[I have a web site exclusion in settings - don't know where it came from.]

Looking in Anti-Malewarebytes under settings/Web Exclusions, there is a site listed.  I've never heard of it, don't ever recall looking at it or encountering it (in other words, never heard of it before this moment), and i wonder why it is listed in exclusions.  has some malware penetrated and put it there?

 

The site is listed in two forms.

www.movpins.com

movpins.com

 

Of course i can remove it from exclusions.  But, please advise if you have an idea how this happened, and if it is cause for additional worry.

 

What caused me to "be concerned" and even look is that when doing a google search, simply at "google.com" it popped up a captcha and said it was testing to see if i was really a person, as requests that violate my google terms of service are coming from my computer (I am a normal, "personal" user and doubt i would violate google terms of service).

 

Please advise.

 

thanks!

 

[mbam.exe hitting disk so hard, system slows to nearly halt]

[Windows 7]

 

I am having trouble with a slow system.  years ago it used to be that CPU capacity was used up. Now-a-days it is disk that is slowing it.  CPU is below 50%, but disk light is lit continually.  It is nearly halting my use.  Sometimes i can't move the mouse for like 15 seconds, then can for a few seconds, then not for 15 seconds again, etc. Then after maybe 2-3 minutes, reasonable system responsiveness starts again...for a little while, and then the above starts happening again.

 

When i can finally get to a "resource monitor" window, often it has been mbam.exe process that is hitting the disk, like at rates above 2million bytes/sec. Unfortunately, this is happening frequently.  If it were very intermittent, i wouldn't mind so much, but happening like several times a day -- every hour or two or so.

 

Can anything be done about it?  I do want the protection and yet, I cannot keep having these totally unresponsive gaps, it really interrupts the productivity flow. Can this process be made lower priority so it doesn't interrupt other processes, or something like that? Something that will keep the protection, but not impact disk so heavily, so often?

 

Thanks for any ideas you can offer.

 

Tom

 

[My system keeps attempting to access a blocked web site]

OK.  It marches along.

 

One interesting thing to note, that even BEFORE the adware removal step, i had not gotten a warning about accessing the IP address during a few hours of PC use (while previously it was happening at least a few times an hour).  Perhaps the previous step was the one that removed the offending issues.  We shall see.  At any rate, now has been maybe a half hour since reboot after adware removal, and also have not seen a blocked attempt.

 

At any rate, here are the logs from the last two steps.

 

Thanks much, once again!

 

Let me know what you think.

 

Tom

 

 

 

Adware Cleaner

 

# AdwCleaner v2.303 - Logfile created 06/28/2013 at 12:59:55

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : TomCon - TOMCON-PC

# Boot Mode : Normal

# Running from : C:\Users\TomCon\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Deleted on reboot : C:\Users\TomCon\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi

File Deleted : C:\END

File Deleted : C:\user.js

File Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008\Microsoft Visual Studio 2008 Documentation.lnk

Folder Deleted : C:\Program Files (x86)\Elf_1

Folder Deleted : C:\Program Files (x86)\Freecorder

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder

Folder Deleted : C:\ProgramData\Partner

Folder Deleted : C:\Users\Backup\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Backup\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\Backup\AppData\LocalLow\Elf_1

Folder Deleted : C:\Users\Backup\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Campaign\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Campaign\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\Campaign\AppData\LocalLow\Elf_1

Folder Deleted : C:\Users\Campaign\AppData\LocalLow\Freecorder

Folder Deleted : C:\Users\Campaign\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Campaign\Documents\Freecorder

Folder Deleted : C:\Users\DaleS\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\DaleS\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\DaleS\AppData\LocalLow\Elf_1

Folder Deleted : C:\Users\DaleS\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\TomCon\AppData\Local\Conduit

Folder Deleted : C:\Users\TomCon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda

Folder Deleted : C:\Users\TomCon\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi

Folder Deleted : C:\Users\TomCon\AppData\Local\SwvUpdater

Folder Deleted : C:\Users\TomCon\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\TomCon\AppData\LocalLow\Elf_1

Folder Deleted : C:\Users\TomCon\AppData\LocalLow\Freecorder

Folder Deleted : C:\Users\TomCon\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\TomCon\AppData\Roaming\Complitly

Folder Deleted : C:\Users\TomCon\Documents\Freecorder

Folder Deleted : C:\Users\v-TomCon\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\v-TomCon\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\v-TomCon\AppData\LocalLow\Elf_1

Folder Deleted : C:\Users\v-TomCon\AppData\LocalLow\PriceGong

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\Elf_1

Key Deleted : HKCU\Software\AppDataLow\Software\Freecorder

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Ask&Record

Key Deleted : HKCU\Software\Complitly

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Freecorder

Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{22E03916-85C5-44B0-8DC9-1830C11238D9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22E03916-85C5-44B0-8DC9-1830C11238D9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD

Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2856415

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Elf_1

Key Deleted : HKLM\Software\Freecorder

Key Deleted : HKLM\Software\Funmoods

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F720DCA-D646-4033-8826-9C68DD31A351}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}

Key Deleted : HKLM\Software\SimplyGen

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22E03916-85C5-44B0-8DC9-1830C11238D9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2F720DCA-D646-4033-8826-9C68DD31A351}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A6ECF42-975D-46C0-9518-38C95199C343}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A50B4676-368F-489E-9300-F3DB3C198175}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F47A24B9-36A8-430A-A48D-32F15B081E6A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22E03916-85C5-44B0-8DC9-1830C11238D9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Elf_1 Toolbar

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{22E03916-85C5-44B0-8DC9-1830C11238D9}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{22E03916-85C5-44B0-8DC9-1830C11238D9}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{22E03916-85C5-44B0-8DC9-1830C11238D9}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.7601.17514

 

[OK] Registry is clean.

