Jump to content

Search the Community

Showing results for tags 'Chrome'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. I was infected with StartNow in Chrome. I removed the extension, startup page and uninstalled the toolbar. I ran AVG, Spybot and Malwarebytes. It appears to be gone, but that seemed too easy. If someone could review this log and let me know if there are still potential threats from that or anything else I'd appreciate it. Thanks! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:37:23 PM, on 10/6/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\sh0ckwav\AppData\Local\Akamai\netsession_win.exe C:\Users\sh0ckwav\AppData\Local\Akamai\netsession_win.exe C:\Users\sh0ckwav\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Users\sh0ckwav\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\sh0ckwav\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [sHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\sh0ckwav\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\sh0ckwav\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Google Update] "C:\Users\sh0ckwav\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - Startup: Dropbox.lnk = sh0ckwav\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: Kuma_Tray.lnk.disabled O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 - vpnweb.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit (mi-raysat_3dsmax2010_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Intel® Sample Collector (SampleCollector) - Intel Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: VAIO Movie Transform Schedule Service (SvmtSrv) - Sony Corporation - C:\Program Files\Sony\VAIO Movie Transform SDK\SvmtSrv.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.53\bin\mysqld.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 20177 bytes
  2. I am not exactly sure where to put this since it could be a legitimate infection or a false positive. Microsoft security essentials active protection has been flagging chromeupdate.crx as a variant of the Medfos.B trojan. When I scan that file with SE, MalwareBytes, and ESET, nothing comes up, only in SE active protection. I have done a full system scan using all three AV's listed above, nothing. I have since uninstalled Microsoft SE and installed a trial of Nod32. Nod32 active protection does not flag this file as an issue, nor does a system scan come up with anything. Here is a list of suspcious files: C:\Users\Chris\AppData\Local\Google\Chrome\Application\22.0.1229.79\Extensions\chromeupdate.crx *\cdjbnddbclciabnckgeahmneohjlahdm.json C:\Users\Chris\AppData\Local\chromeupdate.crx The .json file was never flagged, but its registry key points to chromeupdate.crx None of these files are on my other computers that have Chrome installed. Uninstalling and reinstalling Google Chrome does not change anything. No other symptoms of an infection other than the flagged file. Lastly, in the Google Chrome browser extensions list there is an extension that is called GoogleChromeUpdater that I am 99% certain is not legitimate. This last bit is what convinced me that this is not a false positive, but in fact an infection that is evading major AV programs. Attached is a screen shot of the Google Chrome Extensions. Any help is apprectiated. Thank you.
  3. how to, requested, for removal of whitesmoke toolbar. vista 32bit. chrome browser. layman's terms, please.
  4. Running Windows xp home edition, I have IE, Firefox, and Chrome. Starting yesterday, I can not log on using Chrome. (IE and Firefox are OK) After a while the msg says "application not responding". I googled for solution with no avail. Remove and re-install latest Chrome. Same problem. Runned Malwarebytes, no malware found. Please help Planoguy . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by Frank Liu at 8:09:54 on 2012-08-23 Microsoft Windows XP Home Edition 5.1.2600.3.950.886.1033.18.1471.716 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\MozyHome\mozybackup.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Iomega\QuikProtect\QpMonitor.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\program files\real\realplayer\update\realsched.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Iomega\QuikProtect\QuikProtect.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\conime.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://my.yahoo.com/ uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [QuiKProtect] c:\program files\iomega\quikprotect\StartQuikProtect.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: citi.com\creditcards Trusted Zone: itcu.org\www Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate Trusted Zone: yahoo.com\my DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/69.10/uploader2.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5985/mcfscan.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{28982DB9-15B5-4F68-97C1-B14F8846B433} : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\frank liu\application data\mozilla\firefox\profiles\bqdxhci7.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\frank liu\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064] R1 MpKsld3b8646b;MpKsld3b8646b;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\MpKsld3b8646b.sys [2012-8-23 29904] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-19 10448] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-16 655944] R2 QPCopyEngine;QPCopyEngine;c:\program files\iomega\quikprotect\QpMonitor.exe [2010-6-24 247088] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-16 22344] R3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [2009-11-21 19384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250568] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\common\database\bin\fbserver.exe [2011-7-23 1527900] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-26 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 113120] S3 QianCaiHid;QianCai Handwriter Device;c:\windows\system32\drivers\HidKeyboard.sys [2010-12-14 6400] S4 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 98304] . =============== Created Last 30 ================ . 