Jump to content

RubenTX

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Ron, Attached is the log file from the ComboFix scan - ComboFix.txt
  2. Ron, Here is the latest - mbar.log results - Malwarebytes Anti-Rootkit BETA 1.08.2.1001 www.malwarebytes.org Database version: v2014.12.22.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Tobor :: MYDELLOPTIPLEX [administrator] 12/22/2014 10:01:35 AM mbar-log-2014-12-22 (10-01-35).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 343343 Time elapsed: 9 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) See attached for the system-log.txt system-log.txt Thanks again...
  3. Here are the results of our latest TS - Step 04 - Junkware Removal Tool ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.0 (11.29.2014:1) OS: Microsoft Windows XP x86 Ran by Tobor on Sat 12/20/2014 at 12:02:36.91 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files\myfree codec" ~~~ FireFox Successfully deleted the following from C:\Documents and Settings\Tobor\Application Data\mozilla\firefox\profiles\wn5jh7eu.default\prefs.js user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_ggfc_14_42_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtDyEyEtDyDtBtByEyBtA0AtN0D0Tzu0StCtDtBtAtN1L2XzutAtFtBt user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda"); user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda"); user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_ggfc_14_42_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtDyEyEtDyDtBtByEyBtA0AtN0D0Tzu0StCtDtBtAtN1L2XzutAt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 12/20/2014 at 12:07:34.97 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Step 05 - AdwCleaner # AdwCleaner v4.105 - Report created 20/12/2014 at 18:03:58 # Updated 08/12/2014 by Xplode # Database : 2014-12-16.1 [Live] # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Tobor - MYDELLOPTIPLEX # Running from : C:\About Downloads\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v33.0.2 (x86 en-US) ************************* AdwCleaner[R2].txt - [613 octets] - [20/12/2014 18:03:58] ########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [672 octets] ########## Step 06 - Malwarebytes Threat Scan Malwarebytes Anti-Malware www.malwarebytes.org Update, 12/20/2014 6:21:49 PM, SYSTEM, MYDELLOPTIPLEX, Manual, Malware Database, 2014.12.19.5, 2014.12.20.7, (end) Step 07 - ESET Online Virus Scanner C:\About Downloads\Applications\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Program Files\PDF Creator\message.exe a variant of Win32/InstallCore.A potentially unwanted application deleted - quarantined Step 08 - Farbar Recovery Scan Tool See attached FRST and Addition logs FRST_20-12-2014_20-35-56.txtAddition_20-12-2014_20-35-56.txt
  4. Thanks Ron, I appreciate you stepping in and giving me a hand. I followed all of your steps (zero thru 3) Step 0 results - RKill - Rkill 2.6.9 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 12/19/2014 09:23:42 AM in x86 mode. Windows Version: Microsoft Windows XP Service Pack 3 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * System Restore Disabled [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = dword:00000001 * Reparse Point/Junctions Found (Most likely legitimate)! * C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\3.1.31.0__540d4816ead86321 => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.1.31.0_x-ww_8b778a47 [Dir] * C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\3.1.31.0__540d4816ead86321 => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.1.31.0_x-ww_46ee423f [Dir] * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4\v4.0_4.0.96.0__3ff6b78e2989595a => C:\WINDOWS\WinSxS\x86_Intuit.Spc.Esd.WinClient.Application.ConfigUXv4_3ff6b78e2989595a_4.0.96.0_x-ww_8cdf6f3c [Dir] * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Esd.WinClient.Application.Update\v4.0_4.0.96.0__3ff6b78e2989595a => C:\WINDOWS\WinSxS\x86_Intuit.Spc.Esd.WinClient.Application.Update_3ff6b78e2989595a_4.0.96.0_x-ww_eb4885b6 [Dir] * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir] * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4\v4.0_4.0.66.0__3ff6b78e2989595a => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv4_3ff6b78e2989595a_4.0.66.0_x-ww_7acf93b2 [Dir] * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4\v4.0_4.0.78.0__3ff6b78e2989595a => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv4_3ff6b78e2989595a_4.0.78.0_x-ww_aa528373 [Dir] * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\v4.0_4.0.66.0__3ff6b78e2989595a => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_3ff6b78e2989595a_4.0.66.0_x-ww_d938aa2c [Dir] * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\v4.0_4.0.78.0__3ff6b78e2989595a => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_3ff6b78e2989595a_4.0.78.0_x-ww_8bb99ed [Dir] * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir] Checking Windows Service Integrity: * System Restore Service (srservice) is not Running. Startup Type set to: Automatic * Automatic Updates (wuauserv) is not Running. Startup Type set to: Disabled * System Restore Filter Driver (sr) is not Running. Startup Type set to: Disabled Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 12/19/2014 09:24:37 AM Execution time: 0 hours(s), 0 minute(s), and 54 seconds(s) Step 1 results - Backup registry - Successfully backed up my registry file using ERUNT Step 2 results - Threat scan using the latest version of Malwarebytes - Malwarebytes Anti-Malware www.malwarebytes.org Update, 12/19/2014 10:30:02 AM, SYSTEM, MYDELLOPTIPLEX, Manual, Malware Database, 2014.12.18.4, 2014.12.19.5, (end) The error message which precipitated this topic occurred right after I finished the scan and clicked on the "History" button I was able to relaunch the program and obtain the Application Log (see above).
