt 2013-04-23 02:26 ComboFix2.txt 2013-04-23 01:47 . Pre-Run: 245,405,257,728 bytes free Post-Run: 245,112,627,200 bytes free . - - End Of File - - D5D37E22A0179831150EC4FFF160F4FB
- April 23, 2013
- 11 replies
I'm infected, help would be appreciated!

thunderstruck replied to thunderstruck's topic in Resolved Malware Removal Logs

By the way, I've been doing this all in Safe mode with Networking because my internet and browsers don't work in normal mode. At what point should I go back and try to work in normal mode? Just when I'm sure it's clean?
- April 23, 2013
- 11 replies
I'm infected, help would be appreciated!

thunderstruck replied to thunderstruck's topic in Resolved Malware Removal Logs

ComboFix 13-04-22.01 - Kevin 04/22/2013 18:37:21.1.4 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.5197 [GMT -7:00] Running from: c:\users\Kevin\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\program files (x86)\ApproveIt\Support\Tools\AprvClean.exe c:\programdata\Roaming . . ((((((((((((((((((((((((( Files Created from 2013-03-23 to 2013-04-23 ))))))))))))))))))))))))))))))) . . 2013-04-23 01:45 . 2013-04-23 01:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-23 01:40 . 2013-04-23 01:40 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFFDD98B-189E-45D5-8580-EB9112C78EC0}\offreg.dll 2013-04-22 06:42 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-22 06:42 . 2013-04-22 06:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-04-22 05:31 . 2013-04-22 05:31 -------- d-----w- c:\programdata\Innovative Solutions 2013-04-22 05:31 . 2013-04-22 05:31 -------- d-----w- c:\users\Kevin\AppData\Local\Innovative Solutions 2013-04-22 05:31 . 2013-04-22 05:31 -------- d-----w- c:\program files (x86)\Common Files\Innovative Solutions 2013-04-22 05:31 . 2009-11-05 19:24 42496 ----a-w- c:\windows\SysWow64\AdvUninstCPL.cpl 2013-04-22 05:31 . 2013-04-22 05:31 -------- d-----w- c:\program files (x86)\Innovative Solutions 2013-04-22 05:29 . 2013-04-22 05:29 -------- d-----w- c:\users\Kevin\AppData\Local\Programs 2013-04-22 05:28 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFFDD98B-189E-45D5-8580-EB9112C78EC0}\mpengine.dll 2013-04-06 02:15 . 2013-04-06 02:15 -------- d-----w- c:\programdata\WEBREG 2013-04-04 03:39 . 2013-04-04 03:39 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2013-04-04 03:10 . 2013-04-22 02:47 -------- d-----w- c:\users\Kevin\AppData\Roaming\uTorrent 2013-04-04 03:02 . 2013-04-22 07:25 -------- d-----w- c:\programdata\MaginniiPic 2013-04-04 03:02 . 2013-04-22 02:47 -------- d-----w- c:\program files (x86)\Industriya 2013-04-04 03:02 . 2013-04-22 02:47 -------- d-----w- c:\users\Kevin\AppData\Roaming\Industriya . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-14 14:38 . 2011-07-31 08:37 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-13 05:20 . 2012-09-13 11:16 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 05:20 . 2012-09-13 11:16 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-28 13:57 . 2013-03-13 16:19 1188864 ----a-w- c:\windows\system32\wininet.dll 2013-02-28 13:57 . 2013-03-13 16:19 1493504 ----a-w- c:\windows\system32\urlmon.dll 2013-02-28 13:57 . 2013-03-13 16:19 134144 ----a-w- c:\windows\system32\url.dll 2013-02-28 13:57 . 2013-03-13 16:19 9061376 ----a-w- c:\windows\system32\mshtml.dll 2013-02-28 13:57 . 2013-03-13 16:19 735744 ----a-w- c:\windows\system32\msfeeds.dll 2013-02-28 13:57 . 2013-03-13 16:19 97792 ----a-w- c:\windows\system32\mshtmled.dll 2013-02-28 13:57 . 2013-03-13 16:19 12296192 ----a-w- c:\windows\system32\ieframe.dll 2013-02-28 13:57 . 2013-03-13 16:19 2458112 ----a-w- c:\windows\system32\iertutil.dll 2013-02-28 13:57 . 2013-03-13 16:19 65024 ----a-w- c:\windows\system32\jsproxy.dll 2013-02-28 13:57 . 2013-03-13 16:19 247808 ----a-w- c:\windows\system32\ieui.dll 2013-02-28 13:37 . 2013-03-13 16:19 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2013-02-28 12:03 . 2013-03-13 16:19 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-28 11:38 . 2013-03-13 16:19 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-02-24 03:01 . 2013-02-24 03:02 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-24 03:01 . 2012-05-09 03:53 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-02-24 03:01 . 2011-04-08 20:56 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-12 05:45 . 