2012-08-23 13:03:42 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\offreg.dll 2012-08-23 12:55:32 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\MpKsld3b8646b.sys 2012-08-23 03:54:56 7023536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6deb9be-73a9-426a-a1ff-78be6826b034}\mpengine.dll 2012-08-22 02:46:26 -------- d-----r- c:\program files\Skype 2012-08-22 02:39:48 7023536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-08-22 02:39:18 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys 2012-08-22 02:39:18 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys 2012-08-22 02:39:01 20992 ----a-w- c:\windows\system32\dshowext.ax 2012-08-22 02:36:11 465432 ----a-w- c:\windows\system32\LVUI2RC.dll 2012-08-22 02:36:11 416280 ----a-w- c:\windows\system32\lvcodec2.dll 2012-08-22 02:36:11 3599000 ----a-w- c:\windows\system32\drivers\lvuvc.sys 2012-08-22 02:36:10 490008 ----a-w- c:\windows\system32\LVUI2.dll 2012-08-22 02:36:10 19344 ----a-w- c:\windows\system32\Repository.reg 2012-08-22 02:36:10 1920920 ----a-w- c:\windows\system32\drivers\lvpopflt.sys 2012-08-22 02:36:09 41752 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys 2012-08-22 02:36:09 22296 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys 2012-08-22 02:36:09 195096 ----a-w- c:\windows\system32\lvci1110.dll 2012-08-01 15:50:43 -------- d-----w- c:\program files\BETV 2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2012-08-22 02:30:43 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-22 02:30:42 73416 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-10 03:46:45 60 ----a-w- c:\windows\wpd99.drv 2012-07-16 16:47:48 12562920 ----a-w- c:\documents and settings\all users\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe 2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec 2012-06-17 14:33:44 12557904 ----a-w- c:\documents and settings\all users\Tempmozy-autoupdate-864934ef6e2b54a6f5dcfa6e472922e2.exe 2012-06-07 03:57:16 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-06-07 03:57:16 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-06-07 01:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2010-07-14 15:56:00 417944 ----a-w- c:\program files\common files\ZugoInstaller.exe 2010-05-09 05:14:38 5387 ----a-w- c:\program files\apply.cmd 2010-04-24 04:33:58 911800 ----a-w- c:\program files\amtlib.dll . ============= FINISH: 8:10:31.46 ===============</local> . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 2009/11/15 1:13:34 PM System Uptime: 2012/8/23 7:52:28 AM (1 hours ago) . Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7119 Processor: AMD Sempron 3000+ | Socket A | 1991/166mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 95.06 GiB free. D: is CDROM () E: is FIXED (NTFS) - 186 GiB total, 62.031 GiB free. F: is FIXED (NTFS) - 186 GiB total, 91.883 GiB free. J: is FIXED (NTFS) - 932 GiB total, 673.123 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP899: 2012/8/8 9:43:56 PM - System Checkpoint RP900: 2012/7/22 7:39:26 AM - Software Distribution Service 3.0 RP901: 2012/7/22 7:39:25 AM - System Checkpoint RP902: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0 RP903: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0 RP904: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0 RP905: 2012/7/22 7:39:25 AM - System Checkpoint RP906: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0 RP907: 2012/7/22 7:39:25 AM - Software Distribution Service 3.0 RP908: 2012/7/22 7:39:24 AM - Software Distribution Service 3.0 RP909: 2012/7/22 7:39:24 AM - System Checkpoint RP910: 2012/7/22 7:39:24 AM - Software Distribution Service 3.0 RP911: 2012/7/22 7:40:12 AM - Software Distribution Service 3.0 RP912: 2012/7/22 7:40:12 AM - Installed MozyHome RP913: 2012/7/22 7:40:12 AM - Software Distribution Service 3.0 RP914: 2012/7/22 7:40:12 AM - System Checkpoint RP915: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0 RP916: 2012/7/22 7:40:11 AM - System Checkpoint RP917: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0 RP918: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0 RP919: 2012/7/22 7:40:11 AM - System Checkpoint RP920: 2012/7/22 7:40:11 AM - Software Distribution Service 3.0 RP921: 2012/7/22 7:40:10 AM - Software Distribution Service 3.0 RP922: 2012/7/22 7:40:10 AM - System Checkpoint RP923: 2012/7/22 7:40:10 AM - Software Distribution Service 3.0 RP924: 2012/7/22 7:39:26 AM - System Checkpoint RP925: 2012/7/22 7:40:10 AM - Software Distribution Service 3.0 RP926: 2012/7/22 7:40:10 AM - System Checkpoint RP927: 2012/7/22 7:40:10 AM - Revo Uninstaller's restore point - Pinnacle Studio Ultimate Plugins RP928: 2012/7/22 7:40:09 AM - Revo Uninstaller's restore point - Pinnacle Video Driver RP929: 2012/7/22 7:40:09 AM - Removed Pinnacle Video Driver. RP930: 2012/7/22 7:40:09 AM - Revo Uninstaller's restore point - Pinnacle Studio 14 RP931: 2012/7/22 7:40:09 AM - Revo Uninstaller's restore point - Pinnacle Studio 14 RP932: 2012/7/22 7:40:09 AM - Software Distribution Service 3.0 RP933: 2012/7/22 7:40:09 AM - Software Distribution Service 3.0 RP934: 2012/7/22 7:40:08 AM - System Checkpoint RP935: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0 RP936: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0 RP937: 2012/7/22 7:40:08 AM - System Checkpoint RP938: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0 RP939: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0 RP940: 2012/7/22 7:40:08 AM - Software Distribution Service 3.0 