tomcon

Looking in Anti-Malewarebytes under settings/Web Exclusions, there is a site listed. I've never heard of it, don't ever recall looking at it or encountering it (in other words, never heard of it before this moment), and i wonder why it is listed in exclusions. has some malware penetrated and put it there? The site is listed in two forms. www.movpins.com movpins.com Of course i can remove it from exclusions. But, please advise if you have an idea how this happened, and if it is cause for additional worry. What caused me to "be concerned" and even look is that when doing a google search, simply at "google.com" it popped up a captcha and said it was testing to see if i was really a person, as requests that violate my google terms of service are coming from my computer (I am a normal, "personal" user and doubt i would violate google terms of service). Please advise. thanks!

[Windows 7] I am having trouble with a slow system. years ago it used to be that CPU capacity was used up. Now-a-days it is disk that is slowing it. CPU is below 50%, but disk light is lit continually. It is nearly halting my use. Sometimes i can't move the mouse for like 15 seconds, then can for a few seconds, then not for 15 seconds again, etc. Then after maybe 2-3 minutes, reasonable system responsiveness starts again...for a little while, and then the above starts happening again. When i can finally get to a "resource monitor" window, often it has been mbam.exe process that is hitting the disk, like at rates above 2million bytes/sec. Unfortunately, this is happening frequently. If it were very intermittent, i wouldn't mind so much, but happening like several times a day -- every hour or two or so. Can anything be done about it? I do want the protection and yet, I cannot keep having these totally unresponsive gaps, it really interrupts the productivity flow. Can this process be made lower priority so it doesn't interrupt other processes, or something like that? Something that will keep the protection, but not impact disk so heavily, so often? Thanks for any ideas you can offer. Tom

OK. It marches along. One interesting thing to note, that even BEFORE the adware removal step, i had not gotten a warning about accessing the IP address during a few hours of PC use (while previously it was happening at least a few times an hour). Perhaps the previous step was the one that removed the offending issues. We shall see. At any rate, now has been maybe a half hour since reboot after adware removal, and also have not seen a blocked attempt. At any rate, here are the logs from the last two steps. Thanks much, once again! Let me know what you think. Tom Adware Cleaner # AdwCleaner v2.303 - Logfile created 06/28/2013 at 12:59:55# Updated 08/06/2013 by Xplode# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)# User : TomCon - TOMCON-PC# Boot Mode : Normal# Running from : C:\Users\TomCon\Desktop\adwcleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Users\TomCon\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfiFile Deleted : C:\ENDFile Deleted : C:\user.jsFile Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008\Microsoft Visual Studio 2008 Documentation.lnkFolder Deleted : C:\Program Files (x86)\Elf_1Folder Deleted : C:\Program Files (x86)\FreecorderFolder Deleted : C:\ProgramData\AskFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreecorderFolder Deleted : C:\ProgramData\PartnerFolder Deleted : C:\Users\Backup\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Backup\AppData\LocalLow\ConduitEngineFolder Deleted : C:\Users\Backup\AppData\LocalLow\Elf_1Folder Deleted : C:\Users\Backup\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\Campaign\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Campaign\AppData\LocalLow\ConduitEngineFolder Deleted : C:\Users\Campaign\AppData\LocalLow\Elf_1Folder Deleted : C:\Users\Campaign\AppData\LocalLow\FreecorderFolder Deleted : C:\Users\Campaign\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\Campaign\Documents\FreecorderFolder Deleted : C:\Users\DaleS\AppData\LocalLow\ConduitFolder Deleted : C:\Users\DaleS\AppData\LocalLow\ConduitEngineFolder Deleted : C:\Users\DaleS\AppData\LocalLow\Elf_1Folder Deleted : C:\Users\DaleS\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\TomCon\AppData\Local\ConduitFolder Deleted : C:\Users\TomCon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambdaFolder Deleted : C:\Users\TomCon\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfiFolder Deleted : C:\Users\TomCon\AppData\Local\SwvUpdaterFolder Deleted : C:\Users\TomCon\AppData\LocalLow\ConduitFolder Deleted : C:\Users\TomCon\AppData\LocalLow\Elf_1Folder Deleted : C:\Users\TomCon\AppData\LocalLow\FreecorderFolder Deleted : C:\Users\TomCon\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\TomCon\AppData\Roaming\ComplitlyFolder Deleted : C:\Users\TomCon\Documents\FreecorderFolder Deleted : C:\Users\v-TomCon\AppData\LocalLow\ConduitFolder Deleted : C:\Users\v-TomCon\AppData\LocalLow\ConduitEngineFolder Deleted : C:\Users\v-TomCon\AppData\LocalLow\Elf_1Folder Deleted : C:\Users\v-TomCon\AppData\LocalLow\PriceGong ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\CrossriderKey Deleted : HKCU\Software\AppDataLow\Software\Elf_1Key Deleted : HKCU\Software\AppDataLow\Software\FreecorderKey Deleted : HKCU\Software\AppDataLow\Software\PriceGongKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKCU\Software\AppDataLow\ToolbarKey Deleted : HKCU\Software\Ask&RecordKey Deleted : HKCU\Software\ComplitlyKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\FreecorderKey Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfiKey Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{22E03916-85C5-44B0-8DC9-1830C11238D9}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22E03916-85C5-44B0-8DC9-1830C11238D9}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}Key Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXEKey Deleted : HKLM\SOFTWARE\Classes\Conduit.EngineKey Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFDKey Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFDKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2856415Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\Elf_1Key Deleted : HKLM\Software\FreecorderKey Deleted : HKLM\Software\FunmoodsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F720DCA-D646-4033-8826-9C68DD31A351}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}Key Deleted : HKLM\Software\SimplyGenKey Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22E03916-85C5-44B0-8DC9-1830C11238D9}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2F720DCA-D646-4033-8826-9C68DD31A351}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambdaKey Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfiKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A6ECF42-975D-46C0-9518-38C95199C343}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A50B4676-368F-489E-9300-F3DB3C198175}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F47A24B9-36A8-430A-A48D-32F15B081E6A}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22E03916-85C5-44B0-8DC9-1830C11238D9}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Elf_1 ToolbarKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder ToolbarKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{22E03916-85C5-44B0-8DC9-1830C11238D9}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{22E03916-85C5-44B0-8DC9-1830C11238D9}]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{22E03916-85C5-44B0-8DC9-1830C11238D9}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Google Chrome v27.0.1453.116 File : C:\Users\TomCon\AppData\Local\Google\Chrome\User Data\Default\Preferences ************************* AdwCleaner[R1].txt - [12336 octets] - [28/06/2013 11:23:26]AdwCleaner[s1].txt - [317 octets] - [28/06/2013 12:58:08]AdwCleaner[s2].txt - [12358 octets] - [28/06/2013 12:59:55] ########## EOF - C:\AdwCleaner[s2].txt - [12419 octets] ########## Checkup.txt Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Forefront Endpoint Protection Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 21 Java version out of Date! Adobe Reader 10.1.7 Adobe Reader out of Date! Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials msseces.exe Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Microsoft Security Client Antimalware MsMpEng.exe Malwarebytes' Anti-Malware mbamscheduler.exe Microsoft Security Client Antimalware NisSrv.exe Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

Wow, its a long road! I ran Adwcleaner, and looked over the log file. There is nothing there that i would remind removing. Thanks! Here is the log file. Let me know what the next step is. Tom AdwCleanerR1.txt

I have run combofix, and attached the log file. Please let me know what you think the next step is. Thanks much! Tom ComboFix.txt

OH NO, BLOCKED WEBSITE POPUP IS BACK! SAME IP ADDRESS AS BEFORE. Sorry to say, all the cleaning does not appear to have gotten to the root cause. Just got the popup back again. Any further suggestions? Thanks, Tom

Thanks very much for all the easy-to-follow, step by step help. Do you think i am done?? It appears that my system is cleaned. Have not seen that "web site blocked" popup for a little while, though i think i would like to not see it for a day or so before concluding that all is clear. I ran the mbar program twice. First time four threats were removed, second time 0. I then ran malwarebytes, quick scan, and no threats were detected. I have attached the log files from the above. Please let me know if you think there is anything more that i need to do. Thanks again for all the help! Tom mbar-log-2013-06-27 (08-56-10).txt mbar-log-2013-06-27 (00-42-33).txt mbam-log-2013-06-27 (15-27-00).txt mbam-log-2013-06-27 (15-27-00).txt mbar-log-2013-06-27 (08-56-10).txt mbar-log-2013-06-27 (00-42-33).txt

Thanks very much for all the easy-to-follow, step by step help. Do you think i am done?? It appears that my system is cleaned. Have not seen that "web site blocked" popup for a little while, though i think i would like to not see it for a day or so before concluding that all is clear. I ran the mbar program twice. First time four threats were removed, second time 0. I then ran malwarebytes, quick scan, and no threats were detected. I have attached the log files from the above. Please let me know if you think there is anything more that i need to do. Thanks again for all the help! Tom

FYI, i did stop this despite despite an alert that warned about danger of aborting scan in progress. Have now restarted. I now see that this takes a VERY LONG time and at times appears to be dead. It seems to go through periods of using no CPU or disk I/O (looking at process in task manager), but then seems to wake up again. Its been running about 3 hours now, but i don't know what percent of complete that represents. My C drive has 247 GB in use. This app does not seem to want to use up much of the available CPU. Usually only 6-8%, while not much else other than systems processes are running. I'll check it again in the morning! Thanks! Tom

Encountered possible PROBLEM/ISSUE. A screen shot is attached. After running the scan, which appeared to run fine, now, both the Previous and the Next buttons are grayed out. Malware was found! Only 'Cancel' is possible to use. The app is not completely dead, though, as i can scroll the scrollbar, and move the window. But, i have waited quite a while and the state is not changing. I think i may just use the Cancel and then try running it again, though i can wait a little while to see if i hear anything differently. Thanks, Tom

