PradeepH

Hello Gringo, Sorry for delayed response. A legal matter came up which looks more dangerous than viruses, and has hijacked the priority and bandwidth! Hence a quick short note... I take it that the threats indicated by ESET are not importantMessed up again by running OTCLeanIt before Uninstall Combofix contrary to what you suggested. Hopet it's ok... since, when checked, there is no presence of any files/directories with name "ComboFix" anywhere after OTC.Noted down all reading material suggested by you, will read 100%, thanks.Please go ahead and close the thread as indicated by you if I get delayed... a trillion thanks for everything I got here from you... if thread is closed and otherwise, shall write to you separately as a "message" when get some breathing space. Thank you, PradeepH

Hello Gringo, Installed Adobe Reader with the link you gave above. Any setting instructions for ensuring protection?Ran HijackThis and "fixed" only the entries listed by you above. Shall look up others later.Ran Eset Online Scanner. It found two threats (log below). Of the two,CutePDF is something that I have been using. Whereas,while I downloaded WinZip, I do not think I have installed it.Eset Scan Log: F:\MyPacks\CutePDF\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D application F:\MyPacks\WinZip\WinZip175.exe a variant of Win32/OpenInstall application One Question: ControlPagen->"add/remove programs" shows 65 installed programs. Most of these I am not aware of using directly. Of these, MS Visual C++ 2008MS SQL Server 2005EvernoteWindows Live Essentials 2011MS .NET Framework 4 Client ProfileBing Barcame pre-installed (OEM) on my comp when I got it. While uninstalling something earlier, it said that this may affect the functioning of MS-Office (I use 2007). Some of these above have also attracted upgrades at a later date. Could you tell me which of these above are needed? Thanks;;

Hello Gringo, >> Thought I did >> quote >> Please download and install Revo Uninstaller Free My oversight & mistake. My apologies. Shall do the other things you have suggested above and get back. Thanks a ton for everything;

Hello Gringo, This time have a few things to report and ask (not just curiosity questions) ... Report/Ask: Uninstall some programs: I did the uninstallation using Revo. Question: what, now that Adobe Reader is removed, do I use to see PDF files?While downloading Revo Uninstaller Free from your link, the page gave me option of downloading the free version or a 30-day-trial full version. I was confused for a while and then settled for the default which was the free version. Wonder if it may help to specify in your instructions.Problem in running: While removing Adobe Reader, it gave me bolded options for removing registry keys. I selected what I saw but it could not remove it. So I exploded the entry and selected the bottommost entry, since it would not allow me to select multiple. It removed something and whole screen went empty. So I selected "back" to redo the search. It did not find anything new. So at the end, I am unsure if (a) all the needed registry entries were removed; (b) it did not find any folders to remove or that part just got skipped.CCleaner Download: gave option of downloading from 2 sites... was not sure which. Selected 1st one.Installation: This one did not give me option for the folder where to install (I normall do not install in C:). I missed the checkbox for Yahoo, hope it's ok (else pl tell me how to undo this - uninstall and reinstall)?Run: No problem.Mbam No problem, log belowHijackThis No problem, log belowSystem Status: No issues. RIght from start, while doing a "shutdown", it often shows me a screen saying some programs are not shut but there are no programs listed below (entries are empty). This behaviour has made me wonder if there are any hidden programs whose names cannot be seen. This behavious continues even today.Logs Below: Mbam Log: -------------- Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.06.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 hp :: PRADEEPMINI [administrator] 06-08-2013 11:14:32 mbam-log-2013-08-06 (11-14-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 240905 Time elapsed: 11 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) HijackThis Log ------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:30:36, on 06-08-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16496) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\IDT\WDM\sttray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Users\hp\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/26 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Canon LBP2900 Status Window.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE O4 - Global Startup: HP Media Suite.lnk = C:\Program Files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files\PictureMover\Bin\PictureMover.exe O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{F86FD599-61A6-436D-9206-AD37B9EA6764}: NameServer = 192.168.1.1,4.2.2.2 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - F:\MyPacks\skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - F:\MyPacks\skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe -- End of file - 9402 bytes