RP941: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0 RP942: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0 RP943: 2012/7/22 7:40:07 AM - System Checkpoint RP944: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0 RP945: 2012/7/22 7:40:07 AM - System Checkpoint RP946: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0 RP947: 2012/7/22 7:40:07 AM - Software Distribution Service 3.0 RP948: 2012/7/22 7:40:06 AM - System Checkpoint RP949: 2012/7/22 7:40:06 AM - Software Distribution Service 3.0 RP950: 2012/7/22 7:40:06 AM - System Checkpoint RP951: 2012/7/22 7:40:05 AM - Software Distribution Service 3.0 RP952: 2012/7/22 7:40:05 AM - System Checkpoint RP953: 2012/7/22 7:40:05 AM - Software Distribution Service 3.0 RP954: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0 RP955: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0 RP956: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0 RP957: 2012/7/22 7:40:04 AM - System Checkpoint RP958: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0 RP959: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0 RP960: 2012/7/22 7:40:04 AM - Software Distribution Service 3.0 RP961: 2012/7/22 7:40:04 AM - System Checkpoint RP962: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0 RP963: 2012/7/22 7:40:03 AM - System Checkpoint RP964: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0 RP965: 2012/7/22 7:40:03 AM - System Checkpoint RP966: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0 RP967: 2012/7/22 7:39:26 AM - System Checkpoint RP968: 2012/7/22 7:40:03 AM - Software Distribution Service 3.0 RP969: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0 RP970: 2012/7/22 7:40:02 AM - System Checkpoint RP971: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0 RP972: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0 RP973: 2012/7/22 7:40:02 AM - Software Distribution Service 3.0 RP974: 2012/7/22 7:40:01 AM - System Checkpoint RP975: 2012/7/22 7:40:01 AM - Software Distribution Service 3.0 RP976: 2012/7/22 7:40:01 AM - Software Distribution Service 3.0 RP977: 2012/7/22 7:40:01 AM - Software Distribution Service 3.0 RP978: 2012/7/22 7:40:01 AM - System Checkpoint RP979: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0 RP980: 2012/7/22 7:40:06 AM - System Checkpoint RP981: 2012/7/22 7:40:06 AM - Revo Uninstaller's restore point - Pinnacle Studio 14 RP982: 2012/7/22 7:40:06 AM - Revo Uninstaller's restore point - Amazon MP3 Downloader 1.0.5 RP983: 2012/7/22 7:40:06 AM - Revo Uninstaller's restore point - Free Audio Editor RP984: 2012/7/22 7:40:05 AM - Revo Uninstaller's restore point - WavePad Sound Editor RP985: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0 RP986: 2012/7/22 7:39:26 AM - System Checkpoint RP987: 2012/7/22 7:39:26 AM - Software Distribution Service 3.0 RP988: 2012/7/22 7:40:00 AM - System Checkpoint RP989: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0 RP990: 2012/7/22 7:40:00 AM - Software Distribution Service 3.0 RP991: 2012/7/22 7:40:00 AM - System Checkpoint RP992: 2012/7/22 7:39:59 AM - Software Distribution Service 3.0 RP993: 2012/7/22 7:39:59 AM - System Checkpoint RP994: 2012/7/22 7:39:59 AM - Software Distribution Service 3.0 RP995: 2012/7/22 7:39:59 AM - System Checkpoint RP996: 2012/7/22 7:39:59 AM - Software Distribution Service 3.0 RP997: 2012/7/22 7:39:59 AM - System Checkpoint RP998: 2012/7/22 7:39:58 AM - Software Distribution Service 3.0 RP999: 2012/7/22 7:39:58 AM - Software Distribution Service 3.0 RP1000: 2012/7/22 7:39:58 AM - Software Distribution Service 3.0 RP1001: 2012/6/1 12:07:16 PM - System Checkpoint RP1002: 2012/6/1 3:01:18 PM - Software Distribution Service 3.0 RP1003: 2012/6/2 3:30:33 PM - System Checkpoint RP1004: 2012/6/3 10:05:45 AM - Software Distribution Service 3.0 RP1005: 2012/6/4 10:34:06 AM - Software Distribution Service 3.0 RP1006: 2012/6/4 10:38:10 AM - Software Distribution Service 3.0 RP1007: 2012/6/5 5:53:08 PM - Software Distribution Service 3.0 RP1008: 2012/6/6 11:01:37 PM - Software Distribution Service 3.0 RP1009: 2012/6/7 11:35:53 PM - Software Distribution Service 3.0 RP1010: 2012/6/9 11:05:35 AM - Software Distribution Service 3.0 RP1011: 2012/6/10 11:42:59 AM - System Checkpoint RP1012: 2012/6/11 8:56:06 AM - Software Distribution Service 3.0 RP1013: 2012/6/12 2:30:47 PM - Software Distribution Service 3.0 RP1014: 2012/6/12 10:00:26 PM - Software Distribution Service 3.0 RP1015: 2012/6/13 8:41:32 PM - Software Distribution Service 3.0 RP1016: 2012/6/15 10:22:21 PM - Software Distribution Service 3.0 RP1017: 2012/6/16 10:29:29 PM - Software Distribution Service 3.0 RP1018: 2012/6/17 9:48:04 AM - Software Distribution Service 3.0 RP1019: 2012/6/18 7:56:45 PM - Software Distribution Service 3.0 RP1020: 2012/6/19 11:43:26 PM - Software Distribution Service 3.0 RP1021: 2012/6/21 11:29:28 PM - Software Distribution Service 3.0 RP1022: 2012/6/23 8:44:29 AM - Software Distribution Service 3.0 RP1023: 2012/6/24 9:18:13 AM - Software Distribution Service 3.0 RP1024: 2012/6/25 10:10:19 AM - Software Distribution Service 3.0 RP1025: 2012/6/26 10:31:18 AM - System Checkpoint RP1026: 2012/6/26 10:16:26 PM - Software Distribution Service 3.0 RP1027: 2012/6/27 10:39:56 PM - Software Distribution Service 3.0 RP1028: 2012/6/28 11:56:16 PM - Software Distribution Service 3.0 RP1029: 2012/6/30 10:31:29 AM - Software Distribution Service 3.0 RP1030: 2012/7/1 10:16:02 PM - Software Distribution Service 3.0 RP1031: 2012/7/2 10:21:32 PM - System Checkpoint RP1032: 2012/7/3 10:11:48 PM - Software Distribution Service 3.0 RP1033: 2012/7/6 10:04:41 AM - Software Distribution Service 3.0 RP1034: 2012/7/7 11:05:57 AM - System Checkpoint RP1035: 2012/7/7 11:20:56 PM - Software Distribution Service 3.0 RP1036: 2012/7/8 11:27:09 PM - Software Distribution Service 3.0 RP1037: 2012/7/10 