  5. I have sent a PM to the Root Admin seeking assistance. And asked the following question - what does one need to do to get assistance? I have followed the protocol accurately, to the best of my knowledge, yet i am seeing post from people seeking help and they are getting it the very same day.
  6. Complying with the Root Admin's advice I am replying to my post to seek assistance with my issue as it has been over 48 hours since I posted the original request. Thanks,
  7. I have been instructed to post my logs here for further assistance. There appears to be some anomalous data that might be the reason for the Malwarebyte version 2.0.4.1028 crashing. Thanks, FRST.txt Addition.txt
  8. As requested, I have attached the requested log files. Thanks in advance. Addition.txt FRST.txt CheckResults.txt
  9. I recently updated to version 2.0.4.1028, now everytime I attempt to scan anything, I receive a Microsoft error message. See attached file.
  10. Kevin, while waiting for your reply, I went ahead and removed all entries. Executed the Farbar Recovery Tool, rebooted and woo-who!!!!!! I am back in business again. Thanks for your help with this, it is greatly appreciated.
  11. Here is my log file from AdvCleaner, please advise on what should be removed/retained, Thanks. # AdwCleaner v3.015 - Report created 13/12/2013 at 08:54:55 # Updated 10/12/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : user - USER-HP # Running from : C:\Users\user\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** Service Found : vToolbarUpdater17.0.12 ***** [ Files / Folders ] ***** File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Found : C:\Users\Public\Desktop\eBay.lnk File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8ju5nl7q.default\invalidprefs.js File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8ju5nl7q.default\searchplugins\Askcom.xml File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8ju5nl7q.default\searchplugins\bingp.xml File Found : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8ju5nl7q.default\searchplugins\safeguard-secure-search.xml Folder Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search Folder Found C:\Program Files\Level Quality Watcher Folder Found C:\ProgramData\Ask Folder Found C:\ProgramData\boost_interprocess Folder Found C:\users\user\AppData\Local\apn Folder Found C:\users\user\AppData\Local\AVG SafeGuard toolbar ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKCU\Software\AppDataLow\Software\xfin_portal Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : [x64] HKLM\SOFTWARE\Scorpion Saver ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v25.0.1 (en-US) [ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8ju5nl7q.default\prefs.js ] Line Found : user_pref("browser.search.defaultenginename", "nationzoom"); Line Found : user_pref("browser.search.selectedEngine", "nationzoom"); -\\ Google Chrome v [ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found : homepage Found : icon_url Found : search_url Found : suggest_url Found : keyword Found : urls_to_restore_on_startup Found : icon_url Found : search_url Found : suggest_url Found : keyword Found : icon_url Found : search_url Found : suggest_url Found : keyword ************************* AdwCleaner[R1].txt - [8604 octets] - [13/12/2013 08:54:55] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [8664 octets] ##########
  12. As requested - DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.21.2 Run by user at 19:05:18 on 2013-12-12 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2164 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\vcsFPService.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\DigitalPersona\Bin\DpHostW.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe C:\ProgramData\DatacardService\DCService.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Motorola\Bluetooth\obexsrv.exe C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe C:\ProgramData\DatacardService\DCSHelper.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\ProgramData\Cricket Broadband EC1705\userdata\ouc.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Motorola\Bluetooth\audiosrv.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\DigitalPersona\Bin\DPAgent.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [HW_OPENEYE_OUC_Cricket Broadband EC1705] "C:\Program Files (x86)\Cricket Broadband EC1705\UpdateDog\ouc.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm TCP: NameServer = 192.168.1.1 TCP: Interfaces\{53F17A93-DF5A-4403-AFA7-444BF3B75464} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{53F17A93-DF5A-4403-AFA7-444BF3B75464}\030313630313931354233483 : DHCPNameServer = 192.168.11.1 TCP: Interfaces\{53F17A93-DF5A-4403-AFA7-444BF3B75464}\14C647F6D6162756 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{53F17A93-DF5A-4403-AFA7-444BF3B75464}\3516D63757E676027416C616879702E4F64756330203937393 : DHCPNameServer = 192.168.43.1 TCP: Interfaces\{53F17A93-DF5A-4403-AFA7-444BF3B75464}\468366565633263603336333 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{53F17A93-DF5A-4403-AFA7-444BF3B75464}\84453402F4E6560235020383 : DHCPNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll LSA: Notification Packages = DPPassFilter scecli mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe, x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8ju5nl7q.default\ FF - prefs.js: browser.search.selectedEngine - nationzoom FF - prefs.js: browser.startup.homepage - google.com FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\user\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: C:\Users\user\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-12-07 18:15; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-12-7 65776] R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-12-7 205320] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-12-7 1032416] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-12-7 409832] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-4-4 46368] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-2 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-16 202752] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-12-7 38984] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-12-7 84328] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-7 50344] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2012-3-2 677128] R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368] R2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [2009-12-22 225280] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-7-6 376144] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 16056] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-12-7 72216] R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176] R3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2012-3-2 4181256] R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2012-3-2 1096968] R3 BTMUSB;Motorola Bluetooth Radio Service;C:\Windows\System32\drivers\btmusb.sys [2012-3-2 3232768] R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-6-25 32880] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-3-2 1028096] R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-9-13 83456] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-3-2 1360960] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-3-2 38456] S2 CLKMSVC10_C6F09094;CyberLink Product - 2012/03/02 08:06:13;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2012-3-2 245232] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408] S3 BTMCOM;Bluetooth Serial Port;C:\Windows\System32\drivers\btmcom.sys [2012-3-2 52736] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-9-13 114560] S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2012-9-13 252928] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-10 111616] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-3-2 239136] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-3 344680] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-3-9 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-7 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-4-15 3289208] S4 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [2013-11-4 1734680] . =============== Created Last 30 ================ . 2013-12-10 17:32:21 -------- d-----w- C:\HiJackThis 2013-12-10 16:37:19 -------- d-----w- C:\Users\user\AppData\Local\LogMeIn Rescue Applet 2013-12-09 23:54:33 -------- d-----w- C:\Program Files\Uninstaller 2013-12-09 23:44:07 -------- d-----w- C:\Program Files\Level Quality Watcher 2013-12-09 23:44:04 -------- d-----w- C:\temp 2013-12-09 23:44:04 -------- d-----w- C:\Program Files (x86)\Optimizer Pro 2013-12-08 14:28:14 -------- d-----w- C:\Eugene's Downloads 2013-12-08 03:04:19 -------- d-----w- C:\Users\user\AppData\Local\LogMeIn 2013-12-08 03:04:16 60744 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll 2013-12-08 03:04:16 35656 ----a-w- C:\Windows\System32\LMIport.dll 2013-12-08 03:04:15 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak 2013-12-08 03:04:15 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys 2013-12-08 03:04:15 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll 2013-12-08 03:04:12 92488 ----a-w- C:\Windows\System32\LMIinit.dll 2013-12-08 03:04:08 -------- d-----w- C:\ProgramData\LogMeIn 2013-12-08 03:03:53 -------- d-----w- C:\Program Files (x86)\LogMeIn 2013-12-07 23:23:43 -------- d-----w- C:\Users\user\AppData\Roaming\AVAST Software 2013-12-07 23:00:55 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-12-07 23:00:53 1032416 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-12-07 23:00:52 205320 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-12-07 23:00:51 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-12-07 23:00:46 84328 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-12-07 22:59:36 43152 ----a-w- C:\Windows\avastSS.scr 2013-12-07 22:59:20 -------- d-----w- C:\Program Files\AVAST Software 2013-12-07 22:56:04 -------- d-----w- C:\ProgramData\AVAST Software 2013-12-07 21:07:27 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes 2013-12-07 21:07:12 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2013-12-07 21:07:12 -------- d-----w- C:\ProgramData\Malwarebytes 2013-12-07 21:07:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-12-07 21:07:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-07 21:02:59 -------- d-----w- C:\Program Files\CCleaner 2013-12-07 16:33:58 -------- d-----w- C:\Program Files (x86)\VS Revo Group 2013-12-07 16:27:14 -------- d-----w- C:\Things To Do Weekly 2013-12-07 16:19:40 -------- d-----w- C:\Users\user\AppData\Local\Adobe 2013-11-15 08:21:25 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL 2013-11-15 08:21:25 830464 ----a-w- C:\Windows\System32\nshwfp.dll 2013-11-15 08:21:25 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll 2013-11-15 08:21:25 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL 2013-11-15 08:21:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL 2013-11-15 03:59:10 1474048 ----a-w- C:\Windows\System32\crypt32.dll 2013-11-15 03:59:05 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll . ==================== Find3M ==================== . 