 

-\\ Google Chrome v27.0.1453.116

 

File : C:\Users\TomCon\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

 

*************************

 

AdwCleaner[R1].txt - [12336 octets] - [28/06/2013 11:23:26]

AdwCleaner[s1].txt - [317 octets] - [28/06/2013 12:58:08]

AdwCleaner[s2].txt - [12358 octets] - [28/06/2013 12:59:55]

 

########## EOF - C:\AdwCleaner[s2].txt - [12419 octets] ##########

 

Checkup.txt

 

 Results of screen317's Security Check version 0.99.68  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Forefront Endpoint Protection   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 7 Update 21  

 Java version out of Date! 

 Adobe Reader 10.1.7 Adobe Reader out of Date!  

 Google Chrome 27.0.1453.110  

 Google Chrome 27.0.1453.116  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials msseces.exe 

 Windows Defender MSMpEng.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Microsoft Security Client Antimalware MsMpEng.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

 Microsoft Security Client Antimalware NisSrv.exe  

 Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE 

 Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 

 

 

[My system keeps attempting to access a blocked web site]

Wow, its a long road!

 

I ran Adwcleaner, and looked over the log file.  There is nothing there that i would remind removing.

 

Thanks!

 

Here is the log file.  Let me know what the next step is.

 

Tom

 

AdwCleanerR1.txt

[My system keeps attempting to access a blocked web site]

I have run combofix, and attached the log file.

 

Please let me know what you think the next step is.

 

Thanks much!

 

Tom

 

ComboFix.txt

[My system keeps attempting to access a blocked web site]

OH NO, BLOCKED WEBSITE POPUP IS BACK!  SAME IP ADDRESS AS BEFORE.

 

Sorry to say, all the cleaning does not appear to have gotten to the root cause.  Just got the popup back again.

 

Any further suggestions?

 

Thanks,

Tom

[My system keeps attempting to access a blocked web site]

Thanks very much for all the easy-to-follow, step by step help.  Do you think i am done??

 

It appears that my system is cleaned.  Have not seen that "web site blocked" popup for a little while, though i think i would like to not see it for a day or so before concluding that all is clear.

 

I ran the mbar program twice.  First time four threats were removed, second time 0.

 

I then ran malwarebytes, quick scan, and no threats were detected.

 

I have attached the log files from the above.

 

Please let me know if you think there is anything more that i need to do.

 

Thanks again for all the help!

 

Tom

 

mbar-log-2013-06-27 (08-56-10).txt

mbar-log-2013-06-27 (00-42-33).txt

mbam-log-2013-06-27 (15-27-00).txt

mbam-log-2013-06-27 (15-27-00).txt

mbar-log-2013-06-27 (08-56-10).txt

mbar-log-2013-06-27 (00-42-33).txt

[My system keeps attempting to access a blocked web site]

Thanks very much for all the easy-to-follow, step by step help.  Do you think i am done??

 

It appears that my system is cleaned.  Have not seen that "web site blocked" popup for a little while, though i think i would like to not see it for a day or so before concluding that all is clear.

 

I ran the mbar program twice.  First time four threats were removed, second time 0.

 

I then ran malwarebytes, quick scan, and no threats were detected.

 

I have attached the log files from the above.

 

Please let me know if you think there is anything more that i need to do.

 

Thanks again for all the help!

 

Tom

 

 

[My system keeps attempting to access a blocked web site]

FYI, i did stop this despite despite an alert that warned about danger of aborting scan in progress.  Have now restarted.  I now see that this takes a VERY LONG time and at times appears to be dead.  It seems to go through periods of using no CPU or disk I/O (looking at process in task manager), but then seems to wake up again.  Its been running about 3 hours now, but i don't know what percent of complete that represents.  My C drive has 247 GB in use.  This app does not seem to want to use up much of the available CPU.  Usually only 6-8%, while not much else other than systems processes are running.

 

I'll check it again in the morning!

 

Thanks!

 

Tom

[My system keeps attempting to access a blocked web site]

Encountered possible PROBLEM/ISSUE.  A screen shot is attached.

 

After running the scan, which appeared to run fine, now, both the Previous and the Next buttons are grayed out.  Malware was found! Only 'Cancel' is possible to use.  The app is not completely dead, though, as i can scroll the scrollbar, and move the window.  But, i have waited quite a while and the state is not changing.

 

I think i may just use the Cancel and then try running it again, though i can wait a little while to see if i hear anything differently.