OK, thanks much for looking at this and working with me. I did download and run the scanner you mentioned, and did not remove anything, just closed it when it finished. Here is the output of the log file that ends up on the desktop. So...let me know what the next step is! Also, at the end of the scan, IE opened to the following URL. I just closed the IE window. I hope it is not a further problem that it launched like that. This is the URL that was opened: http://tigzyrk.blogspot.fr/2011/12/ransomware-gendarmerie-nationale.html Thanks! Tom Content of RKreport[0]_S_06262013_163624.txt RogueKiller V8.6.1 [Jun 25 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : TomCon [Admin rights]Mode : Scan -- Date : 06/26/2013 16:36:24| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (itgproxy.redmond.corp.microsoft.com:80) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 6 ¤¤¤[V2][sUSP PATH] CHV3 : C:\windows\Temp\ClientHealth\HealthMonitor\MSCH_2.BAT [-] -> FOUND[V2][sUSP PATH] Microsoft IT DirectAccess - DNS Suffix Search List : cscript - "%SystemRoot%\msitda-searchlist.vbs" [x][-] -> FOUND[V2][sUSP PATH] Microsoft IT DirectAccess - Install or Update Software : \\msitda-server\MsitDaInstall\msit_da_install.bat - > C:\windows\msitda_copy.txt 2>&1 [x][-] -> FOUND[V2][sUSP PATH] OnlineMonitor : C:\windows\Temp\ClientHealth\OnlineMonitor\OnlineMonitor_2.BAT [-] -> FOUND[V2][Rans.Gendarm] Update : update.cmd -> FOUND[V2][sUSP PATH] Disconnect : netsh - ipsec static importpolicy file="%ALLUSERSPROFILE%\Microsoft\Network\Connections\Cm\MSITVPN\MSITVPN.ipsec" [x][x][x][-] -> FOUND ¤¤¤ Startup Entries : 10 ¤¤¤[Default][sUSP PATH] Best Buy pc app.lnk : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND[Default User][sUSP PATH] Best Buy pc app.lnk : C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND[MsDtsServer110][sUSP PATH] Best Buy pc app.lnk : C:\Users\MsDtsServer110\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND[MSOLAP$DENALI][sUSP PATH] Best Buy pc app.lnk : C:\Users\MSOLAP$DENALI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND[MSOLAP$DENALIX86][sUSP PATH] Best Buy pc app.lnk : C:\Users\MSOLAP$DENALIX86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND[MSSQL$DENALI][sUSP PATH] Best Buy pc app.lnk : C:\Users\MSSQL$DENALI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND[MSSQLFDLauncher$DENALI][sUSP PATH] Best Buy pc app.lnk : C:\Users\MSSQLFDLauncher$DENALI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND[TEMP][sUSP PATH] Best Buy pc app.lnk : C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND[TomCon][sUSP PATH] MLB.TV NexDef Plug-in.lnk : C:\Users\TomCon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk @C:\Users\TomCon\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [-][x] -> FOUND[v-cyande][sUSP PATH] Best Buy pc app.lnk : C:\Users\v-cyande\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : Rans.Gendarm ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++--- User ---[MBR] f6814d6e9753da5f87822f00cd15d323[bSP] c0432674fa546c6dc8809e05856d8452 : Windows Vista MBR CodePartition table:0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 465298 Mo2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 956004352 | Size: 10141 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_06262013_163624.txt >>

From the other forum, they suggested that I post here. Since installing Malwarebytes, i keep getting a popup from my system tray that access to a web site is being blocked. This is happening at least once an hour, usually a few times an hour. Always the same IP is given for the blocked site. Type is 'outgoing' and process is chrome.exe. As instructed i ran dds.com, and produced dds.txt and attach.txt. I am pasting the results of those two files here. If you can offer me any recommendations, i would appreciate it. Thank you! Tom Attach.txt .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 10/28/2010 4:37:07 AMSystem Uptime: 6/25/2013 11:02:39 PM (11 hours ago).Motherboard: TOSHIBA | | Portable PCProcessor: Intel® Core i3 CPU M 370 @ 2.40GHz | rBGA1288 Socket | 2399/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 454 GiB total, 222.99 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft Virtual WiFi Miniport AdapterDevice ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&BE28B39&1&03Manufacturer: MicrosoftName: Microsoft Virtual WiFi Miniport AdapterPNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&BE28B39&1&03Service: vwifimp.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft Virtual WiFi Miniport AdapterDevice ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&BE28B39&1&04Manufacturer: MicrosoftName: Microsoft Virtual WiFi Miniport Adapter #2PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&BE28B39&1&04Service: vwifimp.==== System Restore Points ===================.RP687: 6/10/2013 6:17:10 PM - Windows UpdateRP688: 6/14/2013 11:41:27 AM - Windows UpdateRP689: 6/17/2013 12:58:13 PM - Windows UpdateRP690: 6/21/2013 3:48:13 PM - Windows UpdateRP692: 6/21/2013 10:15:03 PM - Microsoft Antimalware CheckpointRP693: 6/24/2013 4:23:05 PM - Removed PL-2303 USB-to-SerialRP694: 6/25/2013 10:49:46 PM - Windows Update.==== Installed Programs ======================.7-Zip 9.21Adobe Flash Player 11 ActiveXAdobe Reader X (10.1.7)Agent Ransack 2010 (64-bit)Amazon KindleApple Application SupportApple Mobile Device SupportApple Software UpdateApplian FLV and Media Player 3.1.1.12Audacity 2.0.2Audible Download ManagerAudibleManagerAvery TemplateBest Buy pc appBeyond Compare Version 3.1.11Bing BarBonjourCobian Backup 10ComplitlyConfiguration Manager ClientCopernic Desktop Search - HomeCrystal Reports Basic for Visual Studio 2008Crystal Reports Basic Runtime for Visual Studio 2008 (x64)Crystal Reports for Visual StudioDefinition update for Microsoft Office 2010 (KB982726)Definition update for Microsoft Office 2010 (KB982726) 32-Bit EditionDotfuscator Software Services - Community EditionDropboxElf 1 ToolbarEvernote v. 4.6.6FFmpeg v0.6.2 for AudacityFitbit Base Station (Driver Removal)Fitbit v1.3.3Forefront TMG ClientFreecorder 5Freecorder ToolbarFreecorder Toolbar 3.0 ApplicationFreeMindGarmin Training CenterGarmin USB DriversGoogle ChromeGoogle EarthGoogle Toolbar for Internet ExplorerGoogle Update HelperGraphCalc v4.0.1H&R Block Deluxe + Efile + State 2009H&R Block Deluxe + Efile 2010H&R Block Deluxe + Efile 2011HexDump32Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2538241)Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971092)Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2455033)HP