TaxSleuth

February 11

Working fine.

February 6

Okay, so when I ran the repair you recommended. My computer became non-functional. It lost access to internet and printers etc. I therefore did a System Restore, and now it is back to working. It is working

so much better now, but I realize I am not out of the woods.

I understand this is not your procedure (doing a restore) , but in this instance, the cure was too 'brute force'. I am uploading the fixlog. I have glanced thru it and I can see the many 'attention' indicators,

can we work through the issues it flagged? I hope you aren't offended, I know to do this wonderful work you do, you need to be systematic about this.

You also suggested I run malwarebytes and adwcleaner. I ran adwcleaner.

I have malwarebytes installed but it will not launch. (?) Should I delete and re-install it?

Charles

AdwCleaner[C01].txt AdwCleaner[S01].txt Fixlog.txt

February 6

Hi, I here are the two log files.

Thank you!

FRST.txt Addition.txt

February 5

PC is Windows 10. Today it re-booted while I was sitting here. When I went to log back into the desktop. It said

my PIN had been lost. Then, it wouldn't let me reset the PIN. Eventually, I was locked out of my own PC because

only my login had adminstrator rights and without administrator rights I couldn't log in. EVENTUALLY, I found

something called "PassFab" by 4Winkey and was able to break into my locked computer.

But that was only the beginning of the weirdness. Malwarebytes would not run (and it still doesn't).

I had definitely established RESTORE POINTS a few weeks ago. Those can't be found. I have not

upgraded Windows 10 recently. (by this I mean in last couple of weeks).

I wound up launching services.msc and many services that should be running were now disabled. For example,

Malwarebytes services were now disabled. I re-started them but MalwareBytes still did not work.

Anyway, I am still hoping that I am not affected, but that a file somewhere is corrupted. However,

I cannot run SFC /Scannow and I did a deep check on my computer a few weeks back. Ran all sorts of

special Antivirus, SFC, the other things--all this without any hitches a few weeks ago.

So, help me, Obi-wan....

I have gone ahead and generated the logs and have attached them here.

mbst-grab-results.zip

July 30, 2014

So, all the sudden, this computer just starts moving in ultra-slow motion. I do have anti-virus, firewall, etc. So I run ESET online and it finds a Trojan and deletes it.

Yuck! But the computer is still acting weird. I hit control-alt-delete which takes forever to open up if at all, and there are like a zillion chrome.exe files even though I only have like a few windows upon. I shut down chrome completely. Still a bunch of these chrome.exe files and they are consuming lots and lots of memory. Not sure what gives and I am now at the limits of this type of computer knowledge. I hand it over to the masters. I tried to copy and paste the logs but was unable to, am attaching as text docs.

Thank you, Chas.

FRST.txt

Addition.txt

November 30, 2013

All done. Thanks.

November 30, 2013

Results of screen317's Security Check version 0.99.77

Windows 7 Service Pack 1 x64 (UAC is enabled)

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

SpywareBlaster 5.0

Malwarebytes Anti-Malware version 1.75.0.1300

JavaFX 2.1.1

Java 7 Update 45

Adobe Reader 10.1.6 Adobe Reader out of Date!

Google Chrome 30.0.1599.101

Google Chrome 31.0.1650.57

Google Chrome Plugins...

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Tall Emu Online Armor OAcat.exe

Tall Emu Online Armor oasrv.exe

Tall Emu Online Armor oaui.exe

Tall Emu Online Armor OAhlp.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

November 30, 2013

# AdwCleaner v3.013 - Report created 30/11/2013 at 14:06:48

# Updated 24/11/2013 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : Installer - WIN7

# Running from : C:\Users\Installer\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_0beb79c1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_magic-pack-wallpaper_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_magic-pack-wallpaper_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKCU\Software\anchorfree

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\PIP

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

-\\ Google Chrome v31.0.1650.57

THIS IS THE AdwCleaner REPORT Post-Cleanup

*********************************************************************************************************************************************

[ File : C:\Users\Installer\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2809 octets] - [30/11/2013 11:03:46]

AdwCleaner[R1].txt - [2811 octets] - [30/11/2013 14:05:36]

AdwCleaner[s0].txt - [2604 octets] - [30/11/2013 14:06:48]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2664 octets] ##########

*****************************************************************************************************************************

HERE IS THE MALWAREBYTE REPORT

Malwarebytes Anti-Malware (Corporate) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.11.30.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Installer :: WIN7 [administrator]

Protection: Enabled

11/30/13 2:17:25 PM

mbam-log-2013-11-30 (14-17-25).txt

Scan type: Quick scan

Scan options disabled:

Objects scanned: 225976

Time elapsed: 9 minute(s), 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

*******************************************************************************************************

Computer seems to be running fine now.

November 30, 2013

I am not what to check/uncheck so I am going to post the report for your advise. (I am going to be uninstalling Spyhunter)

# AdwCleaner v3.013 - Report created 30/11/2013 at 11:03:46

# Updated 24/11/2013 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : Installer - WIN7

# Running from : C:\Users\Installer\Desktop\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Windows\System32\Tasks\SpyHunter4Startup

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\anchorfree

Key Found : HKCU\Software\APN PIP

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKCU\Software\PIP

Key Found : HKCU\Software\Softonic

Key Found : [x64] HKCU\Software\anchorfree

Key Found : [x64] HKCU\Software\APN PIP

Key Found : [x64] HKCU\Software\PIP

Key Found : [x64] HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_magic-pack-wallpaper_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_magic-pack-wallpaper_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_0beb79c1

Key Found : HKLM\Software\PIP

Key Found : HKLM\Software\SP Global

Key Found : HKLM\Software\SProtector

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Installer\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2637 octets] - [30/11/2013 11:03:46]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2697 octets] ##########

November 29, 2013

I think I managed to not attach COMBOFIX.TXT

In the Microsoft Security Essentials it also says:

Items:

file:C\Program Files (x86)\Access Denied XP\uninst.dll

Thanks again

ComboFix.txt

November 29, 2013

Okay, well first off, I am looking over this print out myself and it looks like I managed to not turn off Malware Bytes. (It is still listed as a process that's running at the bottom.)

I have attached Combofix.txt as a file.

Secondly, when I was going through and turning off the anti-virus stuff and I found the following in the History of Microsoft Security Essentials:

Detected Item: Trojan:Win32/Comisproc

Alert level: Severe

Date: 11/29/13 5:15 PM

Action taken: Quarantined

******************************************************************************************************************************************************************************

There's a Remove all button. I am thinking I should select it?

November 29, 2013

Oops...sorry,...I hit the post button by accident.

Anyway, I pressed "No" when the anti- rootkit said that. Let me know if I should

say "yes"

*******************************************************************************************************

At the end of the scan, it said:

"Congratulation: no cleanup is required!

Scan finished: No malware found!

********************************************************************************************************

I am having trouble finding the logs. Am going to do a search for them and post them

in my next post. Sorry for dragging this out.

November 29, 2013

Thanks again.

First off, the computer is still trying to access that IP address--every ten minutes or so.

I ran the rootkit as requested. First off, when I was installing it. I got the following message:

Registry value "appInit_Dlls" has been found, which may be caused by rootkit

activity.

Note: Press "No" button if you're not sure...

November 28, 2013

Thank you for picking up this thread. Happy Thanksgiving.

