Jump to content

sstrehli

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. here is the eset file: C:\Qoobox\Quarantine\C\ProgramData\comfokf.dat.vir a variant of Win32/Kryptik.BBJK trojan cleaned by deleting - quarantined
  2. Ok. finally got the combofix to work here is copy of combofix.txt ComboFix 13-07-14.01 - work 07/14/2013 21:06:43.1.2 - x86 Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1014.250 [GMT -5:00] Running from: c:\users\work\Desktop\ComboFix.exe AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\comfokf.dat c:\users\work\Desktop\Setup.exe . . ((((((((((((((((((((((((( Files Created from 2013-06-15 to 2013-07-15 ))))))))))))))))))))))))))))))) . . 2013-07-15 02:28 . 2013-07-15 02:29 -------- d-----w- c:\users\work\AppData\Local\temp 2013-07-15 02:28 . 2013-07-15 02:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-14 10:58 . 2013-07-14 10:58 -------- d-----w- c:\windows\ERUNT 2013-07-14 10:33 . 2013-07-14 10:57 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-07-14 10:28 . 2013-07-14 10:28 -------- d-----w- c:\program files\ERUNT 2013-07-14 08:58 . 2013-07-14 08:58 -------- d-----w- c:\users\work\AppData\Roaming\Malwarebytes 2013-07-14 08:57 . 2013-07-14 08:57 -------- d-----w- c:\programdata\Malwarebytes 2013-07-14 08:57 . 2013-07-14 08:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-14 08:57 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-14 08:57 . 2013-07-14 08:57 -------- d-----w- c:\users\work\AppData\Local\Programs 2013-07-13 04:26 . 2013-07-13 04:26 -------- d-----w- c:\users\work\AppData\Local\Opera Software 2013-07-13 04:26 . 2013-07-13 04:26 -------- d-----w- c:\users\work\AppData\Roaming\Opera Software 2013-07-13 04:26 . 2013-07-13 04:26 -------- d-----w- c:\program files\Opera 2013-07-13 04:23 . 2013-07-13 04:23 -------- d-----w- c:\program files\Mozilla Maintenance Service 2013-07-12 08:55 . 2013-07-12 08:55 -------- d-----w- c:\programdata\McAfee Security Scan 2013-07-12 08:54 . 2013-07-13 13:00 -------- d-----w- c:\program files\McAfee Security Scan 2013-07-12 08:54 . 2013-07-13 05:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-07-12 08:54 . 2013-07-13 05:07 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-12 08:00 . 2013-07-12 08:00 -------- d-----w- c:\windows\system32\Adobe 2013-07-12 07:44 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-12 07:44 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-12 07:44 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-12 07:44 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-12 07:40 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-07-12 07:26 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-12 07:26 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-12 07:26 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-06-22 19:42 . 2013-06-22 19:42 -------- d-----w- c:\users\work\AppData\Roaming\{90140011-0061-0409-0000-0000000FF1CE} 2013-06-22 19:41 . 2013-06-22 19:41 -------- d-----w- c:\programdata\Virtualized Applications 2013-06-22 19:19 . 2013-06-30 15:49 -------- d-----w- c:\users\work\AppData\Roaming\FileZilla . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-21 04:14 . 2013-05-27 17:04 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2013-05-23 05:25 . 2013-06-11 19:14 934488 ----a-w- c:\windows\system32\drivers\N360\1404000.028\symefa.sys 2013-05-21 05:02 . 2013-06-11 19:14 367704 ----a-w- c:\windows\system32\drivers\N360\1404000.028\symds.sys 2013-05-17 08:33 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-16 05:02 . 2013-06-11 19:14 603224 ----a-w- c:\windows\system32\drivers\N360\1404000.028\srtsp.sys 2013-05-13 06:19 . 2013-05-25 14:39 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{713CA1BA-E2A8-4E8D-BA7F-F6C171C9869C}\mpengine.dll 2013-05-13 04:45 . 2013-06-11 19:37 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45 . 2013-06-11 19:37 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45 . 2013-06-11 19:37 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08 . 2013-06-11 19:37 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-11 19:37 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-10 03:20 . 2013-06-11 19:38 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-08 05:38 . 2013-06-11 19:37 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-06 05:06 . 2013-06-11 19:37 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-06 05:06 . 2013-06-11 19:37 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-02 07:06 . 2010-01-29 23:13 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-26 04:55 . 2013-06-11 19:38 492544 ----a-w- c:\windows\system32\win32spl.dll 2013-04-25 23:30 . 2013-06-11 19:38 1505280 ----a-w- c:\windows\system32\d3d11.dll 2013-04-25 00:43 . 2013-06-11 19:14 339544 ----a-w- c:\windows\system32\drivers\N360\1404000.028\symnets.sys 2013-04-17 07:02 . 2013-06-11 19:38 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-04-16 02:41 . 2013-06-11 19:14 134744 ----a-w- c:\windows\system32\drivers\N360\1404000.028\ccsetx86.