FWUpdateEDO2HP Officejet Pro 8600 Basic Device SoftwareHP Officejet Pro 8600 HelpHP Officejet Pro 8600 Product Improvement StudyHP Photo CreationsHP Photosmart 7510 series Basic Device SoftwareHP Photosmart 7510 series HelpHP Photosmart 7510 series Product Improvement StudyHP UpdateHPDiagnosticAlertI.R.I.S. OCRIntel PROSet WirelessIntel WiMAX TutorialIntel® Graphics Media Accelerator DriverIntel® Management Engine ComponentsIntel® Network Connections DriversIntel® PROSet/Wireless WiFi SoftwareIntel® Rapid Storage TechnologyIntel® PROSet/Wireless WiMAX SoftwareIntel® Wireless DisplayiPod2PC 3.9.4iTunesJava 7 Update 21Java Auto UpdaterJunk Mail filter updateLADSPA_plugins-win-0.4.15LAME v3.99.3 (for Windows)Malwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Compact Framework 2.0 SP2Microsoft .NET Compact Framework 3.5Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft .NET Framework 4 Multi-Targeting PackMicrosoft AntimalwareMicrosoft Application Error ReportingMicrosoft ASP.NET MVC 2Microsoft ASP.NET MVC 2 - Visual Studio 2010 ToolsMicrosoft Books Online for SQL Server "Denali" CTP3Microsoft Choice GuardMicrosoft Conferencing Add-in for Microsoft Office OutlookMicrosoft Device Emulator (64 bit) version 3.0 - ENUMicrosoft DirectAccess Connectivity AssistantMicrosoft Document Explorer 2008Microsoft Easy Assist v2Microsoft Forefront Endpoint ProtectionMicrosoft Forefront Endpoint Protection 2010Microsoft Forefront Endpoint Protection 2010 Baseline ComponentsMicrosoft Forefront Endpoint Protection 2010 Server ManagementMicrosoft Help Viewer 1.1Microsoft IntelliPoint 8.0Microsoft IT BitLocker SetupMicrosoft IT DirectAccess SetupMicrosoft IT DirectAccess SHA (x64)Microsoft IT TPM Crypto ProviderMicrosoft IT VPNMicrosoft Lync 2010Microsoft MSN MoneyCentral Stock Quotes Add-In for ExcelMicrosoft Network Monitor 3.4Microsoft Network Monitor: NetworkMonitor Parsers 3.4Microsoft Network Monitor: NetworkMonitor Parsers forSQLServer 3.4Microsoft Office 2003 Web ComponentsMicrosoft Office 2007 Service Pack 2 (SP2)Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Click-to-Run 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Live Meeting 2007Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional 2010Microsoft Office Project MUI (English) 2010Microsoft Office Project Professional 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2007Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)Microsoft Office Single Image 2010Microsoft Office Visual Web Developer 2007Microsoft Office Visual Web Developer MUI (English) 2007Microsoft Office Word MUI (English) 2010Microsoft Online Services Sign-in AssistantMicrosoft Policy PlatformMicrosoft Product Studio 2.20Microsoft Project 2010 Service Pack 1 (SP1)Microsoft Project Professional 2010Microsoft Report Viewer Redistributable 2008 (KB971119)Microsoft Report Viewer Redistributable 2008 SP1Microsoft Security ClientMicrosoft SilverlightMicrosoft Silverlight 3 SDKMicrosoft SkyDriveMicrosoft SQL Server "Denali" CTP3Microsoft SQL Server "Denali" CTP3 (64-bit)Microsoft SQL Server "Denali" CTP3 RsFx DriverMicrosoft SQL Server "Denali" CTP3 Setup (English)Microsoft SQL Server "Denali" Native Client CTP3Microsoft SQL Server "Denali" Policies CTP3Microsoft SQL Server "Denali" PowerPivot for Excel CTP3 32-bitMicrosoft SQL Server "Denali" T-SQL Compiler Service CTP3Microsoft SQL Server "Denali" Transact-SQL ScriptDom CTP3Microsoft SQL Server 2005Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server 2005 Tools Express EditionMicrosoft SQL Server 2008 (64-bit)Microsoft SQL Server 2008 Database Engine ServicesMicrosoft SQL Server 2008 R2 (64-bit)Microsoft SQL Server 2008 R2 Books OnlineMicrosoft SQL Server 2008 R2 Data-Tier Application FrameworkMicrosoft SQL Server 2008 R2 Data-Tier Application ProjectMicrosoft SQL Server 2008 R2 Management ObjectsMicrosoft SQL Server 2008 R2 Management Objects (x64)Microsoft SQL Server 2008 R2 Native ClientMicrosoft SQL Server 2008 R2 PoliciesMicrosoft SQL Server 2008 R2 RsFx DriverMicrosoft SQL Server 2008 R2 Setup (English)Microsoft SQL Server 2008 R2 Transact-SQL Language ServiceMicrosoft SQL Server 2008 RsFx DriverMicrosoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 for Devices ENUMicrosoft SQL Server Compact 3.5 SP1 Design Tools EnglishMicrosoft SQL Server Compact 3.5 SP2 ENUMicrosoft SQL Server Compact 3.5 SP2 Query Tools ENUMicrosoft SQL Server Compact 3.5 SP2 x64 ENUMicrosoft SQL Server Database Publishing Wizard 1.3Microsoft SQL Server Database Publishing Wizard 1.4Microsoft SQL Server Native ClientMicrosoft SQL Server Setup Support Files (English)Microsoft SQL Server System CLR TypesMicrosoft SQL Server System CLR Types (x64)Microsoft Sync Framework Runtime v1.0 SP1 (x64)Microsoft Sync Framework SDK v1.0 SP1Microsoft Sync Framework Services v1.0 SP1 (x64)Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)Microsoft System CLR Types for SQL Server "Denali" CTP3 (x64)Microsoft Team Foundation Server 2010 Object Model - ENUMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319Microsoft Visual F# 2.0 RuntimeMicrosoft Visual Studio 2005 Tools for Office RuntimeMicrosoft Visual Studio 2008 Professional Edition - ENUMicrosoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140)Microsoft Visual Studio 2008 Remote Debugger - ENUMicrosoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140)Microsoft Visual Studio 2010 ADO.NET Entity Framework ToolsMicrosoft Visual Studio 2010 IntelliTrace Collection (x64)Microsoft Visual Studio 2010 Office Developer Tools (x64)Microsoft Visual Studio 2010 Performance Collection Tools - ENUMicrosoft Visual Studio 2010 SharePoint Developer ToolsMicrosoft Visual Studio 2010 Shell (Integrated) - ENUMicrosoft Visual Studio 2010 Shell (Isolated) - ENUMicrosoft Visual Studio 2010 Tools for Office Runtime (x64)Microsoft Visual Studio 2010 Ultimate - ENUMicrosoft Visual Studio Tools for Applications - DesignTime 3.0 ENUMicrosoft Visual