 

Thanks,

Tom

 

[My system keeps attempting to access a blocked web site]

OK, thanks much for looking at this and working with me.

 

I did download and run the scanner you mentioned, and did not remove anything, just closed it when it finished.

 

Here is the output of the log file that ends up on the desktop.

 

So...let me know what the next step is!

 

Also, at the end of the scan, IE opened to the following URL.  I just closed the IE window.  I hope it is not a further problem that it launched like that.  This is the URL that was opened: 

http://tigzyrk.blogspot.fr/2011/12/ransomware-gendarmerie-nationale.html

 

 

Thanks!

 

Tom

 

Content of RKreport[0]_S_06262013_163624.txt

 

RogueKiller V8.6.1 [Jun 25 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : TomCon [Admin rights]

Mode : Scan -- Date : 06/26/2013 16:36:24

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 3 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (itgproxy.redmond.corp.microsoft.com:80) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 6 ¤¤¤

[V2][sUSP PATH] CHV3 : C:\windows\Temp\ClientHealth\HealthMonitor\MSCH_2.BAT [-] -> FOUND

[V2][sUSP PATH] Microsoft IT DirectAccess - DNS Suffix Search List : cscript - "%SystemRoot%\msitda-searchlist.vbs" [x][-] -> FOUND

[V2][sUSP PATH] Microsoft IT DirectAccess - Install or Update Software : \\msitda-server\MsitDaInstall\msit_da_install.bat - > C:\windows\msitda_copy.txt 2>&1 [x][-] -> FOUND

[V2][sUSP PATH] OnlineMonitor : C:\windows\Temp\ClientHealth\OnlineMonitor\OnlineMonitor_2.BAT [-] -> FOUND

[V2][Rans.Gendarm] Update : update.cmd -> FOUND

[V2][sUSP PATH] Disconnect : netsh - ipsec static importpolicy file="%ALLUSERSPROFILE%\Microsoft\Network\Connections\Cm\MSITVPN\MSITVPN.ipsec" [x][x][x][-] -> FOUND

 

¤¤¤ Startup Entries : 10 ¤¤¤

[Default][sUSP PATH] Best Buy pc app.lnk : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND

[Default User][sUSP PATH] Best Buy pc app.lnk : C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND

[MsDtsServer110][sUSP PATH] Best Buy pc app.lnk : C:\Users\MsDtsServer110\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND

[MSOLAP$DENALI][sUSP PATH] Best Buy pc app.lnk : C:\Users\MSOLAP$DENALI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND

[MSOLAP$DENALIX86][sUSP PATH] Best Buy pc app.lnk : C:\Users\MSOLAP$DENALIX86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND

[MSSQL$DENALI][sUSP PATH] Best Buy pc app.lnk : C:\Users\MSSQL$DENALI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND

[MSSQLFDLauncher$DENALI][sUSP PATH] Best Buy pc app.lnk : C:\Users\MSSQLFDLauncher$DENALI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND

[TEMP][sUSP PATH] Best Buy pc app.lnk : C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND

[TomCon][sUSP PATH] MLB.TV NexDef Plug-in.lnk : C:\Users\TomCon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk @C:\Users\TomCon\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [-][x] -> FOUND

[v-cyande][sUSP PATH] Best Buy pc app.lnk : C:\Users\v-cyande\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> FOUND

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : Rans.Gendarm ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++

--- User ---

[MBR] f6814d6e9753da5f87822f00cd15d323

[bSP] c0432674fa546c6dc8809e05856d8452 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 465298 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 956004352 | Size: 10141 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_06262013_163624.txt >>

 

 

 

 

[My system keeps attempting to access a blocked web site]

From the other forum, they suggested that I post here.  Since installing Malwarebytes, i keep getting a popup from my system tray that access to a web site is being blocked.  This is happening at least once an hour, usually a few times an hour.  Always the same IP is given for the blocked site.  Type is 'outgoing' and process is chrome.exe.

 

As instructed i ran dds.com, and produced dds.txt and attach.txt.  I am pasting the results of those two files here.

 

If you can offer me any recommendations, i would appreciate it.

 

Thank you!

Tom

 

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate 

Boot Device: \Device\HarddiskVolume1

Install Date: 10/28/2010 4:37:07 AM

System Uptime: 6/25/2013 11:02:39 PM (11 hours ago)

.

Motherboard: TOSHIBA |  | Portable PC

Processor: Intel® Core i3 CPU       M 370  @ 2.40GHz | rBGA1288 Socket | 2399/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 454 GiB total, 222.99 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Virtual WiFi Miniport Adapter

Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&BE28B39&1&03

Manufacturer: Microsoft

Name: Microsoft Virtual WiFi Miniport Adapter

PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&BE28B39&1&03

Service: vwifimp

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Virtual WiFi Miniport Adapter

Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&BE28B39&1&04

Manufacturer: Microsoft

Name: Microsoft Virtual WiFi Miniport Adapter #2

PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&BE28B39&1&04

Service: vwifimp

.

==== System Restore Points ===================

.