Hello Gringo, System Status: There were no "symptoms" before or now. Just want to make sure comp is clean. However I notice that earlier my web access sometimes used to take a long time, now it does not. Run Description: Went smoothly, without rebooting or asking to reboot. Rebooted all the same after the run. Log below: ComboFix 13-08-04.01 - hp 06-08-2013 4:30.3.4 - x86 Microsoft Windows 7 Starter 6.1.7601.1.1252.91.1033.18.2036.1332 [GMT 5.5:30] Running from: c:\users\hp\Desktop\ComboFix.exe Command switches used :: c:\users\hp\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-07-05 to 2013-08-05 ))))))))))))))))))))))))))))))) . . 2013-08-05 23:15 . 2013-08-05 23:15 -------- d-----w- c:\users\Hattu\AppData\Local\temp 2013-08-05 23:15 . 2013-08-05 23:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-05 04:37 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0AD3557-13C3-465F-8AAA-DB76C9C468AF}\mpengine.dll 2013-08-04 10:56 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-08-04 10:48 . 2013-08-05 23:15 -------- d-----w- c:\users\hp\AppData\Local\temp 2013-08-04 05:10 . 2013-08-04 05:10 -------- d-----w- c:\windows\ERUNT 2013-07-31 14:40 . 2013-07-31 14:40 -------- d-----w- c:\users\hp\AppData\Roaming\Malwarebytes 2013-07-31 14:38 . 2013-07-31 14:38 -------- d-----w- c:\programdata\Malwarebytes 2013-07-31 14:38 . 2013-04-04 09:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-31 14:34 . 2013-07-31 14:34 -------- d-----w- c:\users\hp\AppData\Local\Programs 2013-07-31 14:20 . 2013-07-31 14:20 -------- d-----w- c:\program files\Common Files\Java 2013-07-31 14:19 . 2013-07-31 14:19 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-18 12:23 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-18 12:23 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-18 12:23 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-07-18 12:23 . 2013-04-10 05:02 1077760 ----a-w- c:\windows\system32\DWrite.dll 2013-07-18 12:23 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-18 12:23 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-18 12:23 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-18 12:23 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-07-18 12:23 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-18 12:23 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-17 15:34 . 2013-07-17 13:07 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7C83853-86A1-4C91-8C1E-8EF7C02A2B6B}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-31 14:19 . 2013-01-23 02:40 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-31 14:19 . 2010-10-20 00:26 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-21 04:45 . 2011-04-04 02:55 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-05-20 07:22 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-13 04:45 . 2013-06-15 07:50 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45 . 2013-06-15 07:50 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45 . 2013-06-15 07:50 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08 . 2013-06-15 07:50 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-15 07:50 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-10 03:20 . 2013-06-15 07:50 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-08 05:38 . 2013-06-15 07:50 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-13 2299176] "IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696] "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-06-17 237568] "HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-08-24 584760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-05-20 536668] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-24 150552] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] . c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 840992] Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2011-2-21 50848] HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-2 91648] Snapfish PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe -det [2010-9-29 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 136176] R2 SkypeUpdate;Skype Updater;f:\mypacks\skype\Updater\Updater.exe [2013-02-28 161384] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-17 27136] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2011-06-23 302120] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-06-23 33832] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 136176] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-05-16 111280] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296] S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 18136] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2011-05-20 81920] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 210488] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536] S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-08-24 26680] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}] 2010-09-03 19:14 715840 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}] 2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-31 13:36 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 10:06] . 2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 10:06] . 2013-07-16 c:\windows\Tasks\HPCeeScheduleForhp.job - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . ------- Supplementary Scan ------- . TCP: Interfaces\{F86FD599-61A6-436D-9206-AD37B9EA6764}: NameServer = 192.168.1.1,4.2.2.2 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5996) c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll . Completion time: 2013-08-06 04:50:18 ComboFix-quarantined-files.txt 2013-08-05 23:20 ComboFix2.txt 2013-08-05 04:31 ComboFix3.txt 2013-08-04 10:48 . Pre-Run: 98,108,575,744 bytes free Post-Run: 98,059,313,152 bytes free . - - End Of File - - 9FE9BC75193AF2B042071DD55CC83398 2DC58DC44DB907D3C97B0E33F03AEF3E A Question: In previous run too you had put "ClearJavaCache"; why was it needed again? Thank you, what next?