Studio Tools for Applications - RunTime 3.0 x64 ENUMicrosoft Visual Studio Tools for Applications - RunTime 3.0 x86 ENUMicrosoft Visual Studio Tools for Applications 2.0 - ENUMicrosoft Visual Studio Web Authoring ComponentMicrosoft VSS Writer for SQL Server "Denali" CTP3Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enuMicrosoft Windows SDK for Visual Studio 2008 Headers and LibrariesMicrosoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSenseMicrosoft Windows SDK for Visual Studio 2008 SP1 ToolsMicrosoft Windows SDK for Visual Studio 2008 SP1 Win32 ToolsMSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NEC Electronics USB 3.0 Host Controller DriverNetLogo 5.0OpenOffice.org 3.3ORCAPdf995 (installed by H&R Block)PdfEdit995 (installed by H&R Block)PL-2303 USB-to-SerialPlayReady PC Runtime amd64PMBQuickTimeRealtek High Definition Audio DriverRICOH R5U230 Media Driver ver.2.10.03.02Security Update for 2007 Microsoft Office System (KB2288621)Security Update for 2007 Microsoft Office System (KB2584063)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office system 2007 (972581)Security Update for Microsoft Office system 2007 (KB974234)Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2251487)Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972222)Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973675)Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2251489)Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit)Service Pack 2 for SQL Server 2008 (KB2285068) (64-bit)Skype Click to CallSkype™ 6.1Source Depot BrowserSQL Server "Denali" CTP3 Analysis ServicesSQL Server "Denali" CTP3 BI Development StudioSQL Server "Denali" CTP3 Client ToolsSQL Server "Denali" CTP3 Common FilesSQL Server "Denali" CTP3 Data quality serviceSQL Server "Denali" CTP3 Database Engine ServicesSQL Server "Denali" CTP3 Database Engine SharedSQL Server "Denali" CTP3 Full text searchSQL Server "Denali" CTP3 Integration ServicesSQL Server "Denali" CTP3 Management StudioSQL Server "Denali" CTP3 Master Data ServicesSQL Server 2008 R2 Reporting ServicesSQL Server 2008 R2 SP1 Analysis ServicesSQL Server 2008 R2 SP1 BI Development StudioSQL Server 2008 R2 SP1 Client ToolsSQL Server 2008 R2 SP1 Common FilesSQL Server 2008 R2 SP1 Database Engine ServicesSQL Server 2008 R2 SP1 Database Engine SharedSQL Server 2008 R2 SP1 Full text searchSQL Server 2008 R2 SP1 Integration ServicesSQL Server 2008 R2 SP1 Management StudioSQL Server 2008 R2 SP1 Reporting ServicesSQL Server Browser for SQL Server "Denali" CTP3Sql Server Customer Experience Improvement ProgramSynaptics Pointing Device DriverTCX Converter 2.0.29TomTom HOMETomTom HOME Visual Studio Merge ModulesTOSHIBA Application InstallerTOSHIBA AssistToshiba Book PlaceTOSHIBA Bulletin BoardTOSHIBA Disc CreatorTOSHIBA DVD PLAYERTOSHIBA eco UtilityTOSHIBA Face RecognitionTOSHIBA HDD ProtectionTOSHIBA HDD/SSD AlertTOSHIBA Media ControllerTOSHIBA Media Controller Plug-inTOSHIBA PC Health MonitorTOSHIBA Quality ApplicationTOSHIBA Recovery Media CreatorTOSHIBA ReelTimeTOSHIBA Service StationTOSHIBA Sleep UtilityTOSHIBA Value Added PackageTOSHIBA Web Camera ApplicationToshibaRegistrationUpdate for 2007 Microsoft Office System (KB2284654)Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 System (KB2539530)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553455) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft Visual Studio Web Authoring Component (KB945140)Value Line Investment Analyzer v3.0VC Runtimes MSIVisual C++ 2008 IA64 Runtime - (v9.0.30729)Visual C++ 2008 IA64 Runtime - v9.0.30729.01Visual C++ 2008 x64 Runtime - (v9.0.30729)Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)Visual C++ 2008 x64 Runtime - (v9.0.30729.6161)Visual C++ 2008 x64 Runtime - v9.0.30729.01Visual C++ 2008 x64 Runtime - v9.0.30729.4148Visual C++ 2008 x64 Runtime - v9.0.30729.6161Visual C++ 2008 x86 Runtime - (v9.0.30729)Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)Visual C++ 2008 x86 Runtime - v9.0.30729.01Visual C++ 2008 x86 Runtime - v9.0.30729.4148Visual C++ 2008 x86 Runtime - v9.0.30729.6161Visual Studio .NET Prerequisites - EnglishVisual Studio 2005 Tools for Office Second Edition RuntimeVisual Studio 2010 Prerequisites - EnglishVisual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENUVisual Studio Tools for the Office system 3.0 RuntimeVisual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)Web Deployment ToolWIDCOMM Bluetooth SoftwareWindows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MailWindows Live MessengerWindows Live Movie MakerWindows Live Photo GalleryWindows Live Sign-in AssistantWindows Live SyncWindows Live Upload ToolWindows Live WriterWindows Mobile 5.0 SDK R2 for Pocket PCWindows Mobile 5.0 SDK R2 for SmartphoneWindows Mobile Device CenterXMindYahoo! Detect.==== Event Viewer Messages From Past Week ========.6/26/2013 9:53:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.6/26/2013 9:52:57 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain REDMOND due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.6/25/2013 4:29:38 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.6/25/2013 2:54:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.470.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 6/25/2013 2:49:34 PM, Error: FPMAgent [303] - The Forefront Protection Manager agent has failed to load an asset protection technology adapter. Asset Protection Technology: SSA Error Code: 0x800700026/25/2013 2:49:34 PM, Error: FPMAgent [303] - The Forefront Protection Manager agent has failed to load an asset protection technology adapter. Asset Protection Technology: AM Error Code: 0x800700026/25/2013 2:43:37 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).6/25/2013 2:43:35 PM, Error: Microsoft-Windows-Smartcard-Server [602] - WDM Reader driver initialization cannot open reader device: The system cannot find the path specified.6/25/2013 2:28:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.470.