RP687: 6/10/2013 6:17:10 PM - Windows Update

RP688: 6/14/2013 11:41:27 AM - Windows Update

RP689: 6/17/2013 12:58:13 PM - Windows Update

RP690: 6/21/2013 3:48:13 PM - Windows Update

RP692: 6/21/2013 10:15:03 PM - Microsoft Antimalware Checkpoint

RP693: 6/24/2013 4:23:05 PM - Removed PL-2303 USB-to-Serial

RP694: 6/25/2013 10:49:46 PM - Windows Update

.

==== Installed Programs ======================

.

7-Zip 9.21

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.7)

Agent Ransack 2010 (64-bit)

Amazon Kindle

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Applian FLV and Media Player 3.1.1.12

Audacity 2.0.2

Audible Download Manager

AudibleManager

Avery Template

Best Buy pc app

Beyond Compare Version 3.1.11

Bing Bar

Bonjour

Cobian Backup 10

Complitly

Configuration Manager Client

Copernic Desktop Search - Home

Crystal Reports Basic for Visual Studio 2008

Crystal Reports Basic Runtime for Visual Studio 2008 (x64)

Crystal Reports for Visual Studio

Definition update for Microsoft Office 2010 (KB982726)

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dotfuscator Software Services - Community Edition

Dropbox

Elf 1 Toolbar

Evernote v. 4.6.6

FFmpeg v0.6.2 for Audacity

Fitbit Base Station (Driver Removal)

Fitbit v1.3.3

Forefront TMG Client

Freecorder 5

Freecorder Toolbar

Freecorder Toolbar 3.0 Application

FreeMind

Garmin Training Center

Garmin USB Drivers

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GraphCalc v4.0.1

H&R Block Deluxe + Efile + State 2009

H&R Block Deluxe + Efile 2010

H&R Block Deluxe + Efile 2011

HexDump32

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)

Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2538241)

Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971092)

Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2455033)

HP FWUpdateEDO2

HP Officejet Pro 8600 Basic Device Software

HP Officejet Pro 8600 Help

HP Officejet Pro 8600 Product Improvement Study

HP Photo Creations

HP Photosmart 7510 series Basic Device Software

HP Photosmart 7510 series Help

HP Photosmart 7510 series Product Improvement Study

HP Update

HPDiagnosticAlert

I.R.I.S. OCR

Intel PROSet Wireless

Intel WiMAX Tutorial

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Network Connections Drivers

Intel® PROSet/Wireless WiFi Software

Intel® Rapid Storage Technology

Intel® PROSet/Wireless WiMAX Software

Intel® Wireless Display

iPod2PC 3.9.4

iTunes

Java 7 Update 21

Java Auto Updater

Junk Mail filter update

LADSPA_plugins-win-0.4.15

LAME v3.99.3 (for Windows)

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Compact Framework 2.0 SP2

Microsoft .NET Compact Framework 3.5

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 2

Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

Microsoft Books Online for SQL Server "Denali" CTP3

Microsoft Choice Guard

Microsoft Conferencing Add-in for Microsoft Office Outlook

Microsoft Device Emulator (64 bit) version 3.0 - ENU

Microsoft DirectAccess Connectivity Assistant

Microsoft Document Explorer 2008

Microsoft Easy Assist v2

Microsoft Forefront Endpoint Protection

Microsoft Forefront Endpoint Protection 2010

Microsoft Forefront Endpoint Protection 2010 Baseline Components

Microsoft Forefront Endpoint Protection 2010 Server Management

Microsoft Help Viewer 1.1

Microsoft IntelliPoint 8.0

Microsoft IT BitLocker Setup

Microsoft IT DirectAccess Setup

Microsoft IT DirectAccess SHA (x64)

Microsoft IT TPM Crypto Provider

Microsoft IT VPN

Microsoft Lync 2010

Microsoft MSN MoneyCentral Stock Quotes Add-In for Excel

Microsoft Network Monitor 3.4

Microsoft Network Monitor: NetworkMonitor Parsers 3.4

Microsoft Network Monitor: NetworkMonitor Parsers forSQLServer 3.4

Microsoft Office 2003 Web Components

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Live Meeting 2007

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Project MUI (English) 2010

Microsoft Office Project Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)

Microsoft Office Single Image 2010

Microsoft Office Visual Web Developer 2007

Microsoft Office Visual Web Developer MUI (English) 2007

Microsoft Office Word MUI (English) 2010

Microsoft Online Services Sign-in Assistant

Microsoft Policy Platform

Microsoft Product Studio 2.20

Microsoft Project 2010 Service Pack 1 (SP1)

Microsoft Project Professional 2010

Microsoft Report Viewer Redistributable 2008 (KB971119)

Microsoft Report Viewer Redistributable 2008 SP1

Microsoft Security Client

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft SkyDrive

Microsoft SQL Server "Denali" CTP3

Microsoft SQL Server "Denali" CTP3 (64-bit)

Microsoft SQL Server "Denali" CTP3 RsFx Driver

Microsoft SQL Server "Denali" CTP3 Setup (English)