2013-03-13 16:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 16:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 16:18 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 16:18 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 16:18 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 16:18 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-14 23:09 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}] 2013-03-25 15:14 251288 ----a-w- c:\program files (x86)\Industriya\privitize\1.8.16.22\bh\privitize.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdloader"="c:\users\Kevin\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592] "GoogleChromeAutoLaunch_585CBC2D9CEE64E85FE3A6084EF9DC86"="c:\users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-03-21 1312720] "googletalk"="c:\users\Kevin\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AprvRemoveLegacyExcelKeys"="c:\program files (x86)\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn" [X] "AprvRemoveLegacyWordKeys"="c:\program files (x86)\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn" [X] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-11-24 113288] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2011-8-8 484976] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904] ApproveIt StartUp.lnk - c:\windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico [2011-8-19 9216] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032] R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-12-08 89600] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] R2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-07-20 260424] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520] R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592] R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-24 2413056] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R2 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2008-09-16 352312] R2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2009-08-10 119680] R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240] R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-11-24 338536] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136] R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2013-01-07 74112] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-31 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-07 14464] R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-02-17 42392] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-11-24 91648] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-11-24 208896] S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-13 05:20] . 2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-07 19:56] . 2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-07 19:56] . 2013-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-673977973-4057243969-57090864-1000Core.job - c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 13:29] . 2013-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-673977973-4057243969-57090864-1000UA.job - c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 13:29] . 2013-04-22 c:\windows\Tasks\HPCeeScheduleForKevin.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 418328] "acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-08 1128448] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uStart Page = hxxp://searchou.com/?id=a0891276000000000000002637bd3942 uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . BHO-{B182C84D-CD22-40DF-A7F1-1D7444A8EE47} - c:\users\Kevin\AppData\Local\getsavin\ie\getsavin_1362381602.dll Wow6432Node-HKCU-Run-StartNow Search Protect - c:\program files (x86)\StartNow Toolbar\search_protect.exe Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe Wow6432Node-HKLM-Run-ApproveItForOfficeSetup - c:\program files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-GetSavin - c:\users\Kevin\AppData\Local\getsavin\uninst.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-22 18:47:59 ComboFix-quarantined-files.txt 2013-04-23 01:47 . Pre-Run: 233,172,344,832 bytes free Post-Run: 245,578,338,304 bytes free . - - End Of File - - 010FF823A740DA144ABD1F2A9D7B5FA2
- April 23, 2013
- 11 replies
I'm infected, help would be appreciated!