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 6/25/2013 2:28:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.470.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x8024001f Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 6/25/2013 11:23:22 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.6/25/2013 11:23:22 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.6/25/2013 10:48:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.470.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 6/24/2013 3:44:21 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.470.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 6/24/2013 2:57:35 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.443.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 6/24/2013 2:51:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SMS Agent Host service to connect.6/24/2013 2:51:01 PM, Error: Service Control Manager [7000] - The SMS Agent Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.6/24/2013 2:48:27 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: After starting, the service hung in a start-pending state.6/24/2013 2:48:26 PM, Error: Service Control Manager [7022] - The Application Virtualization Client service hung on starting.6/23/2013 4:44:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.443.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 6/23/2013 4:05:35 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.372.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 6/23/2013 3:47:30 PM, Error: Service Control Manager [7022] - The Intel® Management & Security Application User Notification Service service hung on starting.6/21/2013 3:46:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.258.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 6/21/2013 3:36:37 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 876/21/2013 10:16:35 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.350.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 6/21/2013 10:16:03 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {B07C1D3E-637B-4C71-BC2F-06665F376A59} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.6/20/2013 12:34:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.104.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. .==== End Of File =========================== dds.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.21.2Run by TomCon at 10:25:45 on 2013-06-26Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3824.1291 [GMT -7:00].AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\windows\system32\svchost.exe -k LocalServiceC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\Program Files (x86)\Cobian Backup 10\cbVSCService.exeC:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exeC:\Program Files (x86)\Fitbit\fitbit.exec:\Program Files\Microsoft Forefront\Forefront Endpoint Protection\2010\Agent\FPMAgent.exeC:\Program Files (x86)\Forefront TMG Client\FwcAgent.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Microsoft IT DirectAccess Setup\msitcertsvc.exeC:\windows\system32\MsitTpmSvc.exeC:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXEC:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\windows\system32\svchost.exe -k regsvcC:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\windows\system32\svchost.exe -k imgsvcC:\windows\system32\ThpSrv.exeC:\windows\system32\TODDSrv.exeC:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exeC:\Program Files\Toshiba\Power Saver\TosCoSrv.exeC:\Program Files\TOSHIBA\TECO\TecoService.exeC:\Program Files\Intel\WiMAX\Bin\AppSrv.exeC:\windows\system32\SearchIndexer.exeC:\Program Files\Intel\WiMAX\Bin\DMAgent.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\windows\system32\MsitBlSHA.ExeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\windows\system32\svchost.exe -k bthsvcsC:\windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\Windows\System32\ThpSrv.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Windows\WindowsMobile\wmdc.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\windows\system32\svchost.exe -k WindowsMobileC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files (x86)\Fitbit\fitbit-tray.exeC:\windows\system32\wbem\unsecapp.exeC:\windows\CCM\CcmExec.exeC:\Program Files (x86)\Garmin\Training Center\gStart.exeC:\Users\TomCon\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXEC:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exeC:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exeC:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files (x86)\Forefront TMG Client\FwcMgmt.exeC:\Users\TomCon\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exeC:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exeC:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exeC:\Program Files (x86)\Freecorder\FLVSrvc.exeC:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\windows\SysWOW64\RunDll32.exeC:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\windows\system32\wbem\wmiprvse.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exeC:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEC:\windows\splwow64.exeC:\Program Files (x86)\Evernote\Evernote\Evernote.exeC:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exeC:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\windows\SysWOW64\DllHost.exeC:\PROGRA~2\COPERN~1\DESKTO~1.EXEC:\windows\explorer.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exeC:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\windows\system32\SnippingTool.exeC:\windows\SYSTEM32\WISPTIS.EXEC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\windows\system32\WLANExt.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyServer = itgproxy.redmond.corp.microsoft.com:80uProxyOverride = <local>uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dllmURLSearchHooks: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dllmURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dllmWinlogon: Userinit = userinit.exe,BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\TomCon\AppData\Roaming\Complitly\Complitly.dllBHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dllBHO: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dllBHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dllBHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dllTB: Elf 1 Toolbar: {22E03916-85C5-44B0-8DC9-1830C11238D9} - C:\Program Files (x86)\Elf_1\tbElf_.