Jump to content

oddball50

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by oddball50

  1. Deity, I have done all that you have advised to do. I will be doing a clean install on this device. I have also contacted my financial institution and taken care of any potential issues. Thank you for your advice.
  2. Maniac, ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.9.4 (05.06.2013:1)OS: Windows Vista Home Premium x64Ran by Steve on Mon 07/01/2013 at 16:29:32.07~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylonSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitFailed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngrFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngrFailed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrustSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrustSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopesSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegongSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbarSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exeSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.capFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngrSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3208939Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3282134Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EFC1EB01-8D51-4280-8B3C-061E430F0771}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon"Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"Successfully deleted: [Folder] "C:\ProgramData\sparktrust"Successfully deleted: [Folder] "C:\ProgramData\tarma installer"Successfully deleted: [Folder] "C:\Users\Steve\AppData\Roaming\babylon"Successfully deleted: [Folder] "C:\Users\Steve\AppData\Roaming\drivercure"Successfully deleted: [Folder] "C:\Users\Steve\AppData\Roaming\performersoft"Successfully deleted: [Folder] "C:\Users\Steve\AppData\Roaming\sparktrust"Successfully deleted: [Folder] "C:\Users\Steve\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\Steve\appdata\local\wajam"Successfully deleted: [Folder] "C:\Users\Steve\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Users\Steve\appdata\locallow\pricegong"Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"Successfully deleted: [Folder] "C:\Program Files (x86)\funwebproducts" ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 07/01/2013 at 16:33:05.17End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.303 - Logfile created 07/01/2013 at 16:43:01# Updated 08/06/2013 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)# User : Steve - FAMILY# Boot Mode : Normal# Running from : F:\New Folder (2)\AdwCleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\ProgramData\APNDeleted on reboot : C:\Users\Cindy\AppData\Roaming\SearchProtectFile Deleted : C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\bProtector Web DataFile Deleted : C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferencesFile Deleted : C:\Users\Steve\AppData\Local\Temp\Uninstall.exe ***** [Registry] ***** Key Deleted : HKCU\Software\DataMngrKey Deleted : HKCU\Software\DataMngr_ToolbarKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKCU\Software\5e68cd9e169ea15Key Deleted : HKLM\Software\AVG Secure SearchKey Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\Software\DataMngrKey Deleted : HKLM\Software\InstallIQKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}Key Deleted : HKLM\SOFTWARE\Wow6432Node\5e68cd9e169ea15Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\DataMngrKey Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Deleted : HKLM\SOFTWARE\SoftwareKey Deleted : HKLM\SOFTWARE\Tarma InstallerKey Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16483 [OK] Registry is clean. ************************* AdwCleaner[s1].txt - [3150 octets] - [01/07/2013 16:43:01] ########## EOF - C:\AdwCleaner[s1].txt - [3210 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.07.01.08 Windows Vista Service Pack 2 x64 NTFSInternet Explorer 9.0.8112.16421Steve :: FAMILY [administrator] 7/1/2013 5:03:24 PMmbam-log-2013-07-01 (17-03-24).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 252764Time elapsed: 4 minute(s), 6 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Users\Steve\AppData\Local\Temp\kwmqvto (Trojan.FakeMS) -> Quarantined and deleted successfully. (end) RogueKiller V8.6.1 [Jun 29 2013] by Tigzymail : tigzyRK<at>gmail<dot>comBlog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits versionStarted in : Normal modeUser : Steve [Admin rights]Mode : Scan -- Date : 07/01/2013 17:19:14| ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤[sUSP PATH] CNYHKey.exe -- C:\Windows\CNYHKey.exe [-] -> KILLED [TermProc][sUSP PATH] ModLEDKey.exe -- C:\Windows\ModLedKey.