Hello Gringo, System Status: There were no "symptoms" before or now. Just want to make sure comp is clean. Run info: This run ran without needing a reboot, it rebooted on its own, then it popped the log file, while the file was on display, to make sure that the file is available in C:, I clicked on Windows Explorer icon, and then immediately got the message "Illegal operation attempted on a registry key that has been marked for deletion". Then I shutdown the machine and rebooted. ComboFix log for this run with above CFScript.txt below: ComboFix 13-08-04.01 - hp 05-08-2013 9:36.2.4 - x86 Microsoft Windows 7 Starter 6.1.7601.1.1252.91.1033.18.2036.1196 [GMT 5.5:30] Running from: c:\users\hp\Desktop\ComboFix.exe Command switches used :: c:\users\hp\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_BHNPRR -------\Service_bhnprr . . ((((((((((((((((((((((((( Files Created from 2013-07-05 to 2013-08-05 ))))))))))))))))))))))))))))))) . . 2013-08-05 04:20 . 2013-08-05 04:20 -------- d-----w- c:\users\Hattu\AppData\Local\temp 2013-08-05 04:20 . 2013-08-05 04:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-05 03:54 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45578502-4741-495C-AD02-1864605E3A22}\mpengine.dll 2013-08-04 10:56 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-08-04 10:48 . 2013-08-05 04:23 -------- d-----w- c:\users\hp\AppData\Local\temp 2013-08-04 05:10 . 2013-08-04 05:10 -------- d-----w- c:\windows\ERUNT 2013-07-31 14:40 . 2013-07-31 14:40 -------- d-----w- c:\users\hp\AppData\Roaming\Malwarebytes 2013-07-31 14:38 . 2013-07-31 14:38 -------- d-----w- c:\programdata\Malwarebytes 2013-07-31 14:38 . 2013-04-04 09:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-31 14:34 . 2013-07-31 14:34 -------- d-----w- c:\users\hp\AppData\Local\Programs 2013-07-31 14:20 . 2013-07-31 14:20 -------- d-----w- c:\program files\Common Files\Java 2013-07-31 14:19 . 2013-07-31 14:19 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-18 12:23 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-18 12:23 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-18 12:23 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-07-18 12:23 . 2013-04-10 05:02 1077760 ----a-w- c:\windows\system32\DWrite.dll 2013-07-18 12:23 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-18 12:23 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-18 12:23 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-18 12:23 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-07-18 12:23 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-18 12:23 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-17 15:34 . 2013-07-17 13:07 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7C83853-86A1-4C91-8C1E-8EF7C02A2B6B}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-31 14:19 . 2013-01-23 02:40 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-31 14:19 . 2010-10-20 00:26 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-21 04:45 . 2011-04-04 02:55 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-05-20 07:22 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-13 04:45 . 2013-06-15 07:50 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45 . 2013-06-15 07:50 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45 . 2013-06-15 07:50 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08 . 2013-06-15 07:50 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-15 07:50 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-10 03:20 . 2013-06-15 07:50 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-08 05:38 . 2013-06-15 07:50 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-13 2299176] "IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696] "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-06-17 237568] "HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-08-24 584760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-05-20 536668] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-24 150552] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] . c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 840992] Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2011-2-21 50848] HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-2 91648] Snapfish PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe -det [2010-9-29 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 136176] R2 SkypeUpdate;Skype Updater;f:\mypacks\skype\Updater\Updater.exe [2013-02-28 161384] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-17 27136] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2011-06-23 302120] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-06-23 33832] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 136176] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-05-16 111280] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296] S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 18136] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2011-05-20 81920] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 210488] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536] S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-08-24 26680] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}] 2010-09-03 19:14 715840 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}] 2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-31 13:36 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 10:06] . 2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 10:06] . 2013-07-16 c:\windows\Tasks\HPCeeScheduleForhp.job - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . ------- Supplementary Scan ------- . TCP: Interfaces\{F86FD599-61A6-436D-9206-AD37B9EA6764}: NameServer = 192.168.1.1,4.2.2.2 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(392) c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll f:\mypacks\WinSCP\DragExt.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\IDT\WDM\STacSV.exe c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Microsoft\BingBar\SeaPort.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\taskhost.exe c:\windows\system32\CNAB4RPK.EXE c:\windows\system32\conhost.exe c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe . ************************************************************************** . Completion time: 2013-08-05 10:01:33 - machine was rebooted ComboFix-quarantined-files.txt 2013-08-05 04:31 ComboFix2.txt 2013-08-04 10:48 . Pre-Run: 99,071,954,944 bytes free Post-Run: 98,336,714,752 bytes free . - - End Of File - - BEF9887400E92254EC2947F947CD0F83 2DC58DC44DB907D3C97B0E33F03AEF3E Thanks, what comes next?