Microsoft SQL Server "Denali" Native Client CTP3

Microsoft SQL Server "Denali" Policies CTP3

Microsoft SQL Server "Denali" PowerPivot for Excel CTP3 32-bit

Microsoft SQL Server "Denali" T-SQL Compiler Service CTP3

Microsoft SQL Server "Denali" Transact-SQL ScriptDom CTP3

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server 2008 (64-bit)

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 R2 (64-bit)

Microsoft SQL Server 2008 R2 Books Online

Microsoft SQL Server 2008 R2 Data-Tier Application Framework

Microsoft SQL Server 2008 R2 Data-Tier Application Project

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Management Objects (x64)

Microsoft SQL Server 2008 R2 Native Client

Microsoft SQL Server 2008 R2 Policies

Microsoft SQL Server 2008 R2 RsFx Driver

Microsoft SQL Server 2008 R2 Setup (English)

Microsoft SQL Server 2008 R2 Transact-SQL Language Service

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server 2008 Setup Support Files 

Microsoft SQL Server Compact 3.5 for Devices ENU

Microsoft SQL Server Compact 3.5 SP1 Design Tools English

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft SQL Server Database Publishing Wizard 1.3

Microsoft SQL Server Database Publishing Wizard 1.4

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server System CLR Types

Microsoft SQL Server System CLR Types (x64)

Microsoft Sync Framework Runtime v1.0 SP1 (x64)

Microsoft Sync Framework SDK v1.0 SP1

Microsoft Sync Framework Services v1.0 SP1 (x64)

Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)

Microsoft System CLR Types for SQL Server "Denali" CTP3 (x64)

Microsoft Team Foundation Server 2010 Object Model - ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319

Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319

Microsoft Visual F# 2.0 Runtime

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft Visual Studio 2008 Professional Edition - ENU

Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140)

Microsoft Visual Studio 2008 Remote Debugger - ENU

Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140)

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 IntelliTrace Collection (x64)

Microsoft Visual Studio 2010 Office Developer Tools (x64)

Microsoft Visual Studio 2010 Performance Collection Tools - ENU

Microsoft Visual Studio 2010 SharePoint Developer Tools

Microsoft Visual Studio 2010 Shell (Integrated) - ENU

Microsoft Visual Studio 2010 Shell (Isolated) - ENU

Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

Microsoft Visual Studio 2010 Ultimate - ENU

Microsoft Visual Studio Tools for Applications - DesignTime 3.0 ENU

Microsoft Visual Studio Tools for Applications - RunTime 3.0 x64 ENU

Microsoft Visual Studio Tools for Applications - RunTime 3.0 x86 ENU

Microsoft Visual Studio Tools for Applications 2.0 - ENU

Microsoft Visual Studio Web Authoring Component

Microsoft VSS Writer for SQL Server "Denali" CTP3

Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu

Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense

Microsoft Windows SDK for Visual Studio 2008 SP1 Tools

Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NEC Electronics USB 3.0 Host Controller Driver

NetLogo 5.0

OpenOffice.org 3.3

ORCA

Pdf995 (installed by H&R Block)

PdfEdit995 (installed by H&R Block)

PL-2303 USB-to-Serial

PlayReady PC Runtime amd64

PMB

QuickTime

Realtek High Definition Audio Driver

RICOH R5U230 Media Driver ver.2.10.03.02

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2251487)

Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972222)

Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973675)

Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2251489)

Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit)

Service Pack 2 for SQL Server 2008 (KB2285068) (64-bit)

Skype Click to Call

Skype™ 6.1

Source Depot Browser

SQL Server "Denali" CTP3 Analysis Services

SQL Server "Denali" CTP3 BI Development Studio

SQL Server "Denali" CTP3 Client Tools

SQL Server "Denali" CTP3 Common Files

SQL Server "Denali" CTP3 Data quality service

SQL Server "Denali" CTP3 Database Engine Services

SQL Server "Denali" CTP3 Database Engine Shared

SQL Server "Denali" CTP3 Full text search

SQL Server "Denali" CTP3 Integration Services

SQL Server "Denali" CTP3 Management Studio

SQL Server "Denali" CTP3 Master Data Services

SQL Server 2008 R2 Reporting Services

SQL Server 2008 R2 SP1 Analysis Services

SQL Server 2008 R2 SP1 BI Development Studio

SQL Server 2008 R2 SP1 Client Tools

SQL Server 2008 R2 SP1 Common Files

SQL Server 2008 R2 SP1 Database Engine Services

SQL Server 2008 R2 SP1 Database Engine Shared

SQL Server 2008 R2 SP1 Full text search

SQL Server 2008 R2 SP1 Integration Services

SQL Server 2008 R2 SP1 Management Studio

SQL Server 2008 R2 SP1 Reporting Services

SQL Server Browser for SQL Server "Denali" CTP3

Sql Server Customer Experience Improvement Program

Synaptics Pointing Device Driver

TCX Converter 2.0.29

TomTom HOME

TomTom HOME Visual Studio Merge Modules

TOSHIBA Application Installer

TOSHIBA Assist

Toshiba Book Place

TOSHIBA Bulletin Board

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA eco Utility

TOSHIBA Face Recognition

TOSHIBA HDD Protection

TOSHIBA HDD/SSD Alert

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

TOSHIBA PC Health Monitor

TOSHIBA Quality Application

TOSHIBA Recovery Media Creator

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Sleep Utility

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

ToshibaRegistration

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Visual Studio Web Authoring Component (KB945140)