thunderstruck replied to thunderstruck's topic in Resolved Malware Removal Logs

ADWCLEANER # AdwCleaner v2.202 - Logfile created 04/22/2013 at 17:57:35 # Updated 23/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Kevin - KEVIN-HP # Boot Mode : Safe mode with networking # Running from : C:\Users\Kevin\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Updater Service for StartNow Toolbar ***** [Files / Folders] ***** File Deleted : C:\END File Deleted : C:\Windows\Tasks\AmiUpdXp.job Folder Deleted : C:\ProgramData\clsoft ltd Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\Users\Kevin\AppData\Local\getsavin Folder Deleted : C:\Users\Kevin\AppData\Local\SwvUpdater ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\SProtector Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\StartSearch Key Deleted : HKCU\Software\Zugo Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.43 File : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [5996 octets] - [22/04/2013 16:38:43] AdwCleaner[R2].txt - [6054 octets] - [22/04/2013 16:39:29] AdwCleaner[R3].txt - [4680 octets] - [22/04/2013 17:57:22] AdwCleaner[s1].txt - [4585 octets] - [22/04/2013 17:57:35] ########## EOF - C:\AdwCleaner[s1].txt - [4645 octets] ########## DDS DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.15.2 Run by Kevin at 18:06:52 on 2013-04-22 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4694 [GMT -7:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://searchou.com/?id=a0891276000000000000002637bd3942 uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: Userinit = userinit.exe, BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: privitize Helper Object: {1ACB5ABE-4890-4747-952C-F13BDB93FB75} - C:\Program Files (x86)\Industriya\privitize\1.8.16.22\bh\privitize.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: GetSavin 5.0: {B182C84D-CD22-40DF-A7F1-1D7444A8EE47} - BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [Google Update] "C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [cdloader] "C:\Users\Kevin\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK uRun: [GoogleChromeAutoLaunch_585CBC2D9CEE64E85FE3A6084EF9DC86] "C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window uRun: [googletalk] C:\Users\Kevin\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart uRun: [startNow Search Protect] "C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe uRunOnce: [Report] C:\AdwCleaner[s1].txt mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [AprvRemoveLegacyExcelKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn mRun: [AprvRemoveLegacyWordKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn mRun: [ApproveItForOfficeSetup] "C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files (x86)\ApproveIt\" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APPROV~1.LNK - C:\Windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: EnableShellExecuteHooks = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{B1B53D85-E1B1-4AF4-8B25-A920342E537D} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{B1B53D85-E1B1-4AF4-8B25-A920342E537D}\2656C6B696E6E2037303 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{B1B53D85-E1B1-4AF4-8B25-A920342E537D}\76F676F696E666C696768647 : DHCPNameServer = 172.19.134.2 TCP: Interfaces\{B1B53D85-E1B1-4AF4-8B25-A920342E537D}\D49414D275966496 : DHCPNameServer = 192.168.112.1 8.8.8.8 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= SSODL: WebCheck - <orphaned> SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-11-24 91648] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-11-24 208896] R3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2012-10-8 15360] S2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032] S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-5-26 89600] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?] S2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-7-20 260424] S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520] S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-26 13592] S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-24 2413056] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-21 418376] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-21 701512] S2 RosettaStoneLtdController;RosettaStoneLtdController;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2008-9-16 352312] S2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-26 2656280] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008] S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 GemCCID;GemCCID;C:\Windows\System32\drivers\GemCCID.sys [2009-8-10 119680] S3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160] S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-26 317440] S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-21 25928] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240] S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2011-8-8 17920] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-5-26 338536] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-26 428136] S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2013-1-7 74112] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-31 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-2-16 42392] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-04-22 06:42:54 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-04-22 06:42:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-04-22 