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 10 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\RunOnce : Del199650 (cmd.exe /Q /D /c del "C:\Users\Steve\AppData\Local\Temp\0.del" [x][x]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-2199929165-2377592928-4096012924-1006\[...]\RunOnce : Del199650 (cmd.exe /Q /D /c del "C:\Users\Steve\AppData\Local\Temp\0.del" [x][x]) -> FOUND[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Del199650 (cmd.exe /Q /D /c del "C:\Users\Steve\AppData\Local\Temp\0.del" [x][x]) -> FOUND[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-2199929165-2377592928-4096012924-1006\$2c0108acc6896194c4b80317493fe766\n. [x]) -> FOUND ¤¤¤ Scheduled tasks : 6 ¤¤¤[V1][sUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND[V1][sUSP PATH] DSite.job : C:\Users\Steve\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND[V2][ROGUE ST] 4700 : wscript.exe - C:\Users\Steve\AppData\Local\Temp\launchie.vbs //B -> FOUND[V2][sUSP PATH] DSite : C:\Users\Steve\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND[V2][sUSP PATH] MHotkey : %SystemRoot%\MHotKey.exe [x] -> FOUND[V2][sUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_32\Desktop.ini [-] --> FOUND[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> FOUND ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDT721064SLA360 +++++--- User ---[MBR] 42de1117ed7fefa0c4748ff19c90e4ed[bSP] 5a5417cbb07fa3729285c7eb0b7e9728 : Windows Vista MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 597166 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_07012013_171914.txt >> DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.25.2Run by Steve at 17:24:01 on 2013-07-01Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2523 [GMT -4:00].SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\LSI SoftModem\agr64svc.exeC:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXEC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Windows\System32\WUDFHost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\PixArt\Pac207\Monitor.exeC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Windows\ehome\ehtray.exeC:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeC:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exeC:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\ehome\ehmsas.exeC:\Windows\ehome\ehsched.exeC:\Windows\ehome\ehRecvr.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [ehTray.exe] C:\Windows\ehome\ehTray.exeuRunOnce: [Del199650] cmd.exe /Q /D /c del "C:\Users\Steve\AppData\Local\Temp\0.del"uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activexmRun: [LchDrvKey] LchDrvKey.exemRun: [LedKey] CNYHKey.exemRun: [Gateway Photo Frame] "C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -AmRun: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRunOnce: [Del199650] cmd.exe /Q /D /c del "C:\Users\Steve\AppData\Local\Temp\0.del"StartupFolder: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTR~1.LNK - C:\Program Files (x86)\PrintMaster Platinum 17\Remind.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NKBMON~1.LNK - C:\Program Files (x86)\Nikon\PictureProject\NkbMonitor.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STUPAS~1.LNK - C:\Program Files (x86)\Common Files\Nikon\Utilities\StupAssist.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 192.168.0.1TCP: Interfaces\{05C36F77-5820-4CEB-85EA-776B4C526868} : DHCPNameServer = 192.168.0.1TCP: Interfaces\{69C8657C-8380-49AC-9968-AEACC2850F5D} : DHCPNameServer = 192.168.1.1 64.233.217.2 64.233.217.3Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hidex64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exex64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exex64-Run: [CanonSolutionMenu] "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logonx64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exex64-mPolicies-Explorer: NoActiveDesktop = dword:1x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0x64-mPolicies-System: EnableUIADesktopToggle = dword:0x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Notify: igfxcui - igfxdev.dll.