8:45:37 AM - Software Distribution Service 3.0 RP1038: 2012/7/10 10:00:33 PM - Software Distribution Service 3.0 RP1039: 2012/7/12 8:19:35 AM - Software Distribution Service 3.0 RP1040: 2012/7/13 9:48:47 PM - Software Distribution Service 3.0 RP1041: 2012/7/13 9:58:57 AM - System Checkpoint RP1042: 2012/7/15 10:10:22 PM - Software Distribution Service 3.0 RP1043: 2012/7/17 8:45:05 AM - Software Distribution Service 3.0 RP1044: 2012/7/18 10:29:56 AM - Software Distribution Service 3.0 RP1045: 2012/7/19 10:15:57 PM - Software Distribution Service 3.0 RP1046: 2012/7/20 10:54:17 PM - Software Distribution Service 3.0 RP1047: 2012/7/21 11:11:18 PM - System Checkpoint RP1048: 2012/7/22 7:32:51 AM - Software Distribution Service 3.0 RP1049: 2012/7/24 8:17:47 AM - Software Distribution Service 3.0 RP1050: 2012/7/26 8:25:46 AM - Software Distribution Service 3.0 RP1051: 2012/7/27 11:23:59 PM - Software Distribution Service 3.0 RP1052: 2012/7/31 7:02:36 AM - Software Distribution Service 3.0 RP1053: 2012/8/1 10:27:09 AM - Software Distribution Service 3.0 RP1054: 2012/8/2 12:52:08 PM - Software Distribution Service 3.0 RP1055: 2012/8/3 2:14:01 PM - System Checkpoint RP1056: 2012/8/4 8:52:33 AM - Software Distribution Service 3.0 RP1057: 2000/8/4 11:42:05 AM - System Checkpoint RP1058: 2012/8/5 9:38:39 AM - System Checkpoint RP1059: 2012/8/5 9:48:24 AM - Software Distribution Service 3.0 RP1060: 2012/8/6 11:36:10 AM - Software Distribution Service 3.0 RP1061: 2012/8/7 11:55:40 AM - System Checkpoint RP1062: 2012/8/8 8:33:31 AM - Software Distribution Service 3.0 RP1063: 2012/8/9 9:19:46 AM - Software Distribution Service 3.0 RP1064: 2012/8/10 11:10:37 AM - System Checkpoint RP1065: 2012/8/11 9:44:02 AM - Software Distribution Service 3.0 RP1066: 2012/8/12 3:13:17 PM - Software Distribution Service 3.0 RP1067: 2012/8/13 4:51:43 PM - System Checkpoint RP1068: 2012/8/14 9:12:22 AM - Software Distribution Service 3.0 RP1069: 2012/8/15 9:21:49 AM - Software Distribution Service 3.0 RP1070: 2012/8/15 9:43:22 AM - Software Distribution Service 3.0 RP1071: 2012/8/17 10:01:06 AM - Software Distribution Service 3.0 RP1072: 2012/8/18 10:06:02 AM - System Checkpoint RP1073: 2012/8/19 7:05:51 PM - Software Distribution Service 3.0 RP1074: 2012/8/21 9:37:07 PM - Logitech Camera Driver Install RP1075: 2012/8/22 10:54:39 PM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . . "Nero SoundTrax Help 1Click DVD Copy 5.0.2.9 7-Zip 4.65 ACDSee 8 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Advertising Center Any Video Converter 3.3.4 Audacity 1.2.6 Auslogics Duplicate File Finder BETV 1.6.0.7 Canon Easy-PhotoPrint EX Canon IJ Network Tool Canon MP Navigator EX 4.0 Canon MP495 series MP Drivers Canon MP495 series User Registration Canon My Printer Canon Solution Menu EX CCleaner Chinese (Traditional) Language Support Compatibility Pack for the 2007 Office system Cookienator CopyToDVD DolbyFiles DVD43 v4.6.0 eReg ffdshow Firebird SQL Server - MAGIX Edition (US) Google Chrome Google Earth Plug-in Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) ImagXpress InCD Help Intel® PRO Network Adapters and Drivers Iomega QuikProtect Java Auto Updater Java 6 Update 29 Knoll Light Factory EZ Studio Logitech QuickCam Logitech SetPoint 6.15 Logitech® Camera ÅX°Êµ{¦¡ Malwarebytes Anti-Malware version 1.62.0.1300 Menu Templates - Starter Kit Meritline EZ Label Xpress 3.5 Lite Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Chinese Date & Time Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Windows Journal Viewer Microsoft Windows XP Video Decoder Checkup Utility Microsoft XML Parser Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Movie Templates - Starter Kit Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MozyHome MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MVision NCH Toolbox Nero 9 Nero Burning ROM Help Nero BurnRights Nero BurnRights Help Nero ControlCenter Nero CoverDesigner Nero CoverDesigner Help Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Live Nero Live Help Nero PhotoSnap Nero PhotoSnap Help Nero Recode Nero Recode Help Nero Rescue Agent Nero RescueAgent Help Nero ShowTime Nero StartSmart Nero StartSmart Help Nero Vision Nero Vision Help Nero WaveEditor Nero WaveEditor Help NeroBurningROM NeroExpress NeroLiveGadget NeroLiveGadget Help neroxml NVIDIA Drivers Office Tab Free Edition 8.00 Pdf995 Penpower Jr. Picasa 3 RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Revo Uninstaller 1.92 SanDiskSecureAccess_Manager.exe Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974455) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Skype? 5.10 Sony DVD Architect Studio 4.5 SoundTrax Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB978506) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Vegas Movie Studio 9.0 VLC media player 1.1.11 WebFldrs XP Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows PowerShell 1.0 Windows XP Service Pack 3 XP Codec Pack Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 2012/8/22 5:52:07 PM, error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer. 2012/8/19 9:01:04 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DELLFROMYC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{28982DB9-15B5-4F6. The master browser is stopping or an election is being forced. 2012/8/19 7:14:24 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is DELLFROMYC. 2012/8/19 6:53:44 PM, error: NetBT [4321] - The name "CHAPTER 8 :1d" could not be registered on the Interface with IP address 192.168.1.2. The machine with the IP address 192.168.1.4 did not allow the name to be claimed by this machine. 2012/8/18 11:15:23 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Nero BackItUp Scheduler 4.0 with arguments "-Service" in order to run the server: {35212119-C615-4CD0-8DA5-7D7F19FBA1B8} . ==== End Of File ===========================