05:31:35 -------- d-----w- C:\ProgramData\Innovative Solutions 2013-04-22 05:31:34 -------- d-----w- C:\Users\Kevin\AppData\Local\Innovative Solutions 2013-04-22 05:31:33 -------- d-----w- C:\Program Files (x86)\Common Files\Innovative Solutions 2013-04-22 05:31:31 42496 ----a-w- C:\Windows\SysWow64\AdvUninstCPL.cpl 2013-04-22 05:31:29 -------- d-----w- C:\Program Files (x86)\Innovative Solutions 2013-04-22 05:29:48 -------- d-----w- C:\Users\Kevin\AppData\Local\Programs 2013-04-22 05:28:45 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BFFDD98B-189E-45D5-8580-EB9112C78EC0}\mpengine.dll 2013-04-10 05:52:49 -------- d-----w- C:\Users\Kevin\AppData\Local\{3EEB0EB3-6FE6-418F-9173-4CFF7D94EDBE} 2013-04-06 02:15:26 -------- d-----w- C:\ProgramData\WEBREG 2013-04-04 03:39:35 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2013-04-04 03:10:44 -------- d-----w- C:\Users\Kevin\AppData\Roaming\uTorrent 2013-04-04 03:02:52 -------- d-----w- C:\ProgramData\MaginniiPic 2013-04-04 03:02:21 -------- d-----w- C:\Program Files (x86)\Industriya 2013-04-04 03:02:16 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Industriya . ==================== Find3M ==================== . 2013-03-13 05:20:42 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 05:20:42 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-28 13:57:26 1188864 ----a-w- C:\Windows\System32\wininet.dll 2013-02-28 13:37:29 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-28 12:03:52 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-28 11:38:43 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-24 03:01:56 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-24 03:01:56 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-02-24 03:01:56 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ============= FINISH: 18:09:57.18 =============== ATTACH . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/25/2011 7:42:54 PM System Uptime: 4/22/2013 6:03:40 PM (0 hours ago) . Motherboard: Hewlett-Packard | | 1658 Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU1 | 2294/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 684 GiB total, 215.675 GiB free. D: is FIXED (NTFS) - 14 GiB total, 1.579 GiB free. E: is CDROM () H: is FIXED (FAT32) - 0 GiB total, 0.083 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Realtek PCIe GBE Family Controller Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_1658103C&REV_06\4&2C8C5CE5&0&00E0 Manufacturer: Realtek Name: Realtek PCIe GBE Family Controller PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_1658103C&REV_06\4&2C8C5CE5&0&00E0 Service: RTL8167 . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Virtual WiFi Miniport Adapter Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&F5FB522&0&01 Manufacturer: Microsoft Name: Microsoft Virtual WiFi Miniport Adapter PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&F5FB522&0&01 Service: vwifimp . ==== System Restore Points =================== . RP241: 3/22/2013 8:05:08 AM - Windows Update RP242: 3/26/2013 3:29:35 PM - Windows Update RP243: 4/1/2013 2:23:59 PM - Windows Update RP244: 4/3/2013 8:35:18 PM - Installed Adobe Acrobat XI Pro. RP245: 4/4/2013 10:56:20 PM - Windows Update RP246: 4/12/2013 11:21:15 AM - Removed Skype™ 6.1 RP247: 4/17/2013 2:35:58 PM - Removed Apple Application Support RP248: 4/17/2013 2:42:30 PM - Removed WinZip 15.5 RP249: 4/17/2013 2:49:28 PM - Removed HP Documentation RP250: 4/17/2013 2:50:28 PM - Removed Energy Star Digital Logo . ==== Installed Programs ====================== . toolbar on IE and Chrome µTorrent 64 Bit HP CIO Components Installer 6500_E709_eDocs 7-Zip 9.20 (x64 edition) ActivClient CAC x64 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.6) Adobe Shockwave Player 11.5 Advanced Uninstaller PRO - Version 11 Agatha Christie - Peril at End House Apple Application Support Apple Mobile Device Support Apple Software Update ApproveIt Desktop AuthenTec TrueAPI Bejeweled 2 Deluxe Bejeweled 3 Blackhawk Striker 2 Blasterball 3 Blio Bonjour Bounce Symphony bpd_scan BPDSoftware BPDSoftware_Ini BufferChm Build-a-lot 2 Cake Mania Chuzzle Deluxe CyberLink YouCam D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceDiscovery Diner Dash 2 Restaurant Rescue DocMgr DocProc Dora's World Adventure Dropbox DVD Shrink 3.2 Energy Star Digital Logo ESU for Microsoft Windows 7 Evernote v. 4.2.2 Farm Frenzy FATE - The Traitor Soul Fax GetSavin Google Chrome Google Earth Plug-in Google Talk (remove only) Google Talk Plugin Google Update Helper GPBaseService2 H&R Block California 2011 H&R Block Deluxe + Efile + State 2011 Hewlett-Packard ACLM.NET v1.2.1.1 HP 3D DriveGuard HP Auto HP Client Services HP Connection Manager HP Customer Experience Enhancements HP Customer Participation Program 14.0 HP Document Manager 2.0 HP Documentation HP Games HP Imaging Device Functions 14.0 HP MovieStore HP Officejet 6500 E709 Series HP On Screen Display HP Power Manager HP Quick Launch HP Setup HP Setup Manager HP SimplePass 2011 HP Smart Web Printing 4.60 HP Software Framework HP Solution Center 14.0 HP Support Assistant HP Update HPDiagnosticAlert HPProductAssistant HPSSupply IBM Lotus Forms Viewer 3.5.1 IBM SPSS Statistics 19 IDT Audio Intel PROSet Wireless Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless WiFi Software Intel® Rapid Storage Technology Intel® Wireless Display iTunes Java 7 Update 15 Java Auto Updater Java 6 Update 24 (64-bit) Junk Mail filter update Magic