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Freecorder Toolbar: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dllTB: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dllTB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllEB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} - uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exeuRun: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exeuRun: [skyDrive] "C:\Users\TomCon\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /backgrounduRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"uRun: [Copernic Desktop Search - Home] "C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe" /traymRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorunmRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exemRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60mRun: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exemRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkeymRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exemRun: [DcaTray] C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /runmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\Users\TomCon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\TomCon\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\Users\TomCon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exeStartupFolder: C:\Users\TomCon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MLBTVN~1.LNK - C:\Users\TomCon\AppData\Local\Autobahn\mlb-nexdef-autobahn.exeStartupFolder: C:\Users\TomCon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FOREFR~1.LNK - C:\Program Files (x86)\Forefront TMG Client\FwcMgmt.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: EnableAutoApproveHeuristics = dword:1IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.htmlIE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllIE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllIE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.htmlLSP: C:\Program Files (x86)\Forefront TMG Client\FwcWsp.dllTCP: NameServer = 184.16.33.54 184.16.4.22TCP: Interfaces\{283F5D85-D48A-4CBC-A2FE-114FD57AE10B} : DHCPNameServer = 184.16.33.54 184.16.4.22TCP: Interfaces\{283F5D85-D48A-4CBC-A2FE-114FD57AE10B}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1TCP: Interfaces\{283F5D85-D48A-4CBC-A2FE-114FD57AE10B}\451627569747F6E663 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{283F5D85-D48A-4CBC-A2FE-114FD57AE10B}\94E666F627D616E45647 : DHCPNameServer = 99.99.99.53 99.99.99.153Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSSODL: WebCheck - <orphaned>LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u msoidsspmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\TomCon\AppData\Roaming\Complitly\64\Complitly64.dllx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEx64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exex64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exex64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exex64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exex64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exex64-Run: [ThpSrv] C:\windows\System32\thpsrv /logonx64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /rx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exex64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exex64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplashx64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exex64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exex64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Run: [Windows Mobile Device Center] C:\windows\WindowsMobile\wmdc.exex64-Run: [FCS Notify Icon] "c:\Program Files\Microsoft Forefront\Forefront Endpoint Protection\2010\UX\FEPClientUI.exe" -IconOnlyx64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Trayx64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.============= SERVICES / DRIVERS ===============.R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-10-12 482384]R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2010-10-24 189440]R1 nm3;Microsoft Network Monitor 3 Driver;C:\windows\System32\drivers\nm3.sys [2010-6-9 46392]R1 RsFx0151;RsFx0151 Driver;C:\windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2010-11-1 67584]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]R2 DcaSvc;DirectAccess Connectivity Assistant Service;C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe [2011-4-14 122768]R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-3-17 408576]R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2011-2-9 779896]R2 FPMAgent;Microsoft Forefront Protection Manager Agent;C:\Program Files\Microsoft Forefront\Forefront Endpoint Protection\2010\Agent\FPMAgent.exe [2010-4-8 340848]R2 FwcAgent;Forefront TMG Client Agent;C:\Program Files (x86)\Forefront TMG Client\FwcAgent.exe [2009-10-14 275424]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-24 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-24 701512]R2 MsitBlSHA;MsitBlSHA;C:\windows\System32\MsitBlSHA.Exe [2010-3-8 130048]R2 MSITDACertMgr;Microsoft IT DirectAccess Service ;C:\Program Files (x86)\Microsoft IT DirectAccess Setup\msitcertsvc.exe [2011-2-17 18944]R2 MsitTpmSvc;MSIT TPM Security Service;C:\windows\System32\MsitTpmSvc.exe [2011-1-19 79360]R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-2-23 2061728]R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]R2 risdpcie;risdpcie;C:\windows\System32\drivers\risdpe64.sys [2010-10-12 81920]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-12-5 92632]R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2010-4-23 259440]R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-12 