Here is the report from RogueKiller

**********************************************************************************************************************************************

*********************************************************************************************************************************************

RogueKiller V8.7.9 _x64_ [Nov 25 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Installer [Admin rights]

Mode : Scan -- Date : 11/28/2013 14:10:59

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤

[V2][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" - /silent [7] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost #[iPv6]

127.0.0.1 fr.a2dfp.net

127.0.0.1 m.fr.a2dfp.net

127.0.0.1 ad.a8.net

127.0.0.1 asy.a8ww.net

127.0.0.1 abcstats.com

127.0.0.1 a.abv.bg

127.0.0.1 adserver.abv.bg

127.0.0.1 adv.abv.bg

127.0.0.1 bimg.abv.bg

127.0.0.1 ca.abv.bg

127.0.0.1 www2.a-counter.kiev.ua

127.0.0.1 track.acclaimnetwork.com

127.0.0.1 accuserveadsystem.com

127.0.0.1 www.accuserveadsystem.com

127.0.0.1 achmedia.com

127.0.0.1 aconti.net

127.0.0.1 secure.aconti.net

127.0.0.1 www.aconti.net #[Dialer.Aconti]

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721010CLA332 ATA Device +++++

--- User ---

[MBR] b04550b93932001b859d4459a7de2c08

[bSP] 89c5121ceb2252c70da10d29dbe61be1 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 169993 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 356080720 | Size: 400000 Mo

3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1175283649 | Size: 75000 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic USB SD Reader USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic USB CF Reader USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE4 @ USB) Generic USB MS Reader USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_11282013_141059.txt >>

*************************************************************************************************************************

***************************************************************************************************************************

November 28, 2013

Here's the Malwarebytes log for today--this all started today--

2013/11/27 00:39:00 -0500 WIN7 Installer MESSAGE Executing scheduled update: Daily

2013/11/27 00:39:04 -0500 WIN7 Installer MESSAGE Starting database refresh

2013/11/27 00:39:04 -0500 WIN7 Installer MESSAGE Stopping IP protection

2013/11/27 00:39:04 -0500 WIN7 Installer MESSAGE IP Protection stopped successfully

2013/11/27 00:39:04 -0500 WIN7 Installer MESSAGE Scheduled update executed successfully: database updated from version v2013.11.24.01 to version v2013.11.27.02

2013/11/27 00:39:07 -0500 WIN7 Installer MESSAGE Database refreshed successfully

2013/11/27 00:39:07 -0500 WIN7 Installer MESSAGE Starting IP protection

2013/11/27 00:39:08 -0500 WIN7 Installer MESSAGE Scheduled scan executed successfully

2013/11/27 00:39:09 -0500 WIN7 Installer MESSAGE IP Protection started successfully

2013/11/27 02:53:55 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50932, Process: chrome.exe)

2013/11/27 02:53:55 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50933, Process: chrome.exe)

2013/11/27 02:53:55 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50934, Process: chrome.exe)

2013/11/27 02:53:55 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50935, Process: chrome.exe)

2013/11/27 02:53:55 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50936, Process: chrome.exe)

2013/11/27 02:59:55 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50974, Process: chrome.exe)

2013/11/27 02:59:55 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50975, Process: chrome.exe)

2013/11/27 02:59:55 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50976, Process: chrome.exe)

2013/11/27 02:59:55 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50977, Process: chrome.exe)

2013/11/27 02:59:55 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50978, Process: chrome.exe)

2013/11/27 03:04:20 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50981, Process: iexplore.exe)

2013/11/27 03:04:20 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50982, Process: iexplore.exe)

2013/11/27 03:04:20 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50983, Process: iexplore.exe)

2013/11/27 03:04:20 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50984, Process: iexplore.exe)

2013/11/27 03:04:20 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 50985, Process: iexplore.exe)

2013/11/27 03:05:56 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51007, Process: chrome.exe)

2013/11/27 03:05:56 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51008, Process: chrome.exe)

2013/11/27 03:05:56 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51009, Process: chrome.exe)

2013/11/27 03:05:56 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51010, Process: chrome.exe)

2013/11/27 03:05:56 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51011, Process: chrome.exe)

2013/11/27 03:10:21 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51042, Process: iexplore.exe)

2013/11/27 03:10:21 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51043, Process: iexplore.exe)

2013/11/27 03:10:21 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51044, Process: iexplore.exe)

2013/11/27 03:10:21 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51045, Process: iexplore.exe)

2013/11/27 03:10:21 -0500 WIN7 Installer IP-BLOCK 162.210.192.21 (Type: outgoing, Port: 51046, Process: iexplore.exe)

THIS IP-BLOCK goes on for pages.....

November 28, 2013

Hello, I started getting this pop up. Something on my computer is really trying to phone home. About every 10 minutes, Malwarebytes blocks my computer trying to reach out to

162.210.192.21

When I have iexplorer open, it says iexplorer.com tried to do this, when I am running Chrome, it says chrome.exe is trying to do this.

Anyway, would really appreciate a little piece of mind. I don't think I have ever had someone take a look at this computer for possible infection. It's relatively new.

***************************************************************************************************************************************************************************************

HERE's DDS.TXT

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.45.2

Run by Installer at 18:51:02 on 2013-11-27

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7935.3381 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

E:\Program Files (x86)\Online Armor\OAcat.exe

E:\Program Files (x86)\Online Armor\oasrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

E:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

E:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe

E:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe

E:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe

C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe

E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe

C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe

E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\Program Files (x86)\Ellie Mae\SCAppMgr\SCAppMgr.exe

E:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

E:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe

E:\Program Files (x86)\Online Armor\OAui.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\System32\mmlweb.exe

E:\Program Files\Synergy\synergys.exe

E:\Program Files (x86)\Online Armor\OAhlp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Microsoft Security Client\NisSrv.exe

E:\Program Files (x86)\DisplayFusion\DisplayFusion.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Users\Installer\AppData\Roaming\Google\Google Talk\googletalk.exe

E:\Program Files (x86)\NewTech Infosystems\NTI Shadow 3\shadow.exe

C:\Users\Installer\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe

E:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

E:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe

E:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskhost.exe

E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\hh.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\msiexec.exe

C:\Windows\SysWOW64\msiexec.exe

C:\Windows\syswow64\MsiExec.exe

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

E:\Program Files (x86)\Intuit\DMS\DMS.EXE

E:\ProWin12\32bit\protax12.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [synergy Server] "E:\Program Files\Synergy\synergys.exe" --no-daemon --debug WARNING --name Win7 --address :24800

uRun: [CFFE17749DA0713683FF14B936CC494313C41A43._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service

uRun: [DisplayFusion] "E:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"

uRun: [chromium] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window

uRun: [googletalk] C:\Users\Installer\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

uRun: [shadow] E:\Program Files (x86)\NewTech Infosystems\NTI Shadow 3\shadow.exe --minimize

uRun: [Driver Detective] E:\Program Files (x86)\PC Drivers HeadQuarters\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRun: [Adobe Acrobat Speed Launcher] "E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "E:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup

mRun: [GrooveMonitor] "E:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [backup Scheduler] C:\Program Files (x86)\Common Files\CCHSFS\2011\CCHBKPScheduler11.exe

StartupFolder: C:\Users\INSTAL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Installer\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\INSTAL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIVEPE~1.LNK - C:\Program Files (x86)\LivePerson\Expert\LPExpertMessenger.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CSCONN~1.LNK - E:\WinCSI\Tools\connectbgdl.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - E:\Program Files (x86)\QuickBooks 2012\QBW32.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{900EC6B5-8253-43E7-9D04-C2684B0D2C53} : DHCPNameServer = 75.75.75.75 75.75.76.76

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - E:\Program Files (x86)\QuickBooks 2012\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

AppInit_DLLs= c:\progra~2\wxdown~1\sprote~1.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -

x64-Run: [@OnlineArmor GUI] "E:\Program Files (x86)\Online Armor\OAui.exe"

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [mmlweb] C:\Windows\System32\mmlweb.exe

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>

x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 ads.mcafee.com

Hosts: 127.0.0.1 analytics.microsoft.com

Hosts: 127.0.0.1 metrics.bitdefender.com

Hosts: 127.0.0.1 metrics.mcafee.com

Hosts: 127.0.0.1 om.symantec.com

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

============= SERVICES / DRIVERS ===============

.