Value Line Investment Analyzer v3.0

VC Runtimes MSI

Visual C++ 2008 IA64 Runtime - (v9.0.30729)

Visual C++ 2008 IA64 Runtime - v9.0.30729.01

Visual C++ 2008 x64 Runtime - (v9.0.30729)

Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)

Visual C++ 2008 x64 Runtime - (v9.0.30729.6161)

Visual C++ 2008 x64 Runtime - v9.0.30729.01

Visual C++ 2008 x64 Runtime - v9.0.30729.4148

Visual C++ 2008 x64 Runtime - v9.0.30729.6161

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)

Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Visual C++ 2008 x86 Runtime - v9.0.30729.4148

Visual C++ 2008 x86 Runtime - v9.0.30729.6161

Visual Studio .NET Prerequisites - English

Visual Studio 2005 Tools for Office Second Edition Runtime

Visual Studio 2010 Prerequisites - English

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

Visual Studio Tools for the Office system 3.0 Runtime

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)

Web Deployment Tool

WIDCOMM Bluetooth Software

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Mobile 5.0 SDK R2 for Pocket PC

Windows Mobile 5.0 SDK R2 for Smartphone

Windows Mobile Device Center

XMind

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

6/26/2013 9:53:51 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

6/26/2013 9:52:57 AM, Error: NETLOGON [5719]  - This computer was not able to set up a secure session with a domain controller in domain REDMOND due to the following:  There are currently no logon servers available to service the logon request.  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.   ADDITIONAL INFO  If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

6/25/2013 4:29:38 PM, Error: Microsoft-Windows-GroupPolicy [1129]  - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

6/25/2013 2:54:29 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.470.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

6/25/2013 2:49:34 PM, Error: FPMAgent [303]  - The Forefront Protection Manager agent has failed to load an asset protection technology adapter. Asset Protection Technology: SSA Error Code: 0x80070002

6/25/2013 2:49:34 PM, Error: FPMAgent [303]  - The Forefront Protection Manager agent has failed to load an asset protection technology adapter. Asset Protection Technology: AM Error Code: 0x80070002

6/25/2013 2:43:37 PM, Error: Microsoft-Windows-GroupPolicy [1055]  - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:  a) Name Resolution failure on the current domain controller.  b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

6/25/2013 2:43:35 PM, Error: Microsoft-Windows-Smartcard-Server [602]  - WDM Reader driver initialization cannot open reader device:  The system cannot find the path specified.

6/25/2013 2:28:34 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.470.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

6/25/2013 2:28:33 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.470.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024001f   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

6/25/2013 11:23:22 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.

6/25/2013 11:23:22 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

6/25/2013 10:48:43 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.470.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

6/24/2013 3:44:21 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.470.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

6/24/2013 2:57:35 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.443.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

6/24/2013 2:51:01 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the SMS Agent Host service to connect.

6/24/2013 2:51:01 PM, Error: Service Control Manager [7000]  - The SMS Agent Host service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

6/24/2013 2:48:27 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  After starting, the service hung in a start-pending state.

6/24/2013 2:48:26 PM, Error: Service Control Manager [7022]  - The Application Virtualization Client service hung on starting.

6/23/2013 4:44:23 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.443.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

6/23/2013 4:05:35 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.372.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

6/23/2013 3:47:30 PM, Error: Service Control Manager [7022]  - The Intel® Management & Security Application User Notification Service service hung on starting.

6/21/2013 3:46:22 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.258.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

6/21/2013 3:36:37 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 87

6/21/2013 10:16:35 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.350.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

6/21/2013 10:16:03 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {B07C1D3E-637B-4C71-BC2F-06665F376A59}  and APPID  {AD65A69D-3831-40D7-9629-9B0B50A93843}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

6/20/2013 12:34:19 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.104.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://sup-rd2-nlb.redmond.corp.microsoft.com:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

.

==== End Of File ===========================

 

dds.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.21.2

Run by TomCon at 10:25:45 on 2013-06-26

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3824.1291 [GMT -7:00]

.

AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k LocalService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe

C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe

C:\Program Files (x86)\Fitbit\fitbit.exe

c:\Program Files\Microsoft Forefront\Forefront Endpoint Protection\2010\Agent\FPMAgent.exe

C:\Program Files (x86)\Forefront TMG Client\FwcAgent.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Microsoft IT DirectAccess Setup\msitcertsvc.exe

C:\windows\system32\MsitTpmSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\windows\system32\svchost.exe -k regsvc

C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\ThpSrv.exe

C:\windows\system32\TODDSrv.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\windows\system32\MsitBlSHA.Exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\ThpSrv.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\windows\system32\svchost.exe -k WindowsMobile

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Fitbit\fitbit-tray.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\CCM\CcmExec.exe