  5. Merged 2 post XP.SP3-Home desktop PC. While using Chrome, the initial issues appeared during a download(unexpected bundled product, seems to be Babylon toolbar). Impacted Chrome, where initially the icon changed. While attempting to 'fix', each effort seemed to spawn additional problems. At first I only noticed browser redirects to the Babylon search. Then things got worse. Ran Avast and MB. PC hung up/stalled, then logged me out and required a "User" login. I do not have a Guest account setup so it appeared the malware was intercepting my privledges and password. It also forced an Admin password to access the secure wireless network. After running above, the PC seemed to retract more & more Admin privledges from me. Sys32 or Temp files "not accessible", etc. When I run GMER in normal mode, the full scan runs. But when I click Save, the computer reboots. Running GMER again in safe mode(not complete as of this post) I have MB, OT, DDS, aswMBR outputs. If you prefer another scan type, please advise and I wil post here. My 2nd device, Win7 laptop, is in SafeMode as it seems to have inherited this issue through the wireless network. As I need the laptop to access internet, let's fix the XP first. Thanks in advance for your expert guidance here. 070512|Midnight: Updating ticket w DDS details. Of note, I tried GMER in Safe Mode; it ran to completion but when I hit Copy or Save, the #*$&*$ gave errors indicating insufficient space, no access to blah blah blah. Although I have backups of data & some programs, I am certain it is incomplete. I hesitate to put the NAS back on the network in case it gets hit with this problem. Your early assistance is welcomed!! ~chaosmastered __________________________________________________ . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27 Run by user at 9:51:25 on 2012-07-04 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1099 [GMT -5:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Antivirus *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Microsoft\BingBar\BBSvc.EXE C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe C:\Program Files\FarStone\DriveClone\Client\Efb\FBPAgent.exe C:\Program Files\FarStone\DriveClone\Client\cbp\DCSchdler.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe C:\Program Files\FarStone\DriveClone\Client\DCNTranProc.exe C:\Program Files\iTivity\bin\rfbd.exe C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Business-in-a-Box\BIBLauncher.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\ePad995\ePad995.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\D-Link\SharePort Utility\Connect.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\taskmgr.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://todoist.com/app?v=6#start uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - No File BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: {D5233FCD-D258-4903-89B8-FB1568E7413D} - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [QuickenBillminder] c:\program files\quicken\Billmind.exe -startup uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [bIBLauncher] c:\program files\business-in-a-box\BIBLauncher.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [GoogleChromeAutoLaunch_CC3BFD97C321DE64D73DD83160F90AC3] "c:\documents and settings\user\local settings\application data\google\chrome\application\chrome.exe" --no-startup-window mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe" mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime StartupFolder: c:\docume~1\user\startm~1\programs\startup\sharep~1.lnk - c:\program files\d-link\shareport utility\Connect.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epad995.lnk - c:\program files\epad995\ePad995.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: chartlinks.com\portal DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} - hxxp://content.ilinc.com/clientdownload/download/ilinci86.dll DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://portal.chartlinks.com/NELX.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www1.gotomeeting.com/default/applets/g2mdlax.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://quickscan.bitdefender.com/cab/ActiveQscan.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2E0B085B-3882-415B-81E2-F908D4FC844F} : DhcpNameServer = 192.168.1.1 Notify: PCANotify - PCANotify.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\q721body.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npoff.dll FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npwbe.dll FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false ============= SERVICES / DRIVERS =============== . R0 dcsnap;dcsnap;c:\windows\system32\drivers\dcsnap.sys [2011-9-16 86168] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-24 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-4 353688] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-3-29 98392] R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\drivers\SWIPsec.sys [2012-1-5 87064] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-4 21256] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-4 44808] R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176] R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648] R2 D-Link SharePort Helper;D-Link SharePort Helper;c:\program files\d-link\shareport utility\Spnuhelper.exe [2011-9-16 40960] R2 FBAgent;File Backup Agent;c:\program files\farstone\driveclone\client\efb\FBPAgent.exe [2011-9-16 86016] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-10-28 54760] R2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\sonicwall\sonicwall global vpn client\SWGVCSvc.exe [2009-3-6 227352] R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2011-9-16 246920] R2 