R0 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2011-12-25 14592]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2011-12-26 64720]

R1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2011-12-26 62008]

R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2011-12-26 52360]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 238080]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-11-16 361984]

R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 DiskDoctorService;Norton Disk Doctor Service;E:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [2011-12-25 1029480]

R2 DisplayFusionService;DisplayFusionService;E:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2013-2-11 1315728]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]

R2 MBAMScheduler;MBAMScheduler;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-6 418376]

R2 MBAMService;MBAMService;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-6 701512]

R2 monblanking;monblanking;C:\Windows\System32\drivers\monblanking.sys [2013-6-9 34048]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]

R2 OAcat;Online Armor Helper Service;E:\Program Files (x86)\Online Armor\OAcat.exe [2013-11-25 584864]

R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-1-10 1248256]

R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-12-25 32544]

R2 SCAppMgr;Smart Client Manager;C:\Program Files (x86)\Ellie Mae\SCAppMgr\SCAppMgr.exe [2011-12-22 59392]

R2 SpeedDiskService;Norton SpeedDisk Service;E:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [2011-12-25 1037672]

R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2013-10-18 1025408]

R2 SvcOnlineArmor;Online Armor;E:\Program Files (x86)\Online Armor\OAsrv.exe [2013-11-25 4457688]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-5-10 46136]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-4 126952]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-4 390632]

R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-26 25928]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

R3 OAnet;OnlineArmor Service;C:\Windows\System32\drivers\OAnet.sys [2011-12-26 35368]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-6-11 16776]

S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2013-11-27 22704]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-6-11 9096]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-5 19456]

S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-12-25 48416]

S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-12-25 29472]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SymDSMon;SymDSMon;C:\Windows\System32\drivers\SymDSMon.sys [2011-12-25 191232]

S3 SYMSpeedDisk;SYMSpeedDisk;C:\Windows\System32\drivers\SymSpeedDisk.sys [2011-12-25 163384]

S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-2-12 42184]

S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-12-25 48416]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-5 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-5 30208]

S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-12-25 29472]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-25 1255736]

.

=============== Created Last 30 ================

.

2013-11-27 19:04:18 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys

2013-11-27 19:04:15 110080 ----a-r- C:\Users\Installer\AppData\Roaming\Microsoft\Installer\{CD09642E-061D-4844-BA37-ED1480916404}\IconF7A21AF7.exe

2013-11-27 19:04:15 110080 ----a-r- C:\Users\Installer\AppData\Roaming\Microsoft\Installer\{CD09642E-061D-4844-BA37-ED1480916404}\IconD7F16134.exe

2013-11-27 19:04:15 110080 ----a-r- C:\Users\Installer\AppData\Roaming\Microsoft\Installer\{CD09642E-061D-4844-BA37-ED1480916404}\Icon1226A4C5.exe

2013-11-27 19:04:11 -------- d-----w- C:\sh4ldr

2013-11-27 19:04:11 -------- d-----w- C:\Program Files\Enigma Software Group

2013-11-27 19:03:50 -------- d-----w- C:\Windows\CD09642E061D4844BA37ED1480916404.TMP

2013-11-27 03:28:51 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E6BA2A9-29EE-491D-85E1-4271E1823F72}\offreg.dll

2013-11-27 02:10:53 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E6BA2A9-29EE-491D-85E1-4271E1823F72}\mpengine.dll

2013-11-26 02:11:25 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-11-17 22:39:58 -------- d-----w- C:\RefundAdvantage2013

2013-11-17 22:39:40 -------- d-----w- C:\Program Files (x86)\Refund Advantage 2013

2013-11-07 02:11:11 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{93A19C9C-F848-4112-882F-8691F1437713}\gapaengine.dll

2013-11-02 02:20:38 -------- d-----w- C:\ProgramData\Oracle

2013-11-02 02:18:54 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

.

==================== Find3M ====================

.

2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe

2013-10-15 17:17:14 64720 ----a-w- C:\Windows\SysWow64\drivers\OADriver.sys

2013-10-15 17:17:14 52360 ----a-w- C:\Windows\SysWow64\drivers\OAmon.sys

2013-10-15 17:17:14 35368 ----a-w- C:\Windows\System32\drivers\OAnet.sys

2013-10-15 17:16:39 62008 ----a-w- C:\Windows\SysWow64\drivers\oahlp64.sys

****************************************************************************************************************************************************************************************************************************

AND HERE IS ATTACH.TXT

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 12/24/11 10:43:00 PM

System Uptime: 11/26/13 10:26:24 PM (20 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M5A88-M

Processor: AMD Phenom II X2 560 Processor | AM3R2 | 3300/200mhz

.

==== Disk Partitions =========================

.

B: is FIXED (NTFS) - 73 GiB total, 73.152 GiB free.

C: is FIXED (NTFS) - 166 GiB total, 82.291 GiB free.

D: is FIXED (NTFS) - 0 GiB total, 0.068 GiB free.

E: is FIXED (NTFS) - 391 GiB total, 262.625 GiB free.

F: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

K: is Removable

L: is NetworkDisk (NTFS) - 279 GiB total, 115.453 GiB free.

O: is NetworkDisk (NTFS) - 279 GiB total, 115.453 GiB free.

T: is NetworkDisk (NTFS) - 279 GiB total, 115.453 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Hosts File Hijack ======================

.

Hosts: 127.0.0.1 ads.mcafee.com

Hosts: 127.0.0.1 analytics.microsoft.com

Hosts: 127.0.0.1 metrics.bitdefender.com

Hosts: 127.0.0.1 metrics.mcafee.com

Hosts: 127.0.0.1 om.symantec.com

Hosts: 127.0.0.1 ads.bleepingcomputer.com

Hosts: 127.0.0.1 wdcs.trendmicro.com

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Access Denied XP 1.2

Adobe Acrobat X Standard

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.6)

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Fuel

AMD Media Foundation Decoders

AMD VISION Engine Control Center

AnswerWorks 4.0 Runtime - English

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Asmedia ASM104x USB 3.0 Host Controller Driver

ASUS Ai Charger

ATX 2012

Auslogics BoostSpeed

Bonjour

Brother MFL-Pro Suite MFC-8890DW

Carbonite

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco WebEx Meetings

CompanionLink

Cortona3D Viewer

Crystal Reports Viewer 2008

Dell Driver Download Manager

DisplayFusion 5.1

Document eSort Components

Driver Detective

Dropbox

EaseUS Partition Master 9.1.1 Home Edition

EasyDuplicateFinder v4.2

Encompass360 SmartClient

Google Chrome

Google Drive

Google Talk (remove only)

Google Update Helper

GoToMeeting 5.9.0.1207

GoToMyPC

HP Media Vault

HP Software Update

iCloud

Infragisticsv62Install 2010

iTunes

Java 7 Update 45

JavaFX 2.1.1

join.me

K-Lite Codec Pack 9.6.0 (Full)

LivePerson Expert Messenger

Macromedia Flash Player 8

Malwarebytes Anti-Malware version 1.75.0.1300

Max Uninstaller version 2.0

MeadCo ScriptX (v7.2.0.36 (x86))

MFL-Pro Suite

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual J# 2.0 Redistributable Package

Microsoft Visual Studio 2005 Tools for Office Runtime

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Network Recording Player

Norton Utilities 15

NTI DriveBackup! 4

NTI Shadow 3

Online Armor 6.0

PaperPort Image Printer 64-bit

Perfect Data Solutions 2.0

Printer/Scanner Driver for MFX-1450/2050,F-525/565

QuickTime

Realtek Ethernet Controller Driver

Realtek Ethernet Diagnostic Utility

Realtek High Definition Audio Driver

ScanSoft PaperPort 11

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsof7:09 PM 11/27/13t Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Skype™ 6.3

SmartClient Core

SmartClient Installation Manager

SpyHunter

SpywareBlaster 5.0

Stamps.com

Stamps.com Application Support for Microsoft Word 2000-2010

Stamps.com support for Microsoft Word 2000-2010

Synergy

TurboTax 2012

TurboTax 2012 wcaiper

TurboTax 2012 wcoiper

TurboTax 2012 wctiper

TurboTax 2012 WinPerFedFormset

TurboTax 2012 WinPerReleaseEngine

TurboTax 2012 WinPerTaxSupport

TurboTax 2012 wksiper

TurboTax 2012 wmaiper

TurboTax 2012 wnciper

TurboTax 2012 wnyiper

TurboTax 2012 wohiper

TurboTax 2012 wrapper

TurboTax 2012 wriiper

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VLC media player 1.1.11

Windows Driver Package - Citrix Systems monblanking Citrix Driver (06/27/2012 6.3.0.48)

Windows Media Player Firefox Plugin

Windows XP Mode

WxDownload 1.66

.