C:\Program Files (x86)\Garmin\Training Center\gStart.exe

C:\Users\TomCon\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe

C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Forefront TMG Client\FwcMgmt.exe

C:\Users\TomCon\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exe

C:\Program Files (x86)\Freecorder\FLVSrvc.exe

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\windows\SysWOW64\RunDll32.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

C:\windows\splwow64.exe

C:\Program Files (x86)\Evernote\Evernote\Evernote.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\SysWOW64\DllHost.exe

C:\PROGRA~2\COPERN~1\DESKTO~1.EXE

C:\windows\explorer.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\SnippingTool.exe

C:\windows\SYSTEM32\WISPTIS.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\system32\WLANExt.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uProxyServer = itgproxy.redmond.corp.microsoft.com:80

uProxyOverride = <local>

uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll

mURLSearchHooks: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dll

mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll

mWinlogon: Userinit = userinit.exe,

BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\TomCon\AppData\Roaming\Complitly\Complitly.dll

BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll

BHO: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dll

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Elf 1 Toolbar: {22E03916-85C5-44B0-8DC9-1830C11238D9} - C:\Program Files (x86)\Elf_1\tbElf_.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Freecorder Toolbar: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll

TB: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\tbElf_.dll

TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} - 

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe

uRun: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe

uRun: [skyDrive] "C:\Users\TomCon\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

uRun: [Copernic Desktop Search - Home] "C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray

mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe

mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [DcaTray] C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\TomCon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\TomCon\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\TomCon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

StartupFolder: C:\Users\TomCon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MLBTVN~1.LNK - C:\Users\TomCon\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe

StartupFolder: C:\Users\TomCon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FOREFR~1.LNK - C:\Program Files (x86)\Forefront TMG Client\FwcMgmt.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: EnableAutoApproveHeuristics = dword:1

IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4

IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3

IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1

IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html

LSP: C:\Program Files (x86)\Forefront TMG Client\FwcWsp.dll

TCP: NameServer = 184.16.33.54 184.16.4.22

TCP: Interfaces\{283F5D85-D48A-4CBC-A2FE-114FD57AE10B} : DHCPNameServer = 184.16.33.54 184.16.4.22

TCP: Interfaces\{283F5D85-D48A-4CBC-A2FE-114FD57AE10B}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{283F5D85-D48A-4CBC-A2FE-114FD57AE10B}\451627569747F6E663 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{283F5D85-D48A-4CBC-A2FE-114FD57AE10B}\94E666F627D616E45647 : DHCPNameServer = 99.99.99.53 99.99.99.153

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\TomCon\AppData\Roaming\Complitly\64\Complitly64.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon

x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe

x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash

x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe

x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [Windows Mobile Device Center] C:\windows\WindowsMobile\wmdc.exe

x64-Run: [FCS Notify Icon] "c:\Program Files\Microsoft Forefront\Forefront Endpoint Protection\2010\UX\FEPClientUI.exe" -IconOnly

x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-10-12 482384]

R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2010-10-24 189440]

R1 nm3;Microsoft Network Monitor 3 Driver;C:\windows\System32\drivers\nm3.sys [2010-6-9 46392]

R1 RsFx0151;RsFx0151 Driver;C:\windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]

R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2010-11-1 67584]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

R2 DcaSvc;DirectAccess Connectivity Assistant Service;C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe [2011-4-14 122768]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-3-17 408576]

R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2011-2-9 779896]

R2 FPMAgent;Microsoft Forefront Protection Manager Agent;C:\Program Files\Microsoft Forefront\Forefront Endpoint Protection\2010\Agent\FPMAgent.exe [2010-4-8 340848]

R2 FwcAgent;Forefront TMG Client Agent;C:\Program Files (x86)\Forefront TMG Client\FwcAgent.exe [2009-10-14 275424]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-24 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-24 701512]

R2 MsitBlSHA;MsitBlSHA;C:\windows\System32\MsitBlSHA.Exe [2010-3-8 130048]

R2 MSITDACertMgr;Microsoft IT DirectAccess Service ;C:\Program Files (x86)\Microsoft IT DirectAccess Setup\msitcertsvc.exe [2011-2-17 18944]

R2 MsitTpmSvc;MSIT TPM Security Service;C:\windows\System32\MsitTpmSvc.exe [2011-1-19 79360]

R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2011-2-23 2061728]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 risdpcie;risdpcie;C:\windows\System32\drivers\risdpe64.sys [2010-10-12 81920]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]

R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-12-5 92632]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2010-4-23 259440]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-12 2320920]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]

R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\windows\System32\drivers\bcbtums.sys [2012-3-2 163368]

R3 bpenum;bpenum;C:\windows\System32\drivers\bpenum.sys [2010-5-16 71168]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2010-5-16 175104]

R3 bpusb;bpusb;C:\windows\System32\drivers\bpusb.sys [2010-5-16 81920]

R3 btwampfl;btwampfl Bluetooth filter driver;C:\windows\System32\drivers\btwampfl.sys [2013-2-14 594472]

R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2013-2-14 39976]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\windows\System32\drivers\e1k62x64.sys [2011-7-20 342704]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-10-12 56344]