Hi, System Status: There were no "symptoms" before or now. Just want to make sure comp is clean. ComboFix log below: ComboFix 13-08-04.01 - hp 04-08-2013 15:58:52.1.4 - x86 Microsoft Windows 7 Starter 6.1.7601.1.1252.91.1033.18.2036.1102 [GMT 5.5:30] Running from: c:\users\hp\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Thumbs.db . . ((((((((((((((((((((((((( Files Created from 2013-07-04 to 2013-08-04 ))))))))))))))))))))))))))))))) . . 2013-08-04 05:20 . 2013-08-04 05:20 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CBC0AB1C-D435-4105-A557-6F346C4ABCFE}\offreg.dll 2013-08-04 05:20 . 2013-08-04 05:20 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CBC0AB1C-D435-4105-A557-6F346C4ABCFE}\MpKsl89ed48eb.sys 2013-08-04 05:19 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CBC0AB1C-D435-4105-A557-6F346C4ABCFE}\mpengine.dll 2013-08-04 05:10 . 2013-08-04 05:10 -------- d-----w- c:\windows\ERUNT 2013-08-03 03:06 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-07-31 14:40 . 2013-07-31 14:40 -------- d-----w- c:\users\hp\AppData\Roaming\Malwarebytes 2013-07-31 14:38 . 2013-07-31 14:38 -------- d-----w- c:\programdata\Malwarebytes 2013-07-31 14:38 . 2013-04-04 09:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-31 14:34 . 2013-07-31 14:34 -------- d-----w- c:\users\hp\AppData\Local\Programs 2013-07-31 14:20 . 2013-07-31 14:20 -------- d-----w- c:\program files\Common Files\Java 2013-07-31 14:19 . 2013-07-31 14:19 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-18 12:23 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-18 12:23 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-18 12:23 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-07-18 12:23 . 2013-04-10 05:02 1077760 ----a-w- c:\windows\system32\DWrite.dll 2013-07-18 12:23 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-18 12:23 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-18 12:23 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-18 12:23 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-07-18 12:23 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-18 12:23 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-17 15:34 . 2013-07-17 13:07 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7C83853-86A1-4C91-8C1E-8EF7C02A2B6B}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-31 14:19 . 2013-01-23 02:40 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-31 14:19 . 2010-10-20 00:26 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-21 04:45 . 2011-04-04 02:55 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-05-20 07:22 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-13 04:45 . 2013-06-15 07:50 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45 . 2013-06-15 07:50 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45 . 2013-06-15 07:50 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08 . 2013-06-15 07:50 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-15 07:50 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-10 03:20 . 2013-06-15 07:50 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-08 05:38 . 2013-06-15 07:50 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-13 2299176] "IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696] "AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-06-17 237568] "HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-08-24 584760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-05-20 536668] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-24 150552] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] . c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 840992] Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2011-2-21 50848] HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-2 91648] Snapfish PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe -det [2010-9-29 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R0 bhnprr;bhnprr; [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 136176] R2 SkypeUpdate;Skype Updater;f:\mypacks\skype\Updater\Updater.exe [2013-02-28 161384] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-17 27136] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2011-06-23 302120] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-06-23 33832] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 136176] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-05-16 111280] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296] S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 18136] S1 MpKsl89ed48eb;MpKsl89ed48eb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CBC0AB1C-D435-4105-A557-6F346C4ABCFE}\MpKsl89ed48eb.sys [2013-08-04 29904] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2011-05-20 81920] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 210488] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536] S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-08-24 26680] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL89ED48EB . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}] 2010-09-03 19:14 715840 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}] 2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-31 13:36 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 10:06] . 2013-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-05 10:06] . 2013-07-16 c:\windows\Tasks\HPCeeScheduleForhp.job - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . ------- Supplementary Scan ------- . TCP: Interfaces\{F86FD599-61A6-436D-9206-AD37B9EA6764}: NameServer = 192.168.1.1,4.2.2.2 . - - - - ORPHANS REMOVED - - - - . AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-08-04 16:18:55 ComboFix-quarantined-files.txt 2013-08-04 10:48 . Pre-Run: 96,321,966,080 bytes free Post-Run: 97,856,352,256 bytes free . - - End Of File - - 245697AFE22DDA07A4C88808A2BAA4CF 2DC58DC44DB907D3C97B0E33F03AEF3E What does this mean (what next)? Thanks;