Desktop magicJack Mah Jong Medley Malwarebytes Anti-Malware version 1.75.0.1300 MarketResearch Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Default Manager Microsoft Office 2010 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery P.I. - Stolen in San Francisco Namco All-Stars PAC-MAN Network64 NotiPage version 1.25 OCR Software by I.R.I.S. 14.0 OverDrive Media Console PdaNet for Android 3.50 PDF To JPG Converter 2.0.2 Pdf995 (installed by H&R Block) PdfEdit995 (installed by H&R Block) Penguins! Picasa 3 Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer PowerISO ProductContext QuickTime Realtek Ethernet Controller Driver Realtek PCIE Card Reader Recovery Manager Renesas Electronics USB 3.0 Host Controller Driver Rosetta Stone Ltd Services Rosetta Stone Version 3 RoxioNow Player Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Shop for HP Supplies Skype Click to Call Skype™ 6.1 Slingo Supreme SmartWebPrinting SolutionCenter Status Synaptics TouchPad Driver Toolbox TrayApp Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update Installer for WildTangent Games App Validity WBF DDK Viewer_armyifx Virtual Villagers 4 - The Tree of Life WebReg Wheel of Fortune 2 WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinZip 15.5 Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 4/22/2013 7:38:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service. 4/22/2013 6:08:01 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 4/22/2013 6:04:22 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 4/22/2013 6:04:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 4/22/2013 6:04:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/22/2013 6:04:20 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21 4/22/2013 6:04:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/22/2013 6:04:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 4/22/2013 6:04:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SCDEmu spldr Wanarpv6 4/22/2013 6:02:28 PM, Error: Service Control Manager [7022] - The Peer Networking Identity Manager service hung on starting. 4/22/2013 6:02:28 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state. 4/22/2013 6:02:28 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state. 4/22/2013 6:00:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 4/22/2013 4:41:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 4/22/2013 4:32:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34} 4/22/2013 4:14:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. 4/22/2013 4:13:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service. 4/22/2013 4:12:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service. 4/22/2013 4:11:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service. 4/22/2013 12:47:34 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service. 4/22/2013 12:47:34 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/22/2013 12:32:10 AM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user Kevin-HP\Kevin (4470) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits. 4/21/2013 9:13:57 PM, Error: Service Control Manager [7022] - The HP Support Assistant Service service hung on starting. 4/21/2013 7:55:26 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state. 4/21/2013 7:55:25 PM, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting. 4/21/2013 7:55:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wbengine service. 4/21/2013 7:40:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 4/21/2013 7:28:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 4/21/2013 7:28:44 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/21/2013 11:35:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service. 4/21/2013 11:34:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service. 4/21/2013 11:34:37 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/21/2013 11:18:53 PM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user Kevin-HP\Kevin (4444) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits. 4/21/2013 11:14:42 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 4/21/2013 11:03:20 PM, Error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error. 4/21/2013 10:46:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service. 4/21/2013 10:46:59 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/21/2013 10:46:28 PM, Error: Service Control Manager [7022] - The Windows Defender service hung on starting. 4/21/2013 10:43:00 PM, Error: Service Control Manager [7034] - The HPWMISVC service terminated unexpectedly. It has done this 1 time(s). 4/21/2013 10:39:45 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 4/21/2013 10:27:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 4/21/2013 10:27:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 4/21/2013 10:26:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 4/17/2013 10:58:06 PM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user Kevin-HP\Kevin (4159) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits. 4/17/2013 1:59:10 PM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user Kevin-HP\Kevin (4029) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits. 4/15/2013 2:34:38 PM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user Kevin-HP\Kevin (3704) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits. . ==== End Of File ===========================
- April 23, 2013
- 11 replies
I'm infected, help would be appreciated!