==== Event Viewer Messages From Past Week ========

.

11/26/13 9:50:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

11/26/13 10:25:29 PM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).

11/25/13 2:36:31 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Win7\Installer SID (S-1-5-21-3103752536-886623914-2107122075-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

11/25/13 2:36:31 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Win7\Installer SID (S-1-5-21-3103752536-886623914-2107122075-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

11/20/13 9:18:00 PM, Error: Schannel [36888] - The following fatal alert was generated: 43. The internal error state is 252.

.

==== End Of File ===========================

**************************************************************************************************************************************************************************************************

By the way, if you see anything on here that looks like "bloatware" and you think I should just remove it, please let me know.

December 23, 2011

I have attached the Combofix log.

It was too large to cut and paste.

ComboFix.txt

December 23, 2011

HERE IS THE MBAM LOG. IT FOUND THREE MORE INFECTIONS TODAY.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122201

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

12/22/11 10:32:31 AM

mbam-log-2011-12-22 (10-32-31).txt

Scan type: Quick scan

Objects scanned: 202621

Time elapsed: 11 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{5ADEFB9E-B824-45E6-86E2-2B7941F5D6A3} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5ADEFB9E-B824-45E6-86E2-2B7941F5D6A3} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5adefb9e-b824-45e6-86e2-2b7941f5d6a3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

********************************************************************************************************************************************8

Here is the DDS.TXT

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 7.0.5730.13

Run by Charles Computer at 22:35:55 on 2011-12-22

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.520 [GMT -5:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Citrix\GoToMyPC\g2svc.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Citrix\GoToMyPC\g2comm.exe

C:\Program Files\Citrix\GoToMyPC\g2pre.exe

C:\Program Files\Citrix\GoToMyPC\g2tray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Affixa\AffixaTray.exe

C:\Program Files\NewTech Infosystems\NTI Shadow 3\Shadow.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Charles Computer\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe

C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\ProWin06\32bit\protax06.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Charles Computer\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: AutorunsDisabled - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Affixa] c:\program files\affixa\AffixaTray.exe

uRun: [shadow] c:\program files\newtech infosystems\nti shadow 3\Shadow.exe --minimize

uRun: [4AF60A91ED87D399336B6EE65845034E831A75D0._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

StartupFolder: c:\docume~1\charle~1\startm~1\programs\startup\curecrm.lnk - c:\program files\curecrm\curecrm.exe

StartupFolder: c:\docume~1\charle~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\charles computer\application data\dropbox\bin\Dropbox.exe

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: Microsoft XML Parser for Java

DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E}

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://ccllcnc.com/Remote/msrdp.cab

DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913}

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} - hxxps://www.laserapp.com/dev/detect/lavdetect.ocx

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://intuitcorp.webex.com/client/WBXclient-T27L10NSP25-10481/training/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {CF2F86EA-5FC2-499A-BBD0-24EFF03A193F} = 4.2.2.2,8.8.8.8

Notify: AtiExtEvent - Ati2evxx.dll

Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-22 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-22 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-22 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-22 66616]

R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\norton utilities 15\tools\disk doctor\DiskDoctorSrv.exe [2011-12-21 1029480]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-28 366152]

R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2010-1-22 45824]

R2 SCAppMgr;Smart Client Manager;c:\program files\ellie mae\scappmgr\SCAppMgr.exe [2011-4-23 65536]

R2 SpeedDiskService;Norton SpeedDisk Service;c:\program files\norton utilities 15\tools\speeddisk\SpeedDiskSrv.exe [2011-12-21 1037672]

R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-7-27 14080]

R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-7-27 36352]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-28 22216]

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2010-1-22 56960]

R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-7-27 77056]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-3 136176]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-1-22 1691480]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-3 136176]

S3 Intuit Fuse Service;Intuit Fuse Service;c:\program files\common files\intuit\fuse\service\Intuit Fuse Service.exe [2006-12-16 72704]

S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-3-13 4736]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-3-13 8960]

S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2011-12-21 128248]

S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2011-12-21 108800]

S4 cpuz132;cpuz132;\??\c:\docume~1\instal~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\instal~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

S4 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\charle~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\charle~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]

S4 mrtRate;mrtRate; [x]

S4 PortAcc;Spearit Port Access;\??\c:\program files\laplink\pcmover\portacc.sys --> c:\program files\laplink\pcmover\PortAcc.sys [?]

S4 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]

.

=============== Created Last 30 ================

.

2011-12-21 22:27:04 -------- d-----w- c:\documents and settings\charles computer\application data\Norton Utilities

2011-12-21 21:44:48 -------- d-----w- c:\documents and settings\all users\application data\Norton Installer

2011-12-21 21:44:22 128248 ----a-w- c:\windows\system32\drivers\SymDSMon.sys

2011-12-21 21:44:22 108800 ----a-w- c:\windows\system32\drivers\SymSpeedDisk.sys

2011-12-21 21:44:20 -------- d-----w- c:\program files\common files\Symantec

2011-12-21 21:44:18 36712 ----a-w- c:\windows\system32\CleanMFT32.exe

2011-12-21 21:44:18 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx

2011-12-21 21:44:18 1101824 ----a-w- c:\windows\system32\UniBox210.ocx

2011-12-21 21:44:17 880640 ----a-w- c:\windows\system32\UniBox10.ocx

2011-12-21 21:44:04 -------- d-----w- c:\program files\Norton Utilities 15

2011-12-18 19:20:13 -------- d-----w- c:\program files\AMD APP

2011-12-18 18:03:49 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-12-18 18:03:49 -------- d-----w- c:\windows\system32\wbem\Repository

2011-12-18 18:02:36 -------- d-sha-r- C:\cmdcons

2011-12-18 04:00:10 -------- d-sh--w- C:\RECYCLER(2)

2011-12-18 03:03:26 -------- d-sha-w- C:\cmdcons(2)

2011-12-18 01:15:31 -------- d-----w- C:\MGtools

2011-12-18 00:58:15 -------- d-----w- c:\documents and settings\charles computer\local settings\application data\WinZip

2011-12-17 21:21:14 -------- d-----w- c:\documents and settings\charles computer\application data\SUPERAntiSpyware.com

2011-12-17 21:20:41 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-12-17 21:20:41 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-12-17 20:51:38 -------- d-----w- c:\program files\common files\Java(2)

2011-12-14 04:41:05 -------- d-----w- c:\program files\Affixa

2011-12-08 01:46:13 32768 ----a-w- c:\windows\system32\JAWTAccessBridge.dll

.

==================== Find3M ====================

.