Thank you Gringo, Status: There were no "symptoms" before or now. Just want to make sure comp is clean. (yet see some action taken by the tools you suggested). Below are the logs... (I am rather old doctorate in Comp Sc but Zero insight into Windows and esp. viruses. Since the cleaning actions are small in number in the logs below, would like to know the meaning/significance of the actions taken by the tools or what threat was represented... if it is not too much additional work. If it's a pain, do please ignore, what you are already providing is huge enough -- Safe-comp is my main objective.) AdwCleaner Log ---------------------- # AdwCleaner v2.306 - Logfile created 08/04/2013 at 10:07:16 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Starter Service Pack 1 (32 bits) # User : hp - PRADEEPMINI # Boot Mode : Normal # Running from : F:\MyPacks\DetectInfection\Malwarebytes.forum\AdwCleaner\AdwCleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : DvmMDES ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\Ask ***** [Registry] ***** Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\PIP Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\Software\DeviceVM Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\SOFTWARE\Software ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Registry is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [2215 octets] - [04/08/2013 10:07:17] ########## EOF - C:\AdwCleaner[s1].txt - [2275 octets] ########## JRT Log ----------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.3.1 (08.02.2013:3) OS: Windows 7 Starter x86 Ran by hp on 04-08-2013 at 10:40:19.03 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{0B6AD795-CEE7-4C46-B98F-6E2DF844DB61} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{10E3F2C6-EB87-4BB5-995D-7C00AA27DBA2} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{18BA54D8-5D3C-4293-A2EC-FAB98400DAD9} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{18C5D5F9-A586-4985-B29A-8910D1113C5C} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{1A1704BC-E03C-41D5-803A-3EA69F3CBF3F} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{1A43EB0C-D3E1-4F28-9290-4DB434C005DD} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{31B15460-37A9-4199-8EB1-33F5386C3643} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{3878669B-477B-46BA-9B9D-FA6E9E938302} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{57AE8697-D7D8-4DC8-8FCD-2AB1E4397909} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{5DD93AFB-369D-4018-817C-DB18A4DBC196} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{6F6246C8-C86C-4300-85D7-ADA9C711468B} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{8337451E-7B5C-443D-A27F-0E6B25EA4F81} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{AF4ECC63-561F-4711-A055-31EB0F8212E3} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{BFFC505F-ED49-4051-81A0-D150F72EDC67} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{CDBF41E3-E7CD-471B-8102-517AC229589C} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{D250BB16-E0B1-4BD0-98C3-E1D04E070162} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{D466CD3B-5D0C-4B3B-BB00-2CC632E651B5} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{D9DA00C9-E34B-4B5E-A4CD-2DEA530A2986} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{DC1EA938-1070-445E-AE38-6523C37E30B1} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{E7A50B18-66BE-486C-A165-377158817B2E} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{F2BA6D4F-2BAA-4AED-B3D0-094E9E7344FA} Successfully deleted: [Empty Folder] C:\Users\hp\appdata\local\{F785C005-004B-42DD-A0A2-386E11317B1F} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 04-08-2013 at 10:45:11.14 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hi, History: For 2 years I had MSE as protection for my netbook and it served me well. Then 25-Dec-12, my comp was attacked from an un-probable real-estate site. The attack was virulent and it did not allow me to do any checks in Normal-mode. After a few attempts, I booted in safe-mode and ran MSE full check.The check revealed the following viruses: Exploit:Java/CVE-2012-5076; Exploit:Java/CVE-2012-1723, Trojan:Win32/Claretore.H, Backdoor:Wind32/Simda.A, Trojan:Win32/Claretore.I, TrojanDownloader:Java/ToniperMSE could not remove any of theseSo, from Safe-mode, using Recovery Manager, I rolled back to a previous recovery-point availableThen I ran the check again and it did not show up presence of these virusesHowever; being a non-Windows person, I have not been sureI checked out the nature of these viruses and found that some of them are password stealers.Therefore, since then, I have not dared to do any financial transaction from my machineI DO NOT HAVE ANY EVEIDENCE OF ANY VIRUS/MALWARE RUNNING. YET AM WORRIED ABOUT THE PASSWORD STEALERS THAT PENETRATED MY SYSTEM 7 MONTHS AGO.Help Request: Want to make sure my comp is clean to resume financially sensitive access. Request you to run me through checks/remedies to ensure the same. Things done (last 2 days): (By looking up the net, downloaded MS msert.exe. After some time it started blinking the screen rapidly between black and normal, so I aborted the scan)As suggested in the pinned message for this forum, I ran the Quick check by Malwarebytes Anti-malware. It is cleanAs suggested in the pinned message for this forum, I ran dds.com; the reports are attached below.Please Help. DDS.TXT ------------ DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16496 BrowserJavaVersion: 10.25.2 Run by hp at 10:16:48 on 2013-08-03 Microsoft Windows 7 Starter 6.1.7601.1.1252.91.1033.18.2036.1218 [GMT 5.5:30] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files\IDT\WDM\STacSV.