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE" [2012-02-27 249440] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE" [2012-02-27 249440] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-30 1529128] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-17 7547424] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4562944] "WSED"="c:\program files\WSED\WSED.exe" [2009-05-27 247080] "BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2009-07-22 623984] "CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-06-09 320880] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-22 280576] . c:\users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2010-01-27 03:56 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall] "DisableMonitoring"=dword:00000001 . R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480] S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 13680] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1404000.028\SYMDS.SYS [2013-05-21 367704] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1404000.028\SYMEFA.SYS [2013-05-23 934488] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130702.001\BHDrvx86.sys [2013-05-31 1002072] S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\1404000.028\ccSetx86.sys [2013-04-16 134744] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130712.001\IDSvix86.sys [2013-07-11 386720] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1404000.028\Ironx86.SYS [2013-03-05 175264] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\1404000.028\SYMNETS.SYS [2013-04-25 339544] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [2012-02-27 142432] S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2011-12-12 122000] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 N360;Norton 360;c:\program files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [2013-05-21 144368] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-03-12 143840] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-07-12 106656] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-04 19:56 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12 05:07] . 2013-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 03:32] . 2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 03:32] . 2013-07-15 c:\windows\Tasks\HP Photo Creations Communicator.job - c:\programdata\HP Photo Creations\Communicator.exe [2011-06-07 09:11] . . ------- Supplementary Scan ------- . TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\work\AppData\Roaming\Mozilla\Firefox\Profiles\8asvwsji.default\ FF - ExtSQL: 2013-07-12 04:10; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\IPSFFPlgn FF - ExtSQL: 2013-07-12 23:16; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKCU-Run-comfokf - c:\programdata\comfokf.dat AddRemove-PDF Creator - c:\program files\PDF Creator\PrinterSetup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,d6,cd,9a,9c,3e,82,45,87,b7,da,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f0,d6,cd,9a,9c,3e,82,45,87,b7,da,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-07-14 21:35:09 ComboFix-quarantined-files.txt 2013-07-15 02:35 . Pre-Run: 119,165,480,960 bytes free Post-Run: 119,071,653,888 bytes free . - - End Of File - - 542975D9FC009DC49B8D6EDD805215F5 A36C5E4F47E84449FF07ED3517B43A31
  3. Borislav, Attached are the 2 files (DDS and Attach) Scott DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16635 Run by work at 11:59:44 on 2013-07-14 . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Dell\DellDock\DockLogin.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe C:\Windows\system32\EscSvc.exe C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\WSED\WSED.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Battery Meter\BTMeter.exe C:\Program Files\CapsLKNotify\CapsLKNotify.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\spool\drivers\w32x86\3\E_TATIIVE.EXE C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\MsSpellCheckingFacility.exe C:\Program Files\Norton 360\Engine\20.4.0.40\uistub.exe C:\Program Files\Norton 360\Engine\20.4.0.40\uistub.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted . ============== Pseudo HJT Report =============== . BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.4.0.40\ips\ipsbho.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [EPLTarget\P0000000000000001] c:\windows\system32\spool\drivers\w32x86\3\e_tatiive.exe /ept "epltarget\P0000000000000001" /M "WF-2530 Series" uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatiive.exe /ept "epltarget\P0000000000000000" /M "WF-2530 Series" uRun: [comfokf] regsvr32.exe /s "c:\programdata\comfokf.dat" mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe mRun: [WSED] c:\program files\wsed\WSED.exe mRun: [bTMeter] c:\program files\battery meter\BTMeter.exe mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll TCP: NameServer = 192.168.1.254 TCP: Interfaces\{8898E1B4-4A6F-405D-B9F4-D41598A6317B} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{8898E1B4-4A6F-405D-B9F4-D41598A6317B}\030303734303344423645423 : DHCPNameServer = 192.168.11.1 TCP: Interfaces\{8898E1B4-4A6F-405D-B9F4-D41598A6317B}\46C696E6B6D263434434 : DHCPNameServer = 192.168.0.50 TCP: Interfaces\{8898E1B4-4A6F-405D-B9F4-D41598A6317B}\46C696E6B6D2C6966796E676 : DHCPNameServer = 192.168.0.50 TCP: Interfaces\{8898E1B4-4A6F-405D-B9F4-D41598A6317B}\E45445745414258393 : DHCPNameServer = 10.0.0.