thunderstruck posted a topic in Resolved Malware Removal Logs

A few weeks ago, my internet and browsers started acting funny. It's gotten progressively worse and after a quick google search and malwarebytes scan, I know I've got Magnipic. Malwarebytes detects the trojan over and over again, but is unable to get rid of it. I need some help getting rid of it, any help would be appreciated! I've read a few of the other forums with examples from other members so here's my DDS.txt, attach.txt, security check, adwcleaner and rogue killer reports. Let me know what else I can do to get rid of this! Thanks so much! DDS DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.15.2 Run by Kevin at 16:21:01 on 2013-04-22 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4937 [GMT -7:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://searchou.com/?id=a0891276000000000000002637bd3942 uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: Userinit = userinit.exe, BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: privitize Helper Object: {1ACB5ABE-4890-4747-952C-F13BDB93FB75} - C:\Program Files (x86)\Industriya\privitize\1.8.16.22\bh\privitize.dll BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: GetSavin 5.0: {B182C84D-CD22-40DF-A7F1-1D7444A8EE47} - C:\Users\Kevin\AppData\Local\getsavin\ie\getsavin_1362381602.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [Google Update] "C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [cdloader] "C:\Users\Kevin\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK uRun: [GoogleChromeAutoLaunch_585CBC2D9CEE64E85FE3A6084EF9DC86] "C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window uRun: [googletalk] C:\Users\Kevin\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart uRun: [startNow Search Protect] "C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [AprvRemoveLegacyExcelKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn mRun: [AprvRemoveLegacyWordKeys] "C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn mRun: [ApproveItForOfficeSetup] "C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files (x86)\ApproveIt\" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APPROV~1.LNK - C:\Windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: EnableShellExecuteHooks = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{B1B53D85-E1B1-4AF4-8B25-A920342E537D} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{B1B53D85-E1B1-4AF4-8B25-A920342E537D}\2656C6B696E6E2037303 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{B1B53D85-E1B1-4AF4-8B25-A920342E537D}\76F676F696E666C696768647 : DHCPNameServer = 172.19.134.2 TCP: Interfaces\{B1B53D85-E1B1-4AF4-8B25-A920342E537D}\D49414D275966496 : DHCPNameServer = 192.168.112.1 8.8.8.8 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= SSODL: WebCheck - <orphaned> SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-11-24 91648] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-11-24 208896] R3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2012-10-8 15360] S2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032] S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-5-26 89600] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?] S2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-7-20 260424] S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520] S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-26 13592] S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-24 2413056] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-21 418376] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-21 701512] S2 RosettaStoneLtdController;RosettaStoneLtdController;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2008-9-16 352312] S2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-26 2656280] S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2012-6-22 265952] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008] S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 GemCCID;GemCCID;C:\Windows\System32\drivers\GemCCID.sys [2009-8-10 119680] S3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160] S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-26 317440] S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-21 25928] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240] S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2011-8-8 17920] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-5-26 338536] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-26 428136] S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2013-1-7 74112] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-31 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-2-16 42392] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-04-22 06:42:54 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-04-22 06:42:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-04-22 05:31:35 -------- d-----w- C:\ProgramData\Innovative Solutions 2013-04-22 05:31:34 -------- d-----w- C:\Users\Kevin\AppData\Local\Innovative Solutions 2013-04-22 05:31:33 -------- d-----w- C:\Program Files (x86)\Common Files\Innovative Solutions 2013-04-22 05:31:31 42496 ----a-w- C:\Windows\SysWow64\AdvUninstCPL.cpl 2013-04-22 05:31:29 -------- d-----w- C:\Program Files (x86)\Innovative Solutions 2013-04-22 05:29:48 -------- d-----w- C:\Users\Kevin\AppData\Local\Programs 2013-04-22 05:28:45 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BFFDD98B-189E-45D5-8580-EB9112C78EC0}\mpengine.dll 2013-04-10 05:52:49 -------- d-----w- C:\Users\Kevin\AppData\Local\{3EEB0EB3-6FE6-418F-9173-4CFF7D94EDBE} 2013-04-06 02:15:26 -------- d-----w- C:\ProgramData\WEBREG 2013-04-04 03:39:35 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2013-04-04 03:10:44 -------- d-----w- C:\Users\Kevin\AppData\Roaming\uTorrent 2013-04-04 03:03:05 -------- d-----w- C:\ProgramData\CLSoft LTD 2013-04-04 03:02:52 -------- d-----w- C:\ProgramData\MaginniiPic 2013-04-04 03:02:43 -------- d-----w- C:\ProgramData\InstallMate 2013-04-04 03:02:21 -------- d-----w- C:\Program Files (x86)\Industriya 2013-04-04 03:02:16 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Industriya . ==================== Find3M ==================== . 