2320920]R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\windows\System32\drivers\bcbtums.sys [2012-3-2 163368]R3 bpenum;bpenum;C:\windows\System32\drivers\bpenum.sys [2010-5-16 71168]R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2010-5-16 175104]R3 bpusb;bpusb;C:\windows\System32\drivers\bpusb.sys [2010-5-16 81920]R3 btwampfl;btwampfl Bluetooth filter driver;C:\windows\System32\drivers\btwampfl.sys [2013-2-14 594472]R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2013-2-14 39976]R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\windows\System32\drivers\e1k62x64.sys [2011-7-20 342704]R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-10-12 56344]R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-26 158976]R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-6-24 25928]R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2010-9-14 760168]R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2010-9-14 268648]R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2010-9-14 25960]R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2010-9-14 22376]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-10-12 54136]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-6-18 39832]S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]S3 cxbu0x64;OMNIKEY 3x21;C:\windows\System32\drivers\cxbu0x64.sys [2011-9-6 177920]S3 lpasvc;Microsoft Policy Platform Local Authority;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2011-6-10 57344]S3 lppsvc;Microsoft Policy Platform Processor;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2011-6-10 57344]S3 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-6-17 210784]S3 MsDtsServer110;SQL Server Integration Services 11.0;C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [2011-6-14 201216]S3 MSOLAP$DENALI;SQL Server Analysis Services (DENALI);C:\Program Files\Microsoft SQL Server\MSAS11.DENALI\OLAP\bin\msmdsrv.exe [2011-6-14 62665728]S3 MSOLAP$DENALIX86;SQL Server Analysis Services (DENALIX86);C:\Program Files (x86)\Microsoft SQL Server\MSAS11.DENALIX86\OLAP\bin\msmdsrv.exe [2011-6-14 47510528]S3 MSSQL$DENALI;SQL Server (DENALI);C:\Program Files\Microsoft SQL Server\MSSQL11.DENALI\MSSQL\Binn\sqlservr.exe [2011-6-14 217600]S3 MSSQLFDLauncher$DENALI;SQL Full-text Filter Daemon Launcher (DENALI);C:\Program Files\Microsoft SQL Server\MSSQL11.DENALI\MSSQL\Binn\fdlauncher.exe [2011-6-14 34304]S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-2-24 78336]S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-2-24 181248]S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-10-12 35008]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2011-9-7 20992]S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-6-17 2180960]S3 SIUSBXP;SIUSBXP;C:\windows\System32\drivers\SiUSBXp.sys [2011-2-9 16384]S3 SQLAgent$DENALI;SQL Server Agent (DENALI);C:\Program Files\Microsoft SQL Server\MSSQL11.DENALI\MSSQL\Binn\SQLAGENT.EXE [2011-6-14 577536]S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-5-10 836016]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-9-7 59392]S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-10-27 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S4 CmRcService;Configuration Manager Remote Control;C:\Windows\CCM\RemCtrl\CmRcService.exe [2011-8-9 579440]S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]S4 RsFx0103;RsFx0103 Driver;C:\windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]S4 RsFx0200;RsFx0200 Driver;C:\windows\System32\drivers\RsFx0200.sys [2011-6-14 326496]S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 430424].=============== Created Last 30 ================.2013-06-26 05:51:01 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C2066AAF-6ED7-4614-A0E7-EA492FD31328}\mpengine.dll2013-06-24 22:06:28 -------- d-----w- C:\Users\TomCon\AppData\Roaming\Malwarebytes2013-06-24 22:06:13 -------- d-----w- C:\ProgramData\Malwarebytes2013-06-24 22:06:10 25928 ----a-w- C:\windows\System32\drivers\mbam.sys2013-06-24 22:06:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-06-24 22:05:55 -------- d-----w- C:\Users\TomCon\AppData\Local\Programs2013-06-24 19:56:36 -------- d-----w- C:\Users\TomCon\AppData\Local\CRE2013-06-24 19:55:22 -------- d-----w- C:\Users\TomCon\AppData\Local\SwvUpdater.==================== Find3M ====================.2013-06-11 18:59:47 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-11 18:59:47 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2013-05-18 04:12:03 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll2013-05-18 04:11:57 866720 ----a-w- C:\windows\SysWow64\npdeployJava1.dll2013-05-18 04:11:57 788896 ----a-w- C:\windows\SysWow64\deployJava1.dll2013-05-02 15:29:56 278800 ------w- C:\windows\System32\MpSigStub.exe.============= FINISH: 10:31:35.99 ===============

Thank you for the reply. I am attaching the log files that were produced. Please let me know if this helps develop a theory as to what is going on, or any additional steps you advise that i take to remove this attempt to contact this IP address. Thanks! Tom attach.txt dds.txt CheckResults.txt

Since installing and running Malwarebytes anti-malware, i have been getting frequent popups from my system tray, about a blocked web site. Usually occurring several times an hour. It gives an IP address, always the same one, says Type:outgoing, and process is chrome.exe. Although i'm glad the site is being blocked, this makes me feel uneasy. Does the fact that this keeps happening mean that some maleware is still left on my computer, that is able to initiate an attempt to connect to this IP address, and that even malware bytes has not detected and removed it? If there is anything else i should do (besides worry) please let me know. Can i stop this attempt from being made, rather this simply just blocking it after the attempt to connect is made? Or, at least if you can give me an overview explanation of what is likely going on, i'd be happy to hear it, just to satisfy my intellectual curiosity and to understand more for the future. Thanks! Tom