2013-12-11 01:27:59 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-11 01:27:59 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-11-04 06:53:13 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll 2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll 2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll 2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll 2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll 2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll 2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll 2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll 2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll 2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll 2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll 2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll 2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe . ============= FINISH: 19:05:47.61 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 3/2/2012 1:19:33 PM System Uptime: 12/12/2013 6:50:03 PM (1 hours ago) . Motherboard: Hewlett-Packard | | 1443 Processor: AMD Phenom II N640 Dual-Core Processor | Socket S1G4 | 783/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 576 GiB total, 521.69 GiB free. D: is FIXED (NTFS) - 20 GiB total, 2.961 GiB free. E: is CDROM () F: is FIXED (FAT32) - 0 GiB total, 0.01 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: AntiLog32 Device ID: ROOT\LEGACY_ANTILOG32\0000 Manufacturer: Name: AntiLog32 PNP Device ID: ROOT\LEGACY_ANTILOG32\0000 Service: AntiLog32 . ==== System Restore Points =================== . RP228: 12/9/2013 6:18:38 PM - Windows Backup . ==== Installed Programs ====================== . Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.3 MUI Adobe Shockwave Player 11.5 AMD USB Filter Driver ATI Catalyst Install Manager avast! Free Antivirus Bejeweled 2 Deluxe Blackhawk Striker 2 Build-a-lot 2 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Chuzzle Deluxe CinemaNow Media Manager Contents Corel PaintShop Photo Pro X3 Corel VideoStudio Pro X3 Cricket Broadband EC1705 CyberLink DVD Suite DeviceIO Diner Dash 2 Restaurant Rescue DMUninstaller Dora's Carnival Adventure DVD Menu Pack for HP MediaSmart Video Energy Star Digital Logo Escape Rosecliff Island ESU for Microsoft Windows 7 FATE Final Drive Nitro Google Chrome Heroes of Hellas 2 - Olympia Hewlett-Packard ACLM.NET v1.2.1.1 HP 3D DriveGuard HP Advisor HP Customer Experience Enhancements HP Documentation HP DVB-T TV Tuner 8.0.64.43 HP Game Console HP Games HP MediaSmart CinemaNow 2.0 HP MediaSmart DVD HP MediaSmart Movies and TV HP MediaSmart Music HP MediaSmart Photo HP MediaSmart SmartMenu HP MediaSmart Video HP MediaSmart Webcam HP MediaSmart/TouchSmart Netflix HP Photo Creations HP Power Manager HP Quick Launch HP Setup HP SimplePass Identity Protection HP Software Framework HP Support Assistant HP Wireless Assistant Hulu Desktop ICA IDT Audio IPM_PSP_Pro IPM_VS_Pro ISCOM Java 7 Update 21 Java Auto Updater Java 6 Update 20 (64-bit) Jewel Quest 3 Jewel Quest Solitaire 2 Junk Mail filter update LabelPrint LightScribe System Software LogMeIn Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2010 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Movie Theme Pack for HP MediaSmart Video Mozilla Firefox 25.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Penguins! PhotoNow! Plants vs. Zombies Poker Superstars III Polar Bowler Polar Golfer Power2Go PowerDirector PSPPContent PSPPRO_DCRAW PureHD Ralink Motorola BC4 Bluetooth 3.0+HS Adapter Ralink RT3090 802.11b/g/n WiFi Adapter Realtek Ethernet Controller Driver For Windows 7 Realtek USB 2.0 Card Reader Recovery Manager Revo Uninstaller 1.80 Roxio CinemaNow 2.0 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Setup Share Share64 Skype Click to Call Skype™ 6.6 Synaptics Pointing Device Driver Times Reader Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) Validity Sensors DDK VIO Virtual Families Virtual Villagers - The Secret City Visual Studio 2010 x64 Redistributables VSClassic VSPro Wheel of Fortune 2 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Media Encoder 9 Series Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 12/11/2013 2:35:49 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. 12/11/2013 2:35:19 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 12/11/2013 2:35:19 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. . ==== End Of File ===========================
  13. I recently was hit with the nationzoom.com virus/malware. I ran Malwarebytes - Malwarebytes Anti-Malware 1.75.0.1300 Database version: v2013.12.09.08 It found and quarantined a number of issues pertaining to this, however, everytime I launch ANY browser it still redirects me to the nationzoom page. I have followed a handful of advice that I found on the web, to no avail. I am at my wits end.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.