Tran_Process_Proc;DCNTranProc;c:\program files\farstone\driveclone\client\DCNTranProc.exe [2009-11-26 77824] R2 tridiavnc;Tridia Screen Server;c:\program files\itivity\bin\rfbd.exe [2008-9-3 434176] R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2012-4-24 1714176] R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2008-2-4 20504] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S1 DCDisk;DCDisk; [x] S1 efbDisk;efbDisk; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 DCScheduler;DCScheduler;c:\program files\farstone\driveclone\client\cbp\DCSchdlerSRVC.exe [2011-9-16 104976] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056] S3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\FarMntIo.sys [2011-9-16 13184] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-15 1361288] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-27 129976] S3 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408] S3 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-12-16 188736] S3 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856] S3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\drivers\SWVNIC.sys [2009-3-4 21016] S3 TridiaFTPServer;TridiaFTP Server;c:\program files\itivity\bin\ftpd.exe [2008-9-3 536640] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688] . =============== File Associations =============== . .txt=UltraEdit.txt . =============== Created Last 30 ================ . 2012-06-28 04:02:25 -------- d-----w- c:\documents and settings\user\local settings\application data\Microsoft_Corporation 2012-06-27 21:09:18 359744 ----a-w- c:\documents and settings\all users\application data\microsoft\vstahost\ssis_scriptcomponent\9.0\1033\ResourceCache.dll 2012-06-27 21:09:00 359744 ----a-w- c:\documents and settings\all users\application data\microsoft\vstahost\ssis_scripttask\9.0\1033\ResourceCache.dll 2012-06-27 16:04:55 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-06-27 16:04:49 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe 2012-06-27 16:04:49 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2012-06-13 22:57:03 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-06 23:13:41 -------- d-----w- c:\documents and settings\all users\application data\VS . ==================== Find3M ==================== . 2012-06-28 12:52:37 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-06-28 12:52:20 41224 ----a-w- c:\windows\avastSS.scr 2012-06-27 18:59:51 59 ----a-w- c:\windows\wpd99.drv 2012-06-25 12:55:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-25 12:55:16 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:12:30 2192640 ------w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2069120 ------w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts 2007-06-28 20:40:59 33272460 -c--a-w- c:\program files\pcAnywhere_12_1_MarketingTrialware.exe . ============= FINISH: 9:53:14.06 =============== attach_070412V.zip
  6. Hi everyone. I recently downloaded a sketchy torrent, and along with that torrent came a file called, "Online Media File" Or something. Instead of what I wanted to downloaded, it downloaded something like "Free ride games" and "Fun moods" and "Giant savings". I really didn't want these files, but along came the browser called "babylon". This is the part I hate most. Everytime I access Google Chrome (My main browser), it goes up as babylon. I think I've deleted all the other malicious games, but babylon is still there. I'm not sure if System Restore, will do the trick, and I've tried almost EVERY tactic there is on forums. None worked. So I'm counting on the experts and geniuses of MalwareBytes to solve this problem to the best of their abilities. Also, I'm really not that good with Computer terms, so I need a patient guide who will bare with me. I really appreciate whoever can help me, especially those who've had this problem. Best of luck to both of us. -Regards, Terry.
  7. I hope I didn't mess up this computer too much!!! I'd be happy to turn off Avast , Symantec and Kaspersky and run a program which will help, hint hint. When I 'disable' Kaspersky for '1 hour' for a minute , I am given a warning sometimes 480 connections will be closed. after running a series of deep scans, boot scans, etc, and reseting my TCP values to windows defaults using TCP optimizer. I am sometimes able to take control of my computer and get online searching for real answers brings me here: Please help if you can, please and thanks.!!!! I think I found the set of virii which attacked Toledo Police.... . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Richard at 23:02:31 on 2012-02-28 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4040.1649 [GMT -8:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Kaspersky Anti-Virus *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Program Files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-MappedDrive.exe C:\windows\System32\svchost.exe -k ipripsvc C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\System32\snmp.exe C:\windows\system32\svchost.exe -k iissvcs C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\windows\system32\taskhost.exe C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe C:\windows\system32\taskeng.exe C:\windows\system32\taskeng.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe C:\Program Files (x86)\Lenovo\Energy Management\utility.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Wireless Wizard\AzulstarLinkTest.exe C:\windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\WinUtilities\WinUtil.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Richard\AppData\Local\Temp\install_flashplayer11x64_mssa_aih.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Norton Management\Engine\2.1.0.12\ccSvcHst.exe C:\Program Files (x86)\Norton Management\Engine\2.1.0.12\ccSvcHst.exe C:\Program Files (x86)\Mozilla Firefox\standardrichard\firefox.