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.71\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\users\work\appdata\roaming\mozilla\firefox\profiles\8asvwsji.default\ FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\programdata\visan\plugins\npRLSecurePluginLayer.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll FF - ExtSQL: 2013-07-12 04:10; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.1.22\IPSFFPlgn FF - ExtSQL: 2013-07-12 23:16; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.1.22\coFFPlgn . ============= SERVICES / DRIVERS =============== . R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 R? BBSvc;Bing Bar Update Service R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? McComponentHostService;McAfee Security Scan Component Host Service R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader R? TsUsbFlt;TsUsbFlt R? WSDScan;WSD Scan Support via UMB S? AERTFilters;Andrea RT Filters Service S? BHDrvx86;BHDrvx86 S? ccSet_N360;Norton 360 Settings Manager S? CtClsFlt;Creative Camera Class Upper Filter Driver S? cvhsvc;Client Virtualization Handler S? DockLoginService;Dock Login Service S? EMSC;COMPAL Embedded System Control S? EPSON_PM_RPCV4_05;EPSON V3 Service4(05) S? EpsonScanSvc;Epson Scanner Service S? EraserUtilRebootDrv;EraserUtilRebootDrv S? IDSVix86;IDSVix86 S? MBAMProtector;MBAMProtector S? MBAMScheduler;MBAMScheduler S? MBAMService;MBAMService S? N360;Norton 360 S? RTL8167;Realtek 8167 NT Driver S? Sftfs;Sftfs S? sftlist;Application Virtualization Client S? Sftplay;Sftplay S? Sftredir;Sftredir S? Sftvol;Sftvol S? sftvsa;Application Virtualization Service Agent S? SymDS;Symantec Data Store S? SymEFA;Symantec Extended File Attributes S? SymIRON;Symantec Iron Driver S? SymNetS;Symantec Network Security WFP Driver . =============== File Associations =============== . ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1" . =============== Created Last 30 ================ . 2013-07-14 10:58:39 -------- d-----w- c:\windows\ERUNT 2013-07-14 10:33:07 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-07-14 08:58:11 -------- d-----w- c:\users\work\appdata\roaming\Malwarebytes 2013-07-14 08:57:56 -------- d-----w- c:\programdata\Malwarebytes 2013-07-14 08:57:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-14 08:57:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-14 08:57:29 -------- d-----w- c:\users\work\appdata\local\Programs 2013-07-13 04:26:43 -------- d-----w- c:\users\work\appdata\local\Opera Software 2013-07-13 04:26:42 -------- d-----w- c:\users\work\appdata\roaming\Opera Software 2013-07-12 08:55:23 -------- d-----w- c:\programdata\McAfee Security Scan 2013-07-12 08:54:56 -------- d-----w- c:\program files\McAfee Security Scan 2013-07-12 08:54:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-07-12 08:54:34 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-12 08:00:13 -------- d-----w- c:\windows\system32\Adobe 2013-07-12 07:44:34 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-12 07:44:31 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll 2013-07-12 07:44:28 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-12 07:44:08 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-12 07:40:12 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-07-12 07:26:48 680960 ----a-w- c:\program files\windows defender\MpSvc.dll 2013-07-12 07:26:47 392704 ----a-w- c:\program files\windows defender\MpClient.dll 2013-07-12 07:26:47 224768 ----a-w- c:\program files\windows defender\MpCommu.dll 2013-07-05 09:39:03 187456 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2013-06-22 19:42:16 -------- d-----w- c:\users\work\appdata\roaming\{90140011-0061-0409-0000-0000000FF1CE} 2013-06-22 19:41:05 -------- d-----w- c:\programdata\Virtualized Applications . ==================== Find3M ==================== . 