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\IDT\WDM\aestsrv.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\CNAB4RPK.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\IDT\WDM\sttray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\igfxsrvc.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskmgr.exe C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - f:\mypacks\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\HPNetworkCheckPlugin.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey StartupFolder: c:\users\hp\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\canonl~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CNAB4LAK.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpmedi~1.lnk - c:\program files\hewlett-packard\hp media suite\home\ArcStart.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\picturemover\bin\PictureMover.exe mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\NCLauncherFromIE.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - f:\mypacks\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll TCP: Interfaces\{F86FD599-61A6-436D-9206-AD37B9EA6764} : NameServer = 192.168.1.1,4.2.2.2 TCP: Interfaces\{F86FD599-61A6-436D-9206-AD37B9EA6764}\6596D63747166666 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{F86FD599-61A6-436D-9206-AD37B9EA6764}\B45435 : DHCPNameServer = 192.168.1.254 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - f:\mypacks\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll mASetup: {4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} - c:\program files\hewlett-packard\hp media suite\home\HPMediaSuite.exe "/installer" mASetup: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - c:\windows\system32\wscript.exe "c:\program files\hewlett-packard\hp media suite\home\PinItem.vbs" mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296] R1 DVMIO;DeviceVM IO Service;c:\windows\system32\drivers\dvmio.sys [2009-11-12 18136] R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-5-20 81920] R2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\hpqwmm\quickweb\qw.sys\config\DVMExportService.exe [2010-9-29 338208] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2012-9-27 86528] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-7-22 103992] R2 HPClientSvc;HP Client Services;c:\program files\hewlett-packard\hp client services\HPClientServices.exe [2010-8-6 210488] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2012-8-10 197536] R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2010-8-24 26680] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-12-7 13336] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 100328] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;f:\mypacks\skype\updater\Updater.exe [2013-2-28 161384] S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2010-6-17 27136] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560] S3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2011-6-23 302120] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-6-23 33832] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-23 14848] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-23 49664] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296] . =============== Created Last 30 ================ . 2013-08-03 03:06:05 7143960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c80d4710-1e4c-4601-b64a-a5ce4d80f0c3}\mpengine.dll 2013-08-02 01:39:28 7143960 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-07-31 14:40:10 -------- d-----w- c:\users\hp\appdata\roaming\Malwarebytes 2013-07-31 14:38:45 -------- d-----w- c:\programdata\Malwarebytes 2013-07-31 14:38:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-31 14:34:57 -------- d-----w- c:\users\hp\appdata\local\Programs 2013-07-31 14:19:37 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-18 12:23:46 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll 2013-07-18 12:23:39 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-18 12:23:38 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-07-18 12:23:37 1077760 ----a-w- c:\windows\system32\DWrite.dll 2013-07-18 12:23:36 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-18 12:23:34 680960 ----a-w- c:\program files\windows defender\MpSvc.dll 2013-07-18 12:23:34 392704 ----a-w- c:\program files\windows defender\MpClient.dll 2013-07-18 12:23:33 224768 ----a-w- c:\program files\windows defender\MpCommu.dll 2013-07-18 12:23:32 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-18 12:23:31 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-17 15:34:15 698504 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a7c83853-86a1-4c91-8c1e-8ef7c02a2b6b}\gapaengine.dll . ==================== Find3M ==================== . 