============= SERVICES / DRIVERS ===============.R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-29 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-29 701512]R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2013-7-1 36864]R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-4-2 306304]R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-4-2 126464]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-29 25928]R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192cu.sys [2013-7-1 716392]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]S3 PAC207;SoC PC-Camera;C:\Windows\System32\drivers\PFC027.SYS [2006-12-5 572416]S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920].=============== File Associations ===============.FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*.=============== Created Last 30 ================..==================== Find3M ====================.2013-06-23 02:20:51 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-06-23 02:20:50 263592 ----a-w- C:\Windows\SysWow64\javaws.exe2013-06-23 02:20:50 175016 ----a-w- C:\Windows\SysWow64\javaw.exe2013-06-23 02:20:50 175016 ----a-w- C:\Windows\SysWow64\java.exe2013-06-23 02:20:49 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-06-23 02:20:49 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-05-16 07:09:11 75016696 ----a-w- C:\Windows\System32\mrt.exe2013-05-05 21:36:54 17818624 ----a-w- C:\Windows\System32\mshtml.dll2013-05-05 21:16:13 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-05-05 19:25:43 12324864 ----a-w- C:\Windows\SysWow64\mshtml.dll2013-05-05 19:12:55 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-04-15 14:17:12 901496 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-04-13 03:34:30 47104 ----a-w- C:\Windows\System32\cdd.dll2013-04-09 01:55:57 2774016 ----a-w- C:\Windows\System32\win32k.sys2013-04-05 01:19:09 10926080 ----a-w- C:\Windows\System32\ieframe.dll2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-04-05 01:01:06 1346560 ----a-w- C:\Windows\System32\urlmon.dll2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-04-05 00:58:59 237056 ----a-w- C:\Windows\System32\url.dll2013-04-05 00:57:27 85504 ----a-w- C:\Windows\System32\jsproxy.dll2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-04-05 00:55:57 816640 ----a-w- C:\Windows\System32\jscript.dll2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-04-05 00:54:50 729088 ----a-w- C:\Windows\System32\msfeeds.dll2013-04-05 00:54:25 2147840 ----a-w- C:\Windows\System32\iertutil.dll2013-04-05 00:51:52 96768 ----a-w- C:\Windows\System32\mshtmled.dll2013-04-05 00:46:50 248320 ----a-w- C:\Windows\System32\ieui.dll2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-04-04 22:09:30 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-04-04 22:02:58 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-04-04 22:01:35 231936 ----a-w- C:\Windows\SysWow64\url.dll2013-04-04 21:59:49 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-04-04 21:58:24 717824 ----a-w- C:\Windows\SysWow64\jscript.dll2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-04-04 21:56:41 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll2013-04-04 21:55:19 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll2013-04-04 21:54:42 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll2013-04-04 21:50:34 176640 ----a-w- C:\Windows\SysWow64\ieui.dll2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys.============= FINISH: 17:24:23.78 ===============
  3. Maniac, Thank you in advance for your expertise. Here are the logs as requested: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.25.2Run by Steve at 12:44:50 on 2013-07-01Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2592 [GMT -4:00].SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\LSI SoftModem\agr64svc.exeC:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exeC:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXEC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Windows\System32\WUDFHost.exeC:\Windows\system32\SearchProtocolHost.exe\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\PixArt\Pac207\Monitor.exeC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Windows\ehome\ehtray.exeC:\Users\Steve\AppData\Roaming\SearchProtect\bin\cltmng.exeC:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeC:\Windows\CNYHKey.exeC:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exeC:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\system32\taskeng.exeC:\Windows\ModLedKey.exeC:\Windows\ehome\ehmsas.exeC:\Windows\system32\taskeng.exeC:\Windows\ehome\ehsched.exeC:\Windows\system32\taskeng.exeC:\Windows\ehome\ehRecvr.