2011-12-03 19:53:17 3209640 ----a-w- C:\Affixa-Download.exe

2011-11-18 22:29:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-13 22:53:03 414 ----a-w- C:\Act_Kill_regbackup_JDK_Nov13-2011.reg

2011-11-07 15:54:30 848 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys

2011-10-28 22:12:19 1393736 ----a-w- c:\documents and settings\charles computer\gotomypc_626.exe

2011-10-26 03:01:40 7412736 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2011-10-26 02:59:02 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2011-10-26 02:30:50 57344 ----a-w- c:\windows\system32\aticalrt.dll

2011-10-26 02:30:40 53248 ----a-w- c:\windows\system32\aticalcl.dll

2011-10-26 02:27:26 5890048 ----a-w- c:\windows\system32\aticaldd.dll

2011-10-26 02:21:48 56832 ----a-w- c:\windows\system32\OpenVideo.dll

2011-10-26 02:21:34 56832 ----a-w- c:\windows\system32\OVDecoder.dll

2011-10-26 02:20:42 13950464 ----a-w- c:\windows\system32\amdocl.dll

2011-10-26 02:16:30 18968576 ----a-w- c:\windows\system32\atioglxx.dll

2011-10-26 02:06:02 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-10-26 02:04:50 304128 ----a-w- c:\windows\system32\ati2dvag.dll

2011-10-26 02:04:46 4004864 ----a-w- c:\windows\system32\ati3duag.dll

2011-10-26 01:58:22 956160 ----a-w- c:\windows\system32\ativvamv.dll

2011-10-26 01:44:50 3286400 ----a-w- c:\windows\system32\ativvaxx.dll

2011-10-26 01:44:08 212992 ----a-w- c:\windows\system32\atipdlxx.dll

2011-10-26 01:43:54 155648 ----a-w- c:\windows\system32\Oemdspif.dll

2011-10-26 01:43:46 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

2011-10-26 01:43:38 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-10-26 01:43:26 188416 ----a-w- c:\windows\system32\ati2evxx.dll

2011-10-26 01:42:08 643072 ----a-w- c:\windows\system32\ati2evxx.exe

2011-10-26 01:40:46 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2011-10-26 01:39:12 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2011-10-26 01:35:00 806912 ----a-w- c:\windows\system32\atikvmag.dll

2011-10-26 01:34:14 499712 ----a-w- c:\windows\system32\atiok3x2.dll

2011-10-26 01:30:52 229376 ----a-w- c:\windows\system32\atiadlxx.dll

2011-10-26 01:30:28 17408 ----a-w- c:\windows\system32\atitvo32.dll

2011-10-26 01:25:38 65024 ----a-w- c:\windows\system32\atimpc32.dll

2011-10-26 01:25:38 65024 ----a-w- c:\windows\system32\amdpcom32.dll

2011-10-26 01:24:58 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-10-26 01:24:52 884736 ----a-w- c:\windows\system32\ati2cqag.dll

2011-10-25 15:56:30 60304 ----a-w- c:\documents and settings\charles computer\g2mdlhlpx.exe

2011-10-18 23:53:14 6439528 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys

2011-10-18 22:10:30 64616 ----a-w- c:\windows\system32\RtkCoInstXP.dll

2011-10-14 22:58:12 20064872 ----a-w- c:\windows\RTHDCPL.EXE

2011-10-12 21:14:50 43520 ----a-w- c:\windows\system32\OpenCL.dll

2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 06:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

.

============= FINISH: 22:39:18.51 ===============

Thank you!

December 13, 2011

Hi, the other day, my computer started to act really strangely. I was getting all sorts of blue screens of death. It was really scary. MBAM ran as scheduled and

deteceted the following items and quarantined them:

Trojan. Agent Registry Key DETAILS NOT LISTED

Trojan,Dropper.BCM File

Trojan.Agent Registry Key

Trojan.Dropper.BMC File

Then Avira ran and found the following:

Begin scan in 'C:\System Volume Information\_restore{ABEF2253-1D8C-4413-BF89-FE4AC567E6F6}\RP2023\A0228167.exe

C:\System Volume Information\_restore{ABEF2253-1D8C-4413-BF89-FE4AC567E6F6}\RP2023\A0228167.exe

[DETECTION] Is the TR/Trash.Gen Trojan

Beginning disinfection:

C:\System Volume Information\_restore{ABEF2253-1D8C-4413-BF89-FE4AC567E6F6}\RP2023\A0228167.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '4df00cb0.qua'.

*****************************************************************************************************************************************

Anyway, I would love to post my Hijack this logs and have someone take a look and see what they see!

Thanks

TaxSleuth

August 15, 2011

Thanks for un-locking this thread.

Sorry. Was off vacating and I am back. This laptop is still trying to make outbound IPs to Latvia!

Thank goodness Malwarebytes blocks these things.

Here's recent Malwarebyte's log:

11:29:56 IP-BLOCK 91.188.62.42 (Type: outgoing)

11:29:58 IP-BLOCK 91.188.62.42 (Type: outgoing)

11:30:02 IP-BLOCK 91.188.62.42 (Type: outgoing)

17:48:14 IP-BLOCK 62.45.210.64 (Type: outgoing)

17:48:16 IP-BLOCK 62.45.210.64 (Type: outgoing)

17:48:20 IP-BLOCK 62.45.210.64 (Type: outgoing)

PLEASE NOTE THAT THE "TASKSCHEDULER" from ProSeries is part of my accounting software.

Here's the COMBOFIX log:

************************************ComboFix 11-08-13.02 - Computer User 08/15/2011 15:26:45.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.490 [GMT -4:00]

Running from: c:\documents and settings\Computer User\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Laptop User\GoToAssistDownloadHelper.exe

c:\documents and settings\Guest new\gotomypc_540.exe

c:\documents and settings\Computer User\g2mdlhlpx.exe

c:\documents and settings\Computer User\My Documents\~WRL0862.tmp

c:\documents and settings\Computer User\My Documents\~WRL1041.tmp

c:\windows\mainms.vpi

c:\windows\megavid.cdt

c:\windows\muotr.so

c:\windows\system\oeminfo.ini

c:\windows\system32\drivers\icjelaahoqvk.sys

c:\windows\system32\tmp.reg

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_icjelaahoqvk

-------\Service_icjelaahoqvk

.

((((((((((((((((((((((((( Files Created from 2011-07-15 to 2011-08-15 )))))))))))))))))))))))))))))))

.

2011-08-13 05:35 . 2011-07-20 13:44 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{CB8E56B9-AE81-43DF-80DD-61A3D80EDB17}\mpengine.dll

2011-08-09 04:07 . 2011-07-20 13:44 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-08-09 04:06 . 2011-05-24 23:14 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-08-09 04:03 . 2011-08-09 04:03 -------- d-----w- c:\program files\Windows Defender

2011-08-08 12:34 . 2011-08-08 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer

2011-07-31 01:14 . 2011-07-31 01:14 -------- d-----w- c:\program files\Common Files\Java

2011-07-25 16:25 . 2011-07-25 16:25 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2011-07-25 16:25 . 2011-07-25 16:25 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2011-07-21 02:43 . 2011-07-21 02:44 -------- d-----w- c:\documents and settings\Guest new\Local Settings\Application Data\Deployment

2011-07-21 00:41 . 2011-07-21 00:41 -------- d-----w- c:\documents and settings\Computer User\Tracing

2011-07-21 00:39 . 2011-05-12 21:32 82696 ----a-w- c:\windows\system32\lmdimon8.dll

2011-07-21 00:39 . 2011-05-12 21:32 82184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll

2011-07-21 00:39 . 2011-07-21 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-06 14:08 . 2008-06-06 13:04 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-07-06 23:52 . 2009-05-17 16:07 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-06 23:52 . 2009-05-17 16:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-05 20:35 . 2011-07-05 20:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-09 19:55 . 2011-05-09 19:55 289592 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TaskScheduler"="c:\prowin10\32bit\tasksch.exe" [2011-08-05 443448]

"PrinterShare"="c:\program files\PrinterShare\paConsole.exe" [2011-02-22 1107456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]

"nwiz"="nwiz.exe" [2007-11-17 1626112]