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\igfxsrvc.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve mStart Page = about:blank mWinlogon: Userinit=userinit.exe, BHO: Disabled:{6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File BHO: Disabled:{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\IPS\IPSBHO.DLL BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Norton Safety Minder BHO: {b8e07826-0971-4f16-b133-047b88034e89} - C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\coIEPlg.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll TB: ooVoo toolbar, powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [installIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [<NO NAME>] mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" dRun: [Norton Download Manager{NSME22-B22-4abb-B07C-C084B04B4F12}] C:\Users\Public\Downloads\Norton\{NSME22-B22-4abb-B07C-C084B04B4F12}\ccSvcHst.exe /m StartupFolder: C:\Users\Richard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CONNEC~1.LNK - C:\Program Files (x86)\Connection Keeper\conkeepm.exe StartupFolder: C:\Users\Richard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WeFi.lnk - C:\Program Files (x86)\WeFi\WeFi.exe StartupFolder: C:\Users\Richard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\Wireless Wizard\AzulstarLinkTest.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 75.36.151.1 TCP: Interfaces\{73B8F4AE-6469-4024-9029-8469BCCB146F} : DhcpNameServer = 75.36.151.1 TCP: Interfaces\{73B8F4AE-6469-4024-9029-8469BCCB146F}\356484140277966696 : DhcpNameServer = 10.128.128.128 Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\ReImageCompanion\tdataprotocol.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Disabled:{6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No File BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Disabled:{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-X64: Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll BHO-X64: IEVkbdBHO - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Norton Safety Minder BHO: {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\coIEPlg.dll BHO-X64: Norton Safety Minder BHO - No File BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll BHO-X64: link filter bho - No File TB-X64: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [(Default)] mRun-x64: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun-x64: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\rg46nemv.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.ssl - 127.0.0.1 FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll . ---- FIREFOX POLICIES ---- . FF - user.js: extensions.funmoods_i.newTab - false FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=adknlg&q= FF - user.js: extensions.funmoods_i.id - 1e4d892f00000000000016de2bee20bf FF - user.js: extensions.funmoods_i.instlDay - 15388 FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16 FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1621:20:59 FF - user.js: extensions.funmoods_i.prtnrId - funmoods FF - user.js: extensions.funmoods_i.prdct - funmoods FF - user.js: extensions.funmoods_i.aflt - adknlg FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods_i.tlbrId - base FF - user.js: extensions.funmoods_i.instlRef - FF - user.js: extensions.funmoods_i.dfltLng - FF - user.js: extensions.funmoods_i.excTlbr - false . ============= SERVICES / DRIVERS =============== . R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?] R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?] R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NAVx64\1305000.091\SYMDS64.SYS --> C:\windows\system32\drivers\NAVx64\1305000.091\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NAVx64\1305000.091\SYMEFA64.SYS --> C:\windows\system32\drivers\NAVx64\1305000.091\SYMEFA64.SYS [?] R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-2-15 1157240] R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?] R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\windows\system32\drivers\MCLIENTx64\0201000.00C\ccSetx64.sys --> C:\windows\system32\drivers\MCLIENTx64\0201000.00C\ccSetx64.sys [?] R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\windows\system32\drivers\NAVx64\1305000.091\ccSetx64.sys --> C:\windows\system32\drivers\NAVx64\1305000.091\ccSetx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120225.004\IDSviA64.sys [2012-2-28 488568] R1 kl2;kl2;C:\windows\system32\DRIVERS\kl2.sys --> C:\windows\system32\DRIVERS\kl2.sys [?] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\system32\DRIVERS\klim6.sys --> C:\windows\system32\DRIVERS\klim6.sys [?] R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NAVx64\1305000.091\Ironx64.SYS --> C:\windows\system32\drivers\NAVx64\1305000.091\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NAVx64\1305000.091\SYMNETS.SYS --> C:\windows\system32\Drivers\NAVx64\1305000.091\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-2-24 44768] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296] R2 ElephantDrive-MappedDrive.exe;ElephantDrive-MappedDrive;C:\Program Files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-MappedDrive.exe [2011-5-13 118968] R2 iprip;RIP Listener;C:\windows\System32\svchost.exe -k ipripsvc [2009-7-13 20992] R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\2.1.0.12\ccSvcHst.exe [2012-2-28 138232] R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccsvchst.exe [2012-2-27 138248] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-26 2656280] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?] R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-26 138360] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\system32\DRIVERS\klmouflt.sys --> C:\windows\system32\DRIVERS\klmouflt.