2013-07-31 14:19:10 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-31 14:19:09 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-05-29 01:50:14 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-05-29 01:41:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-29 01:41:08 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-05-29 01:37:15 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-29 01:36:09 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-05-29 01:33:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-13 04:45:55 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08:10 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-10 03:20:54 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-08 05:38:00 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys . ============= FINISH: 10:17:51.17 =============== ATTACH.TXT ------------------ . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Starter Boot Device: \Device\HarddiskVolume1 Install Date: 29-03-2011 15:25:42 System Uptime: 03-08-2013 08:56:03 (2 hours ago) . Motherboard: Hewlett-Packard | | 1584 Processor: Intel® Atom CPU N550 @ 1.50GHz | CPU | 1500/667mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 143 GiB total, 89.998 GiB free. D: is FIXED (NTFS) - 16 GiB total, 2.368 GiB free. F: is FIXED (NTFS) - 138 GiB total, 31.862 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP361: 15-07-2013 10:12:31 - Windows Update RP362: 18-07-2013 17:58:11 - Windows Update RP363: 23-07-2013 06:50:10 - Windows Update RP364: 27-07-2013 03:57:36 - Windows Update RP365: 30-07-2013 19:38:55 - Windows Update RP366: 31-07-2013 11:52:54 - b4 mwb aftr msert blink RP367: 31-07-2013 19:47:49 - Installed Java 7 Update 25 RP368: 31-07-2013 19:54:56 - Removed Java 6 Update 26 RP369: 03-08-2013 08:35:14 - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe Flash Player 10 ActiveX Adobe Reader 9.5.5 MUI Adobe Shockwave Player 11.5 Agatha Christie - Peril at End House Alcor Micro USB Card Reader Bejeweled 2 Deluxe Bing Bar Blasterball 3 Bounce Symphony Broadcom 2070 Bluetooth 3.0 Broadcom 802.11 Wireless LAN Adapter Cake Mania Canon LBP2900 Chuzzle Deluxe CutePDF Writer 2.9 CyberLink DVD Suite D3DX10 Diner Dash 2 Restaurant Rescue Dream Chronicles Energy Star Digital Logo ESU for Microsoft Windows 7 Evernote Farm Frenzy FATE Google Chrome Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper Hewlett-Packard ACLM.NET v1.2.1.1 Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054) HP Auto HP Client Services HP Customer Experience Enhancements HP Documentation HP Game Console HP Games HP HomeBase HP Photo Creations HP Power Manager HP Quick Launch HP QuickSync HP QuickWeb Installer HP Setup HP Setup Manager HP Software Framework HP Support Assistant HP Wireless Assistant IDT Audio Insaniquarium Deluxe Intel® Graphics Media Accelerator Driver Intel® Rapid Storage Technology Java 7 Update 25 Java Auto Updater Java SE Development Kit 7 Update 1 Jewel Quest - Heritage Jewel Quest II Jewel Quest Solitaire JoJo's Fashion Show Junk Mail filter update Mahjongg Artifacts Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Help Viewer 1.1 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 Express - ENU Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Microsoft_VC100_CRT_SP1_x86 MSVC80_x86_v2 MSVC90_x86 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nokia Connectivity Cable Driver Nokia Suite PC Connectivity Solution Penguins! PictureMover Plants vs. Zombies Polar Bowler Power2Go Realtek Ethernet Controller Driver For Windows 7 Recovery Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Skip-Bo - Castaway Caper Skype Click to Call Skype™ 6.3 Slingo Deluxe Sophos Virus Removal Tool Synaptics Pointing Device Driver Tradewinds Legends Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Virtual Villagers - The Secret City Wedding Dash Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinSCP 4.1.9 Yahoo! Detect Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 30-07-2013 16:36:53, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.155.997.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9700.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 30-07-2013 10:10:52, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom 29-07-2013 20:25:49, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service. 28-07-2013 05:41:32, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.155.882.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9700.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 03-08-2013 09:37:19, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 03-08-2013 08:56:29, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bhnprr cdrom 02-08-2013 21:56:03, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 02-08-2013 10:33:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 01-08-2013 16:23:37, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s). 01-08-2013 02:44:35, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.155.1099.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9700.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 01-08-2013 02:34:33, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.155.1099.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9700.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. . ==== End Of File ===========================