"NVHotkey"="nvHotkey.dll" [2007-11-17 86016]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 2220032]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-06-08 128560]

"iTunesHelper"="c:\program files\ITunes\iTunesHelper.exe" [2009-09-21 305440]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]

"HPMVTray"="c:\program files\Hewlett-Packard\HP Media Vault\Utilities\HPMVTray.exe" [2007-02-15 964248]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-11-13 1122304]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-08-12 114688]

"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-05-14 1191936]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"USBDetector"="c:\usbstorage\USBDetector.exe" [2003-04-01 53248]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2005-07-23 188416]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

c:\documents and settings\Laptop User\Start Menu\Programs\Startup\

Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [N/A]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-02-23 02:56 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wxvault.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Computer User^Start Menu^Programs^Startup^Bat - Auto Update.lnk]

path=c:\documents and settings\Computer User\Start Menu\Programs\Startup\Bat - Auto Update.lnk

backup=c:\windows\pss\Bat - Auto Update.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Computer User^Start Menu^Programs^Startup^Last.fm Helper.lnk]

path=c:\documents and settings\Computer User\Start Menu\Programs\Startup\Last.fm Helper.lnk

backup=c:\windows\pss\Last.fm Helper.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-05-27 18:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2007-05-14 20:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]

2007-01-30 21:32 102400 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJTWAIN Setup]

2004-09-01 16:45 126976 ----a-w- c:\windows\twain_32\Fjscan32\FjtwSetup.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FtLnSOP_setup]

2005-01-06 08:16 212992 ----a-w- c:\windows\twain_32\Fjscan32\SOP\FtLnSOP.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

2006-07-19 17:03 94208 ----a-w- c:\program files\Common Files\Logitech\khalshared\KHALMNPR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2007-11-17 08:03 81920 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2007-06-08 22:40 128560 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]

2007-01-22 17:53 212992 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-05-10 15:22 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueSpeedUpMyPC]

2009-04-29 09:45 614696 ----a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"Netlogs"=2 (0x2)

"MsSecurity1.209.4"=2 (0x2)

"Bonjour Service"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\TightVNC\\WinVNC.exe"=

"c:\\kav\\kav7\\setup.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\ITunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\InstallShield\\engine\\6\\Intel 32\\Ikernel.exe"=

"c:\\Program Files\\Hewlett-Packard\\HP Media Vault\\Utilities\\HPMVTray.exe"=

"c:\\Program Files\\Hewlett-Packard\\HP Media Vault\\Utilities\\NASSelector.exe"=

"c:\\Program Files\\Hewlett-Packard\\HP Media Vault\\Utilities\\NASDriveMapper.exe"=

"c:\\Program Files\\Hewlett-Packard\\HP Media Vault\\Utilities\\HPEZBkup.exe"=

"c:\\Program Files\\Hewlett-Packard\\HP Media Vault\\Utilities\\HPMVCheck.exe"=

"c:\\Program Files\\NewTech Infosystems\\NTI Shadow 3\\Shadow.exe"=

"c:\\Program Files\\NewTech Infosystems\\NTI DriveBackup! 4\\CDDIB32.exe"=

"c:\\Program Files\\NewTech Infosystems\\NTI DriveBackup! 4\\DIBExplor.exe"=

"c:\\Program Files\\PrinterShare\\paConsole.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/25/2010 9:11 PM 691696]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/10/2008 3:23 PM 3712]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/17/2009 12:07 PM 366640]

R2 SupportSpaceHelperService;SupportSpace platform helper service;c:\program files\SupportSpace\Support Platform\supportspace_tools.exe [1/20/2008 5:12 PM 308464]

R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [7/27/2005 6:25 PM 14080]

R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 6:25 PM 36352]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/4/2004 8:00 AM 5120]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 6:43 PM 31896]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/17/2009 12:07 PM 22712]

R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [7/27/2005 6:25 PM 77056]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]

S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [10/24/2010 12:10 PM 114704]

S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [3/6/2008 9:09 AM 44928]

S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [4/14/2010 8:29 PM 32408]

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963105436-2415782456-3906164000-1007Core.job

- c:\documents and settings\Computer User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-01 17:14]

.

2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963105436-2415782456-3906164000-1007UA.job

- c:\documents and settings\Computer User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-01 17:14]

.

2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963105436-2415782456-3906164000-1009Core.job

- c:\documents and settings\Guest new\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-21 02:44]

.

2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963105436-2415782456-3906164000-1009UA.job

- c:\documents and settings\Guest new\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-21 02:44]

.

2011-08-15 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

.

2011-08-15 c:\windows\Tasks\User_Feed_Synchronization-{E3277B1A-2E11-4D47-B9FF-9A71E056957E}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

LSP: c:\windows\system32\biolsp.dll

Trusted Zone: elance.com\collab

Trusted Zone: elance.com\secure

Trusted Zone: elance.com\www

Trusted Zone: godaddy.com\mya

Trusted Zone: godaddy.com\www

Trusted Zone: google.com\mail

Trusted Zone: google.com\www

Trusted Zone: gotomypc.com\www

Trusted Zone: intuit.com\ttlc

Trusted Zone: mynutrikids.com\www

Trusted Zone: naea.org\webboard

Trusted Zone: verizonwireless.com\ebillpay

TCP: DhcpNameServer = 8.8.8.8 4.2.2.2

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: Web-Based Email Tools - hxxp://email02.secureserver.net/Download.CAB

DPF: {08653405-44A9-4E99-9C09-DD00770AAA08} - hxxp://www.supportspace.com/rcp/6.0.633.5/SupportSpace_tools.dll

DPF: {7EC816D4-6FC3-4C58-A7DA-A770EE461602} - hxxp://151.203.99.51/Ericom/WebConnect%205.6/web/windows/ptdownloader.cab

DPF: {9D27C3FA-6662-4D29-99FB-A58A405FD584} - hxxps://secureshare.prometric.com/COM/MOVEitUploadWizard4.0.0.ocx

FF - ProfilePath - c:\documents and settings\Computer User\Application Data\Mozilla\Firefox\Profiles\sqyq2uvb.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: UnPlug: unplug@compunach - %profile%\extensions\unplug@compunach

FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Computer User\Application Data\Move Networks

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{76DD7730-2951-46D7-80E9-C63D52EE9470} - c:\windows\system32\mljjg.dll

Notify-GoToMyPC - c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

Notify-vtuurpp - (no file)

MSConfigStartUp-8c7514ae - c:\windows\system32\ismjpymd.dll

MSConfigStartUp-AVP - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

MSConfigStartUp-BM8f462732 - c:\windows\system32\twfebqsi.dll

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

MSConfigStartUp-hcfnbocl - c:\windows\system32\tktsfcdi.exe

MSConfigStartUp-iTunesHelper - d:\program files\ITunes\iTunesHelper.exe

MSConfigStartUp-monsrvset - c:\documents and settings\All Users\Application Data\Common\bwnwdujm.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

MSConfigStartUp-webHancer Agent - c:\program files\webHancer\Programs\whagent.exe

AddRemove-Videora iPod Converter - c:\program files\Red Kawa\Video Converter 3\uninstaller.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-15 15:47

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TaskScheduler = c:\prowin10\32bit\tasksch.exe???????A?Ux????+.Tx????L???????:?Ux????????<??????????????NL??????N????n???????0?????Uxo???????$???,??4l???8?????C???????@????4l???l???X?????C??????yA?????d??4P?D?l??????4????D-C??????H@?@?C?????&???!???????@?C?????????????????@?C

.

scanning hidden files ...

.

c:\windows\TEMP\TMP000000156E16CC4BE12E28B9 524288 bytes

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(848)

c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'lsass.exe'(904)

c:\windows\system32\biolsp.dll

.