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: WiseConvert B Toolbar: {2713b394-286f-4d7c-89ea-4174eeab9f5a} - C:\Program Files (x86)\WiseConvert_B\prxtbWis0.dllmURLSearchHooks: WiseConvert 2.2 Toolbar: {b81767e1-672d-4da1-b5cc-d277185815a6} - C:\Program Files (x86)\WiseConvert_2.2\prxtbWis0.dllmURLSearchHooks: WiseConvert B Toolbar: {2713b394-286f-4d7c-89ea-4174eeab9f5a} - C:\Program Files (x86)\WiseConvert_B\prxtbWis0.dllmWinlogon: Userinit = userinit.exe,BHO: WiseConvert B Toolbar: {2713b394-286f-4d7c-89ea-4174eeab9f5a} - C:\Program Files (x86)\WiseConvert_B\prxtbWis0.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: WiseConvert B Toolbar: {2713B394-286F-4D7C-89EA-4174EEAB9F5A} - C:\Program Files (x86)\WiseConvert_B\prxtbWis0.dllTB: WiseConvert 2.2 Toolbar: {b81767e1-672d-4da1-b5cc-d277185815a6} - C:\Program Files (x86)\WiseConvert_2.2\prxtbWis0.dllTB: WiseConvert B Toolbar: {2713b394-286f-4d7c-89ea-4174eeab9f5a} - C:\Program Files (x86)\WiseConvert_B\prxtbWis0.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [ehTray.exe] C:\Windows\ehome\ehTray.exeuRun: [searchProtect] C:\Users\Steve\AppData\Roaming\SearchProtect\bin\cltmng.exemRun: [LchDrvKey] LchDrvKey.exemRun: [LedKey] CNYHKey.exemRun: [Gateway Photo Frame] "C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -AmRun: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"mRun: [searchProtectAll] "C:\Program Files (x86)\SearchProtect\bin\cltmng.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTR~1.LNK - C:\Program Files (x86)\PrintMaster Platinum 17\Remind.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NKBMON~1.LNK - C:\Program Files (x86)\Nikon\PictureProject\NkbMonitor.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STUPAS~1.LNK - C:\Program Files (x86)\Common Files\Nikon\Utilities\StupAssist.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 192.168.1.1 64.233.217.2 64.233.217.3TCP: Interfaces\{69C8657C-8380-49AC-9968-AEACC2850F5D} : DHCPNameServer = 192.168.1.1 64.233.217.2 64.233.217.3Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hidex64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exex64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exex64-Run: [CanonSolutionMenu] "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logonx64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exex64-mPolicies-Explorer: NoActiveDesktop = dword:1x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0x64-mPolicies-System: EnableUIADesktopToggle = dword:0x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Notify: igfxcui - igfxdev.dll.============= SERVICES / DRIVERS ===============.R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-3-6 93984]R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-29 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-29 701512]R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-4-2 306304]R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-4-2 126464]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-29 25928]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]S3 PAC207;SoC PC-Camera;C:\Windows\System32\drivers\PFC027.SYS [2006-12-5 572416]S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920].=============== File Associations ===============.FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*.=============== Created Last 30 ================..==================== Find3M ====================.2013-06-23 02:20:51 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-06-23 02:20:50 263592 ----a-w- C:\Windows\SysWow64\javaws.exe2013-06-23 02:20:50 175016 ----a-w- C:\Windows\SysWow64\javaw.exe2013-06-23 02:20:50 175016 ----a-w- C:\Windows\SysWow64\java.exe2013-06-23 02:20:49 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-06-23 02:20:49 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-05-16 07:09:11 75016696 ----a-w- C:\Windows\System32\mrt.exe2013-05-05 21:36:54 17818624 ----a-w- C:\Windows\System32\mshtml.dll2013-05-05 21:16:13 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-05-05 19:25:43 12324864 ----a-w- C:\Windows\SysWow64\mshtml.dll2013-05-05 19:12:55 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-04-15 14:17:12 901496 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-04-13 03:34:30 47104 ----a-w- C:\Windows\System32\cdd.dll2013-04-09 01:55:57 2774016 ----a-w- C:\Windows\System32\win32k.sys2013-04-05 01:19:09 10926080 ----a-w- C:\Windows\System32\ieframe.dll2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-04-05 01:01:06 1346560 ----a-w- C:\Windows\System32\urlmon.dll2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-04-05 00:58:59 237056 ----a-w- C:\Windows\System32\url.dll2013-04-05 00:57:27 85504 ----a-w- C:\Windows\System32\jsproxy.dll2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-04-05 00:55:57 816640 ----a-w- C:\Windows\System32\jscript.dll2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-04-05 00:54:50 729088 ----a-w- C:\Windows\System32\msfeeds.dll2013-04-05 00:54:25 2147840 ----a-w- C:\Windows\System32\iertutil.dll2013-04-05 00:51:52 96768 ----a-w- C:\Windows\System32\mshtmled.dll2013-04-05 00:46:50 248320 ----a-w- C:\Windows\System32\ieui.dll2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-04-04 22:09:30 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-04-04 22:02:58 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-04-04 22:01:35 231936 ----a-w- C:\Windows\SysWow64\url.dll2013-04-04 21:59:49 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-04-04 21:58:24 717824 ----a-w- C:\Windows\SysWow64\jscript.dll2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-04-04 21:56:41 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll2013-04-04 21:55:19 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll2013-04-04 21:54:42 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll2013-04-04 21:50:34 176640 ----a-w- C:\Windows\SysWow64\ieui.dll2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys.============= FINISH: 12:45:18.05 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2Install Date: 10/11/2006 3:32:41 AMSystem Uptime: 7/1/2013 12:40:11 PM (0 hours ago).Motherboard: Gateway | | WG43MProcessor: Intel® Core2 Quad CPU Q8200 @ 2.33GHz | CPU 1 | 2003/333mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 583 GiB total, 437.776 GiB free.D: is CDROM (UDF)E: is RemovableF: is RemovableI: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================..==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)3D Ultra Lionel® TrainTown7-Zip 9.21Acrobat.comAdobe AIRAdobe Flash Player 11 ActiveX 64-bitAdobe Reader 9.3.4Agere Systems PCI-SV92EX Soft ModemApple Application SupportApple Software UpdateCall of Duty® 4 - Modern Warfare 1.7 PatchCanon MP Navigator EX 2.0Canon MP240 series MP DriversCanon MP240 series User RegistrationCanon Utilities Easy-PhotoPrint EXCanon Utilities My PrinterCanon Utilities Solution MenuCardRecovery 6.00CardRecoveryPro 2.1.5Choice GuardCompatibility Pack for the 2007 Office systemCoupon Printer for WindowsCyberLink Power2GoEASEUS Data Recovery Wizard Free Edition 5.5.1Gateway Photo Frame 4.2.2.7Gateway Recovery ManagementGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Inkjet Printer/Scanner Extended Survey ProgramIntel® Graphics Media Accelerator DriverIntel® Matrix Storage ManagerInterActual PlayerJava 7 Update 25Java Auto UpdaterJumpStart Preschool v2.0Junk Mail filter updateKB0817 Keyboard DriverMacromedia Shockwave PlayerMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2698023)Microsoft .NET Framework 1.1 Security Update (KB2742597)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Money EssentialsMicrosoft Money Shared LibrariesMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office Home and Student 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Suite Activation AssistantMicrosoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Web Publishing Wizard 1.52Microsoft WorksMonster JamMove Networks Media Player for Internet ExplorerMSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NetZero For RiverdeepNikon Message CenterPictureProjectPlayReady PC runtimePrintMaster Platinum 17QuickBooks Pro 2006QuickTimeRealtek High Definition Audio DriverSearch Protect by conduitSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Shutterfly Express UploaderSkype™ 6.1Spelling Dictionaries Support For Adobe Reader 9System Requirements LabTransporterUnity Web PlayerUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596802) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update Installer for WildTangent Games AppVisual Studio 2008 x64 RedistributablesVisual Studio 2010 x64 RedistributablesWildTangent GamesWildTangent Games App (Gateway Games)Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MailWindows Live MessengerWindows Live Photo GalleryWindows Live Sign-in AssistantWindows Live SyncWindows Live Upload ToolWindows Live WriterWinkflash TransporterWiseConvert 2.2 ToolbarWiseConvert B ToolbarYontoo 1.10.02.==== End Of File ===========================
  4. oracles, I ran MBAM and cleaned a heuristic sword.....I am still having issues. I can not load an AVP or any like programs and get them to turn on. Please tell me what to run and I will send you the logs. Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.