2013-03-13 05:20:42 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 05:20:42 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-28 13:57:26 1188864 ----a-w- C:\Windows\System32\wininet.dll 2013-02-28 13:37:29 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-28 12:03:52 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-28 11:38:43 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-24 03:01:56 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-24 03:01:56 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-02-24 03:01:56 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ============= FINISH: 16:24:00.29 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/25/2011 7:42:54 PM System Uptime: 4/22/2013 4:16:02 PM (0 hours ago) . Motherboard: Hewlett-Packard | | 1658 Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz | CPU1 | 2294/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 684 GiB total, 215.676 GiB free. D: is FIXED (NTFS) - 14 GiB total, 1.579 GiB free. E: is CDROM () H: is FIXED (FAT32) - 0 GiB total, 0.083 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Realtek PCIe GBE Family Controller Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_1658103C&REV_06\4&2C8C5CE5&0&00E0 Manufacturer: Realtek Name: Realtek PCIe GBE Family Controller PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_1658103C&REV_06\4&2C8C5CE5&0&00E0 Service: RTL8167 . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Virtual WiFi Miniport Adapter Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&F5FB522&0&01 Manufacturer: Microsoft Name: Microsoft Virtual WiFi Miniport Adapter PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&F5FB522&0&01 Service: vwifimp . ==== System Restore Points =================== . RP241: 3/22/2013 8:05:08 AM - Windows Update RP242: 3/26/2013 3:29:35 PM - Windows Update RP243: 4/1/2013 2:23:59 PM - Windows Update RP244: 4/3/2013 8:35:18 PM - Installed Adobe Acrobat XI Pro. RP245: 4/4/2013 10:56:20 PM - Windows Update RP246: 4/12/2013 11:21:15 AM - Removed Skype™ 6.1 RP247: 4/17/2013 2:35:58 PM - Removed Apple Application Support RP248: 4/17/2013 2:42:30 PM - Removed WinZip 15.5 RP249: 4/17/2013 2:49:28 PM - Removed HP Documentation RP250: 4/17/2013 2:50:28 PM - Removed Energy Star Digital Logo . ==== Installed Programs ====================== . toolbar on IE and Chrome µTorrent 64 Bit HP CIO Components Installer 6500_E709_eDocs 7-Zip 9.20 (x64 edition) ActivClient CAC x64 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.6) Adobe Shockwave Player 11.5 Advanced Uninstaller PRO - Version 11 Agatha Christie - Peril at End House Apple Application Support Apple Mobile Device Support Apple Software Update ApproveIt Desktop AuthenTec TrueAPI Bejeweled 2 Deluxe Bejeweled 3 Blackhawk Striker 2 Blasterball 3 Blio Bonjour Bounce Symphony bpd_scan BPDSoftware BPDSoftware_Ini BufferChm Build-a-lot 2 Cake Mania Chuzzle Deluxe CyberLink YouCam D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceDiscovery Diner Dash 2 Restaurant Rescue DocMgr DocProc Dora's World Adventure Dropbox DVD Shrink 3.2 Energy Star Digital Logo ESU for Microsoft Windows 7 Evernote v. 4.2.2 Farm Frenzy FATE - The Traitor Soul Fax GetSavin Google Chrome Google Earth Plug-in Google Talk (remove only) Google Talk Plugin Google Update Helper GPBaseService2 H&R Block California 2011 H&R Block Deluxe + Efile + State 2011 Hewlett-Packard ACLM.NET v1.2.1.1 HP 3D DriveGuard HP Auto HP Client Services HP Connection Manager HP Customer Experience Enhancements HP Customer Participation Program 14.0 HP Document Manager 2.0 HP Documentation HP Games HP Imaging Device Functions 14.0 HP MovieStore HP Officejet 6500 E709 Series HP On Screen Display HP Power Manager HP Quick Launch HP Setup HP Setup Manager HP SimplePass 2011 HP Smart Web Printing 4.60 HP Software Framework HP Solution Center 14.0 HP Support Assistant HP Update HPDiagnosticAlert HPProductAssistant HPSSupply IBM Lotus Forms Viewer 3.5.1 IBM SPSS Statistics 19 IDT Audio Intel PROSet Wireless Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless WiFi Software Intel® Rapid Storage Technology Intel® Wireless Display iTunes Java 7 Update 15 Java Auto Updater Java™ 6 Update 24 (64-bit) Junk Mail filter update Magic Desktop magicJack Mah Jong Medley Malwarebytes Anti-Malware version 1.75.0.1300 MarketResearch Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Default Manager Microsoft Office 2010 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery P.I. - Stolen in San Francisco Namco All-Stars PAC-MAN Network64 NotiPage version 1.25 OCR Software by I.R.I.S. 14.0 OverDrive Media Console PdaNet for Android 3.50 PDF To JPG Converter 2.0.2 Pdf995 (installed by H&R Block) PdfEdit995 (installed by H&R Block) Penguins! Picasa 3 Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer PowerISO ProductContext QuickTime Realtek Ethernet Controller Driver Realtek PCIE Card Reader Recovery Manager Renesas Electronics USB 3.0 Host Controller Driver Rosetta Stone Ltd Services Rosetta Stone Version 3 RoxioNow Player Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Shop for HP Supplies Skype Click to Call Skype™ 6.1 Slingo Supreme SmartWebPrinting Software Version Updater SolutionCenter StartNow Toolbar Status Synaptics TouchPad Driver Toolbox TrayApp Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update Installer for WildTangent Games App Validity WBF DDK Viewer_armyifx Virtual Villagers 4 - The Tree of Life WebReg Wheel of Fortune 2 WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinZip 15.5 Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 4/22/2013 7:38:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service. 4/22/2013 4:24:03 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 4/22/2013 4:16:44 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 4/22/2013 4:16:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 4/22/2013 4:16:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/22/2013 4:16:42 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21 4/22/2013 4:16:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/22/2013 4:16:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 4/22/2013 4:16:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SCDEmu spldr Wanarpv6 4/22/2013 4:14:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 4/22/2013 4:14:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. 4/22/2013 4:13:46 PM, Error: Service Control Manager [7022] - The Peer Networking Identity Manager service hung on starting. 4/22/2013 4:13:46 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state. 4/22/2013 4:13:46 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state. 