- - - - - - - > 'explorer.exe'(3228)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\biolsp.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\bcmwltry.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Dell\QuickSet\NICCONFIGSVC.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\fxssvc.exe

c:\windows\system32\msdtc.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\program files\Brother\ControlCenter3\brccMCtl.exe

c:\program files\Apoint\HidFind.exe

c:\program files\Apoint\Apntex.exe

c:\program files\Brother\Brmfcmon\BrMfimon.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-08-15 15:55:03 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-15 19:54

ComboFix2.txt 2008-04-21 22:18

.

Pre-Run: 16,237,953,024 bytes free

Post-Run: 16,976,412,672 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

.

- - End Of File - - FF6E976BC87BC963DE059501D16A21A4

************************************************************************

June 4, 2011

screenshot DOS.pdf

Please see the PDF attached to this message. It was the best I could do to show my "E:/" drive. I did some searching and found that the autorun.inf.aug.8 is hidden and so I

revealed it. I also deleted it, but I understand it can just come back.

Charles

June 4, 2011

I didn't bother to post that file because I recognize it. It has to do with my accounting software and it is a scheduler that automatically loads updates. I have turned it off.

Today, when I walked into my office there was a message from Avira.

BLOCKED: E:/autorun.in.Aug.8 was blocked from running.

I cannot find this in any log file. "E" is a partition on my hard drive.

May 27, 2011

No, it's not happending in safe mode. Also not happening every day, but I guess I don't think

there should be any IP blocks unless they appear to be a false positive.

16:52:23 XYZ & Company IP-BLOCK 208.73.210.29 (Type: outgoing)

16:52:26 XYZ & Company IP-BLOCK 208.73.210.29 (Type: outgoing)

16:52:32 XYZ & Company IP-BLOCK 208.73.210.29 (Type: outgoing)

17:01:06 XYZ & Company IP-BLOCK 208.91.207.65 (Type: outgoing)

17:01:08 XYZ & Company IP-BLOCK 208.91.207.65 (Type: outgoing)

17:01:14 XYZ & Company IP-BLOCK 208.91.207.65 (Type: outgoing)

17:01:33 XYZ & Company IP-BLOCK 208.91.207.65 (Type: outgoing)

17:01:36 XYZ & Company IP-BLOCK 208.91.207.65 (Type: outgoing)

17:01:42 XYZ & Company IP-BLOCK 208.91.207.65 (Type: outgoing)

17:20:36 XYZ & Company MESSAGE Protection started successfully

17:21:55 XYZ & Company MESSAGE IP Protection started successfully

17:24:58 XYZ & Company MESSAGE IP Protection stopped

17:25:07 XYZ & Company MESSAGE Database updated successfully

17:25:11 XYZ & Company MESSAGE IP Protection started successfully

17:53:45 XYZ & Company MESSAGE Protection started successfully

17:54:18 XYZ & Company MESSAGE IP Protection started successfully

17:01:00 XYZ & Company IP-BLOCK 93.174.91.144 (Type: outgoing)

17:01:03 XYZ & Company IP-BLOCK 93.174.91.144 (Type: outgoing)

17:01:09 XYZ & Company IP-BLOCK 93.174.91.144 (Type: outgoing)

19:39:59 XYZ & Company MESSAGE Protection started successfully

19:40:33 XYZ & Company MESSAGE IP Protection started successfully

19:51:53 XYZ & Company MESSAGE Protection started successfully

19:52:15 XYZ & Company MESSAGE IP Protection started successfully

20:05:09 XYZ & Company MESSAGE Protection started successfully

20:05:36 XYZ & Company MESSAGE IP Protection started successfully

21:04:36 XYZ & Company DETECTION C:\Documents and Settings\XYZ & Company\Local Settings\Temporary Internet Files\chpati_rs690amp69wxp.exe Trojan.Agent ALLOW

21:20:20 XYZ & Company DETECTION C:\Documents and Settings\XYZ & Company\Local Settings\Temporary Internet Files\chpati_rs690amp69wxp.exe Trojan.Agent ALLOW

21:59:19 XYZ & Company MESSAGE Protection started successfully

21:59:26 XYZ & Company MESSAGE IP Protection started successfully

22:52:09 XYZ & Company MESSAGE Protection started successfully

22:52:16 XYZ & Company MESSAGE IP Protection started successfully

23:16:52 XYZ & Company MESSAGE Protection started successfully

07:40:24 XYZ & Company IP-BLOCK 46.17.96.229 (Type: outgoing)

07:40:36 XYZ & Company IP-BLOCK 46.17.96.229 (Type: outgoing)

07:40:49 XYZ & Company IP-BLOCK 193.169.40.29 (Type: outgoing)

07:40:52 XYZ & Company IP-BLOCK 193.169.40.29 (Type: outgoing)

07:40:58 XYZ & Company IP-BLOCK 193.169.40.29 (Type: outgoing)

12:53:40 XYZ & Company IP-BLOCK 193.169.40.29 (Type: outgoing)

12:53:45 XYZ & Company IP-BLOCK 46.17.96.229 (Type: outgoing)

12:53:48 XYZ & Company IP-BLOCK 46.17.96.229 (Type: outgoing)

23:17:03 XYZ & Company MESSAGE IP Protection started successfully

May 22, 2011

I hate these darn outbound IP things.

Anyway here's the data dumps. Help me, Obi wan.

When I ran this, nothing else was running. (That I knew of...)

***********************************************************************************************************************************

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 7.0.5730.13

Run by XXXX at 17:56:31 on 2011-05-22

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1364 [GMT -4:00]

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Program Files\Citrix\GoToMyPC\g2svc.exe

C:\Program Files\Citrix\GoToMyPC\g2comm.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Citrix\GoToMyPC\g2pre.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Citrix\GoToMyPC\g2tray.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Secunia\PSI\PSIA.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\NewTech Infosystems\NTI Shadow 3\Shadow.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\ProWin10\32bit\tasksch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Affixa\AffixaTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\Documents and Settings\XXXX\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AffixaHandlerLib.BHO: {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} - mscoree.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [shadow] c:\program files\newtech infosystems\nti shadow 3\Shadow.exe --minimize

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1

uRun: [TaskScheduler] c:\prowin10\32bit\tasksch.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Affixa] c:\program files\affixa\AffixaTray.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: cumberlandcounty.org

Trusted Zone: intuit.com\ttlc

Trusted Zone: mainelandrecords.com\www

Trusted Zone: refund-advantage.com\www

DPF: Microsoft XML Parser for Java

DPF: Web-Based Email Tools - hxxp://email03.secureserver.net/Download.CAB

DPF: {009F119F-8723-11D3-8791-00A0C9EF9624} - hxxps://eformrs.com/FormOpen/RSFormsTV.cab

DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://inotes.adrus.com/dwa85W.cab

DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.refund-advantage.com/pcheck103010/smsx.cab

DPF: {187728C3-71FD-11D3-878E-00A0C9EF9624} - hxxps://eformrs.com/FormOpen/Dll/RSFCalc.cab

DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E}

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://ccllcnc.com/Remote/msrdp.cab

DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913}

DPF: {99140A4E-88C5-11D3-8793-00A0C9EF9624} - hxxps://eformrs.com/FormOpen/RSFormsDP.cab

DPF: {9D27C3FA-6662-4D29-99FB-A58A405FD584} - hxxps://secureshare.prometric.com/COM/MOVEitUploadWizard4.0.0.ocx

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {DC4B2445-4A2C-46FF-BAAE-C0FBB45D866D} - hxxps://www.laserapp.com/dev/detect/lavdetect.ocx

DPF: {DE1319F8-DE5B-42EB-9407-4067FB8A09FD} - hxxp://wkforms.com/BuildRelease/wkforms/perform%20plus%20III/release/install.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://intuit.webex.com/client/T27LC/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {CF2F86EA-5FC2-499A-BBD0-24EFF03A193F} = 4.2.2.2,8.8.8.8

Notify: AtiExtEvent - Ati2evxx.dll

Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-28 363344]

R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]

R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2010-1-22 45824]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]

R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-7-27 14080]

R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-7-27 36352]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-28 20952]

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2010-1-22 56960]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-7-27 77056]

S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2010-1-20 81920]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-4 136176]

S2 mrtRate;mrtRate; [x]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-1-22 1691480]

S3 cpuz132;cpuz132;\??\c:\docume~1\instal~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\instal~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\docume~1\markha~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [2011-5-1 70144]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-4 136176]

S3 Intuit Fuse Service;Intuit Fuse Service;c:\program files\common files\intuit\fuse\service\Intuit Fuse Service.exe [2006-12-16 72704]

S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-3-13 4736]

S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-3-13 8960]

S3 PortAcc;Spearit Port Access;\??\c:\program files\laplink\pcmover\portacc.sys --> c:\program files\laplink\pcmover\PortAcc.sys [?]