R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-26 158976]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-6-24 25928]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]

R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2010-9-14 760168]

R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2010-9-14 268648]

R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2010-9-14 25960]

R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2010-9-14 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-10-12 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-6-18 39832]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]

S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]

S3 cxbu0x64;OMNIKEY 3x21;C:\windows\System32\drivers\cxbu0x64.sys [2011-9-6 177920]

S3 lpasvc;Microsoft Policy Platform Local Authority;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2011-6-10 57344]

S3 lppsvc;Microsoft Policy Platform Processor;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2011-6-10 57344]

S3 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-6-17 210784]

S3 MsDtsServer110;SQL Server Integration Services 11.0;C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [2011-6-14 201216]

S3 MSOLAP$DENALI;SQL Server Analysis Services (DENALI);C:\Program Files\Microsoft SQL Server\MSAS11.DENALI\OLAP\bin\msmdsrv.exe [2011-6-14 62665728]

S3 MSOLAP$DENALIX86;SQL Server Analysis Services (DENALIX86);C:\Program Files (x86)\Microsoft SQL Server\MSAS11.DENALIX86\OLAP\bin\msmdsrv.exe [2011-6-14 47510528]

S3 MSSQL$DENALI;SQL Server (DENALI);C:\Program Files\Microsoft SQL Server\MSSQL11.DENALI\MSSQL\Binn\sqlservr.exe [2011-6-14 217600]

S3 MSSQLFDLauncher$DENALI;SQL Full-text Filter Daemon Launcher (DENALI);C:\Program Files\Microsoft SQL Server\MSSQL11.DENALI\MSSQL\Binn\fdlauncher.exe [2011-6-14 34304]

S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]

S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-2-24 78336]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-2-24 181248]

S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-10-12 35008]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2011-9-7 20992]

S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-6-17 2180960]

S3 SIUSBXP;SIUSBXP;C:\windows\System32\drivers\SiUSBXp.sys [2011-2-9 16384]

S3 SQLAgent$DENALI;SQL Server Agent (DENALI);C:\Program Files\Microsoft SQL Server\MSSQL11.DENALI\MSSQL\Binn\SQLAGENT.EXE [2011-6-14 577536]

S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-5-10 836016]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-9-7 59392]

S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-10-27 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S4 CmRcService;Configuration Manager Remote Control;C:\Windows\CCM\RemCtrl\CmRcService.exe [2011-8-9 579440]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]

S4 RsFx0103;RsFx0103 Driver;C:\windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]

S4 RsFx0200;RsFx0200 Driver;C:\windows\System32\drivers\RsFx0200.sys [2011-6-14 326496]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 430424]

.

=============== Created Last 30 ================

.

2013-06-26 05:51:01 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C2066AAF-6ED7-4614-A0E7-EA492FD31328}\mpengine.dll

2013-06-24 22:06:28 -------- d-----w- C:\Users\TomCon\AppData\Roaming\Malwarebytes

2013-06-24 22:06:13 -------- d-----w- C:\ProgramData\Malwarebytes

2013-06-24 22:06:10 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-06-24 22:06:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-06-24 22:05:55 -------- d-----w- C:\Users\TomCon\AppData\Local\Programs

2013-06-24 19:56:36 -------- d-----w- C:\Users\TomCon\AppData\Local\CRE

2013-06-24 19:55:22 -------- d-----w- C:\Users\TomCon\AppData\Local\SwvUpdater

.

==================== Find3M  ====================

.

2013-06-11 18:59:47 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-11 18:59:47 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-05-18 04:12:03 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-18 04:11:57 866720 ----a-w- C:\windows\SysWow64\npdeployJava1.dll

2013-05-18 04:11:57 788896 ----a-w- C:\windows\SysWow64\deployJava1.dll

2013-05-02 15:29:56 278800 ------w- C:\windows\System32\MpSigStub.exe

.

============= FINISH: 10:31:35.99 ===============

 

 

[Interpretation of blocked web sites? What is going on?]

Thank you for the reply.  I am attaching the log files that were produced.

 

Please let me know if this helps develop a theory as to what is going on, or any additional steps you advise that i take to remove this attempt to contact this IP address.

 

Thanks!

Tom

 

attach.txt

dds.txt

CheckResults.txt

[Interpretation of blocked web sites? What is going on?]

Since installing and running Malwarebytes anti-malware, i have been getting frequent popups from my system tray, about a blocked web site.  Usually occurring several times an hour.  It gives an IP address, always the same one, says Type:outgoing, and process is chrome.exe.

 

Although i'm glad the site is being blocked, this makes me feel uneasy.  Does the fact that this keeps happening mean that some maleware is still left on my computer, that is able to initiate an attempt to connect to this IP address, and that even malware bytes has not detected and removed it?

 

If there is anything else i should do (besides worry) please let me know. Can i stop this attempt from being made, rather this simply just blocking it after the attempt to connect is made?

 

Or, at least if you can give me an overview explanation of what is likely going on, i'd be happy to hear it, just to satisfy my intellectual curiosity and to understand more for the future.

 

Thanks!

Tom