2013-07-14 11:21:09 195072 ----a-w- c:\programdata\comfokf.dat 2013-06-21 04:14:33 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2013-06-11 23:43:37 1767936 ----a-w- c:\windows\system32\wininet.dll 2013-06-11 23:43:00 2877440 ----a-w- c:\windows\system32\jscript9.dll 2013-06-11 23:42:58 61440 ----a-w- c:\windows\system32\iesetup.dll 2013-06-11 23:42:58 109056 ----a-w- c:\windows\system32\iesysprep.dll 2013-06-11 22:51:45 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-06-07 02:37:52 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-23 05:25:28 934488 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symefa.sys 2013-05-21 05:02:00 367704 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symds.sys 2013-05-16 05:02:14 603224 ----a-w- c:\windows\system32\drivers\n360\1404000.028\srtsp.sys 2013-05-13 04:45:55 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08:10 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-10 03:20:54 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-08 05:38:00 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-06 05:06:47 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-06 05:06:47 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-02 07:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-26 04:55:21 492544 ----a-w- c:\windows\system32\win32spl.dll 2013-04-25 23:30:32 1505280 ----a-w- c:\windows\system32\d3d11.dll 2013-04-25 00:43:56 339544 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symnets.sys 2013-04-17 07:02:06 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-04-16 02:41:14 134744 ----a-w- c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys . ============= FINISH: 12:12:02.20 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Starter Boot Device: \Device\HarddiskVolume2 Install Date: 1/29/2010 4:56:31 PM System Uptime: 7/14/2013 11:22:44 AM (1 hours ago) . Motherboard: Dell Inc. | | CN0Y53 Processor: Intel® Atom CPU N270 @ 1.60GHz | U1 | 1600/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 141 GiB total, 110.35 GiB free. . ==== Disabled Device Manager Items ============= . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.7) Advanced Audio FX Engine Battery Meter Bing Bar CapsLKNotify Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system D3DX10 Dell Dock Dell Edoc Viewer Dell Support Center (Support Software) Dell Webcam Central Dell Wireless WLAN Card Utility DGOControls Download Navigator EMSC EPSON Printer Finder EPSON Scan EPSON WF-2530 Series Printer Uninstall ERUNT 1.1j Extreme Picture Finder 3.11 Full Tilt Poker Function Keys Google Chrome Google Update Helper GoToAssist 8.0.0.514 Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540) Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) HP Officejet Pro 8500 A910 Basic Device Software HP Officejet Pro 8500 A910 Help HP Photo Creations Intel® Graphics Media Accelerator Driver Iphoto 1.88 Java 6 Update 14 Junk Mail filter update Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.75.0.1300 McAfee Security Scan Plus Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office Click-to-Run 2010 Microsoft Office Home and Student 2010 - English Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Silverlight Microsoft SQL Server 2008 Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Management Studio Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 Policies Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 SP1 English Microsoft SQL Server Compact 3.5 SP1 Query Tools English Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio 2008 Shell (integrated mode) - ENU Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft Works Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MySQL Server 5.1 NETGEAR Live Parental Controls User Utility 1.0b40 Norton 360 Nvu 1.0PR OGA Notifier 2.0.0048.0 Opera Stable 15.0.1147.141 PDF Creator (Remove Only) Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Synaptics Pointing Device Driver TWC Customer Controls Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WSED . ==== End Of File ===========================
  4. Hello, Thanks in advance for helping. Computer has virus which redirects search results to googleads page. I have run several different antivirus/malware programs with no help. One Trojan found and removed by Norton. Malwarebytes could not find any. Malwarebytes anti-rootkit showed no issues, junkware removal had not issues, Adwcleaner had no issues. Unable to get to ESET online scanner. get redirected to googleads page. I have run hijackthis afte doing the above. Here are results: Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 11:26:41 AM, on 7/14/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16635) FIREFOX: 22.0 (en-US) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\work\Downloads\HijackThis.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\spool\drivers\w32x86\3\E_TATIIVE.EXE C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe C:\Program Files\Dell Support Center\gs_agent\dsc.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe O4 - HKLM\..\Run: [WSED] C:\Program Files\WSED\WSED.exe O4 - HKLM\..\Run: [bTMeter] C:\Program Files\Battery Meter\BTMeter.exe O4 - HKLM\..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-2530 Series" O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2530 Series" O4 - HKCU\..\Run: [comfokf] regsvr32.exe /s "C:\ProgramData\comfokf.dat" O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: Epson Scanner Service (EpsonScanSvc) - Seiko Epson Corporation - C:\Windows\system32\EscSvc.exe O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- End of file - 8820 bytes Thanks again in advance. Scott
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.