S3 SIWIO;SIWIO;\??\c:\windows\temp\siwio.sys --> c:\windows\temp\SiwIo.sys [?]

S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]

.

=============== Created Last 30 ================

.

2011-05-18 19:04:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-12 17:14:37 1115008 ----a-w- c:\windows\system32\ativvamv.dll

2011-05-12 03:33:19 -------- d-----w- c:\program files\AMD APP

2011-05-12 01:32:25 593920 ------w- c:\windows\system32\ati2sgag.exe

2011-05-12 01:19:05 -------- d-----w- c:\program files\Unibrain

2011-05-11 14:33:43 -------- d-----w- c:\documents and settings\markham & company\application data\Softland

2011-05-11 14:33:12 26960 ----a-w- c:\windows\system32\novamnv7.dll

2011-05-11 14:33:12 21328 ----a-w- c:\windows\system32\novamiv7.dll

2011-05-11 14:32:56 -------- d-----w- c:\documents and settings\markham & company\local settings\application data\PDF Annotator

2011-05-11 14:32:37 -------- d-----w- c:\program files\PDF Annotator

2011-05-09 15:49:50 72080 ----a-w- c:\documents and settings\markham & company\g2mdlhlpx.exe

2011-05-03 16:53:14 -------- d-----w- c:\documents and settings\markham & company\application data\Mapi2Xml

2011-05-03 16:53:04 -------- d-----w- c:\documents and settings\markham & company\application data\Affixa

2011-05-03 16:16:03 -------- d-----w- c:\program files\Affixa

2011-05-03 15:59:40 -------- d-----w- c:\program files\RefundAdvantage2010

2011-05-03 15:59:40 -------- d-----w- c:\program files\Refund Advantage 2010

2011-05-03 15:59:39 -------- d-----w- c:\program files\RA0708

2011-05-02 12:56:29 -------- d-----w- c:\documents and settings\markham & company\local settings\application data\Secunia PSI

2011-05-02 12:56:17 -------- d-----w- c:\program files\Secunia

2011-05-01 21:11:07 -------- d-----w- c:\documents and settings\markham & company\application data\f-secure

2011-05-01 21:10:37 -------- d-----w- c:\documents and settings\all users\application data\F-Secure

2011-05-01 18:22:28 -------- d-----w- C:\Rbackup

2011-05-01 15:32:59 -------- d-----w- c:\program files\ESET

2011-05-01 03:09:16 -------- d-sha-r- C:\cmdcons

2011-05-01 00:38:25 98816 ----a-w- c:\windows\sed.exe

2011-05-01 00:38:25 89088 ----a-w- c:\windows\MBR.exe

2011-05-01 00:38:25 256512 ----a-w- c:\windows\PEV.exe

2011-05-01 00:38:25 161792 ----a-w- c:\windows\SWREG.exe

2011-04-30 15:29:25 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-04-30 15:29:25 -------- d-----w- c:\windows\system32\wbem\Repository

2011-04-28 22:10:58 -------- d-----w- c:\program files\Avira

2011-04-28 22:10:58 -------- d-----w- c:\documents and settings\all users\application data\Avira

.

==================== Find3M ====================

.

2011-05-12 02:57:24 848 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys

2011-04-22 23:08:16 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-04-20 02:41:56 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2011-04-20 02:38:50 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2011-04-20 02:29:06 57344 ----a-w- c:\windows\system32\aticalrt.dll

2011-04-20 02:29:00 53248 ----a-w- c:\windows\system32\aticalcl.dll

2011-04-20 02:24:20 5459968 ----a-w- c:\windows\system32\aticaldd.dll

2011-04-20 02:14:04 17743872 ----a-w- c:\windows\system32\atioglxx.dll

2011-04-20 02:10:32 59904 ----a-w- c:\windows\system32\OVDecode.dll

2011-04-20 02:10:18 51712 ----a-w- c:\windows\system32\OpenCL.dll

2011-04-20 02:10:02 12385280 ----a-w- c:\windows\system32\amdocl.dll

2011-04-20 02:04:00 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-04-20 02:02:58 302080 ----a-w- c:\windows\system32\ati2dvag.dll

2011-04-20 02:01:50 4017408 ----a-w- c:\windows\system32\ati3duag.dll

2011-04-20 01:45:06 3265920 ----a-w- c:\windows\system32\ativvaxx.dll

2011-04-20 01:44:34 212992 ----a-w- c:\windows\system32\atipdlxx.dll

2011-04-20 01:44:22 155648 ----a-w- c:\windows\system32\Oemdspif.dll

2011-04-20 01:44:14 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

2011-04-20 01:44:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-04-20 01:43:54 188416 ----a-w- c:\windows\system32\ati2evxx.dll

2011-04-20 01:42:40 643072 ----a-w- c:\windows\system32\ati2evxx.exe

2011-04-20 01:41:22 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2011-04-20 01:40:08 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-04-20 01:36:24 651264 ----a-w- c:\windows\system32\atikvmag.dll

2011-04-20 01:34:10 200704 ----a-w- c:\windows\system32\atiadlxx.dll

2011-04-20 01:33:52 17408 ----a-w- c:\windows\system32\atitvo32.dll

2011-04-20 01:30:48 503808 ----a-w- c:\windows\system32\atiok3x2.dll

2011-04-20 01:28:32 851968 ----a-w- c:\windows\system32\ati2cqag.dll

2011-04-20 01:27:32 64512 ----a-w- c:\windows\system32\atimpc32.dll

2011-04-20 01:27:32 64512 ----a-w- c:\windows\system32\amdpcom32.dll

2011-04-20 01:26:26 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-04-14 09:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-14 06:40:22 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-03-18 18:32:10 71072 ----a-w- c:\windows\CouponPrinter.ocx

.

============= FINISH: 17:57:32.15 ===============

Attach.txt

May 1, 2011

Actually, it looks like I was able to manually generate a log.txt by moving to step four.

Here it is. Actually, if it's a part of PCMover software, then it's OK.

************************************************************************************************************

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=0c54e853784de247bf4126cbb5453eac

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-05-01 07:12:15

# local_time=2011-05-01 03:12:15 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=1026 16777214 0 2 51090314 51090314 0 0

# compatibility_mode=1536 16777215 100 0 7250420 7250420 0 0

# compatibility_mode=1797 16774142 0 6 0 35812416 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=171101

# found=3

# cleaned=0

# scan_time=9533

C:\Documents and Settings\Markham & Company\Local Settings\Application Data\Downloaded Installations\{8DFD5BB4-544D-446C-AA81-578300727545}\PCmover.msi a variant of Win32/PSWTool.PWDump.A application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\Perfect Uninstaller\PU.exe a variant of Win32/PerfectUninstaller application (unable to clean) 00000000000000000000000000000000 I

${Memory} a variant of Win32/PerfectUninstaller application 00000000000000000000000000000000 I

****************************************************************************************************************************

Events

Profiles

Forums

Posts posted by TaxSleuth

Important Information