4/22/2013 4:13:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service. 4/22/2013 4:12:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service. 4/22/2013 4:11:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service. 4/22/2013 12:47:34 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service. 4/22/2013 12:47:34 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/22/2013 12:32:10 AM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user Kevin-HP\Kevin (4470) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits. 4/21/2013 9:13:57 PM, Error: Service Control Manager [7022] - The HP Support Assistant Service service hung on starting. 4/21/2013 7:55:26 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state. 4/21/2013 7:55:25 PM, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting. 4/21/2013 7:55:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wbengine service. 4/21/2013 7:40:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 4/21/2013 7:39:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 4/21/2013 7:28:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 4/21/2013 7:28:44 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/21/2013 11:35:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service. 4/21/2013 11:34:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service. 4/21/2013 11:34:37 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/21/2013 11:18:53 PM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user Kevin-HP\Kevin (4444) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits. 4/21/2013 11:14:42 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 4/21/2013 11:03:20 PM, Error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error. 4/21/2013 10:46:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service. 4/21/2013 10:46:59 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/21/2013 10:46:28 PM, Error: Service Control Manager [7022] - The Windows Defender service hung on starting. 4/21/2013 10:43:00 PM, Error: Service Control Manager [7034] - The HPWMISVC service terminated unexpectedly. It has done this 1 time(s). 4/21/2013 10:39:45 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 4/21/2013 10:27:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 4/21/2013 10:27:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 4/21/2013 10:26:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/21/2013 10:26:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 4/17/2013 10:58:06 PM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user Kevin-HP\Kevin (4159) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits. 4/17/2013 1:59:10 PM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user Kevin-HP\Kevin (4029) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits. 4/15/2013 2:34:38 PM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user Kevin-HP\Kevin (3704) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits. . ==== End Of File ========================== Security Check Results of screen317's Security Check version 0.99.62 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 15 Java version out of Date! Adobe Reader 10.1.6 Adobe Reader out of Date! Google Chrome 25.0.1364.172 Google Chrome 26.0.1410.43 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Adwcleaner # AdwCleaner v2.202 - Logfile created 04/22/2013 at 16:39:29 # Updated 23/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Kevin - KEVIN-HP # Boot Mode : Safe mode with networking # Running from : C:\Users\Kevin\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** Found : Updater Service for StartNow Toolbar ***** [Files / Folders] ***** File Found : C:\END File Found : C:\Windows\Tasks\AmiUpdXp.job Folder Found : C:\ProgramData\clsoft ltd Folder Found : C:\ProgramData\InstallMate Folder Found : C:\Users\Kevin\AppData\Local\getsavin Folder Found : C:\Users\Kevin\AppData\Local\SwvUpdater ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\SProtector Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\StartNow Toolbar Key Found : HKCU\Software\StartSearch Key Found : HKCU\Software\Zugo Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169} Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E} Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1 Key Found : HKLM\SOFTWARE\Classes\ZGClnt.Mngr Key Found : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1 Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\SP Global Key Found : HKLM\Software\SProtector Key Found : HKLM\Software\StartNow Toolbar Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Found : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKU\S-1-5-21-673977973-4057243969-57090864-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [startNowToolbarHelper] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.43 File : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [5996 octets] - [22/04/2013 16:38:43] AdwCleaner[R2].txt - [5937 octets] - [22/04/2013 16:39:29] ########## EOF - C:\AdwCleaner[R2].txt - [5997 octets] ########## RogueKiller RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : Kevin [Admin rights] Mode : Scan -- Date : 04/22/2013 16:43:27 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [TASK][sUSP PATH] MagniPicUpdaterTask{DF064C44-EB14-42AC-B124-B1385125388C}.job : C:\ProgramData\Premium\MagniPic\MagniPic.exe /schedule /profile "C:\ProgramData\Premium\MagniPic\profile.ini" [x] -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++ --- User --- [MBR] 4a7e044a8e9a141d4eb7660cbb466544 [bSP] 020c9e162599a6e0ef6bf64a048703f7 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 700585 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1435207680 | Size: 14516 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 1a6b56e3b8874dbce1e7ab81e4003acf [bSP] 020c9e162599a6e0ef6bf64a048703f7 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo 1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 | Size: 400 Mo Finished : << RKreport[1]_S_04222013_02d1643.txt >> RKreport[1]_S_04222013_02d1643.txt
- April 22, 2013
- 11 replies

Sign In

thunderstruck

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by thunderstruck

I'm infected, help would be appreciated!

I'm infected, help would be appreciated!

I'm infected, help would be appreciated!

I'm infected, help would be appreciated!

I'm infected, help would be appreciated!

I'm infected, help would be appreciated!

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information