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 vm2uvcflt;Vimicro USB Camera Filter 2;C:\windows\system32\Drivers\vm2uvcflt.sys --> C:\windows\system32\Drivers\vm2uvcflt.sys [?] R3 vm332avs;Lenovo Camera2;C:\windows\system32\Drivers\vm332avs.sys --> C:\windows\system32\Drivers\vm332avs.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-26 136176] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-26 13592] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856] S3 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] S3 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] S3 ElephantDrive-Service.exe;ElephantDrive-Service;C:\Program Files (x86)\ElephantDrive\ElephantDrive Desktop\ElephantDesktop-Service.exe [2011-5-13 118456] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-26 136176] S3 McAWFwk;McAfee Activation Service;c:\PROGRA~1\mcafee\msc\mcawfwk.exe --> c:\PROGRA~1\mcafee\msc\mcawfwk.exe [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2011-11-26 332272] S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\windows\system32\Drivers\PCAMp50a64.sys --> C:\windows\system32\Drivers\PCAMp50a64.sys [?] S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\windows\system32\Drivers\PCASp50a64.sys --> C:\windows\system32\Drivers\PCASp50a64.sys [?] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?] S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] S3 SWDUMon;SWDUMon;C:\windows\system32\DRIVERS\SWDUMon.sys --> C:\windows\system32\DRIVERS\SWDUMon.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S3 Webcam Corp. Service Starter;Webcam Corp. Service Starter;C:\Program Files (x86)\Webcam\Webcam123\dogsvc.exe [2007-12-5 189440] S3 WefiEngSvc;WeFi Engine Service;C:\Program Files (x86)\WeFi\WefiEngSvc.exe [2010-11-3 120152] S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-02-29 07:03:05 218232 ----a-r- C:\windows\System32\drivers\NSMx64\0203000.011\symrdrs.sys 2012-02-29 07:03:04 -------- d-----w- C:\windows\System32\drivers\NSMx64\0203000.011 2012-02-29 07:03:04 -------- d-----w- C:\windows\System32\drivers\NSMx64 2012-02-29 07:03:01 167048 ----a-r- C:\windows\System32\drivers\NOFx64\0203000.007\ccSetx64.sys 2012-02-29 07:03:00 -------- d-----w- C:\windows\System32\drivers\NOFx64\0203000.007 2012-02-29 07:03:00 -------- d-----w- C:\windows\System32\drivers\NOFx64 2012-02-29 06:56:11 167048 ----a-r- C:\windows\System32\drivers\MCLIENTx64\0201000.00C\ccSetx64.sys 2012-02-29 06:56:09 -------- d-----w- C:\windows\System32\drivers\MCLIENTx64\0201000.00C 2012-02-29 06:56:09 -------- d-----w- C:\windows\System32\drivers\MCLIENTx64 2012-02-29 06:56:09 -------- d-----w- C:\Program Files (x86)\Norton Management 2012-02-28 05:11:05 738936 ----a-w- C:\windows\System32\drivers\NAVx64\1305000.091\srtsp64.sys 2012-02-28 05:11:05 451192 ----a-r- C:\windows\System32\drivers\NAVx64\1305000.091\symds64.sys 2012-02-28 05:11:05 405624 ----a-w- C:\windows\System32\drivers\NAVx64\1305000.091\symnets.sys 2012-02-28 05:11:05 37496 ----a-w- C:\windows\System32\drivers\NAVx64\1305000.091\srtspx64.sys 2012-02-28 05:11:05 190072 ----a-w- C:\windows\System32\drivers\NAVx64\1305000.091\ironx64.sys 2012-02-28 05:11:05 167048 ----a-w- C:\windows\System32\drivers\NAVx64\1305000.091\ccsetx64.sys 2012-02-28 05:11:05 1092728 ----a-w- C:\windows\System32\drivers\NAVx64\1305000.091\symefa64.sys 2012-02-28 05:10:51 -------- d-----w- C:\windows\System32\drivers\NAVx64\1305000.091 2012-02-26 17:14:51 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS 2012-02-26 17:14:51 -------- d-----w- C:\Program Files\Symantec 2012-02-26 17:14:51 -------- d-----w- C:\Program Files\Common Files\Symantec Shared 2012-02-26 17:14:13 -------- d-----w- C:\windows\System32\drivers\NAVx64 2012-02-26 17:14:10 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus 2012-02-26 13:28:06 -------- d-----w- C:\ProgramData\Vocaboly 2012-02-26 13:27:56 626688 ----a-w- C:\windows\SysWow64\msvcr80.dll 2012-02-26 13:27:56 548864 ----a-w- C:\windows\SysWow64\msvcp80.dll 2012-02-26 13:27:56 1093632 ----a-w- C:\windows\SysWow64\mfc80.dll 2012-02-26 06:46:22 77312 ----a-w- C:\windows\SysWow64\ztvunace26.dll 2012-02-26 06:46:22 75264 ----a-w- C:\windows\SysWow64\unacev2.dll 2012-02-26 06:46:22 69632 ----a-w- C:\windows\SysWow64\ztvcabinet.dll 2012-02-26 06:46:22 162304 ----a-w- C:\windows\SysWow64\ztvunrar36.dll 2012-02-26 06:46:22 153088 ----a-w- C:\windows\SysWow64\UNRAR3.dll 2012-02-24 14:46:17 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2E63701F-F31C-489B-BF90-79B0EE9372FD}\mpengine.dll 2012-02-24 13:44:35 53080 ----a-w- C:\windows\System32\drivers\aswRdr2.sys 2012-02-24 13:44:32 817496 ----a-w- C:\windows\System32\drivers\aswSnx.sys 2012-02-24 13:44:32 69976 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2012-02-24 13:44:03 41184 ----a-w- C:\windows\avastSS.scr 2012-02-24 13:41:12 -------- d-----w- C:\ProgramData\AVAST Software 2012-02-24 13:41:12 -------- d-----w- C:\Program Files\AVAST Software 2012-02-23 08:10:48 -------- d-----w- C:\ProgramData\Kaspersky Lab 2012-02-23 08:10:48 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab 2012-02-21 18:15:03 -------- d-----w- C:\Users\Richard\AppData\Roaming\GlarySoft 2012-02-21 06:38:12 199168 ------w- C:\windows\SysWow64\actskin4ku.ocx 2012-02-21 06:38:10 67632 ------w- C:\windows\SysWow64\mswinsckku.ocx 2012-02-21 06:38:10 11264 ------w- C:\windows\SysWow64\browser.ocx 2012-02-21 06:38:07 -------- d-----w- C:\Program Files (x86)\Super Speed Internet 2012-02-21 06:37:38 -------- d-----w- C:\Program Files (x86)\Common Files\SY Company 2012-02-21 06:37:22 -------- d-----w- C:\temp 2012-02-21 06:32:46 -------- d-----w- C:\Program Files (x86)\Badosoft 2012-02-21 05:55:20 -------- d-----w- C:\Program Files (x86)\SySpeed 2012-02-21 04:05:24 557848 ----a-w- C:\windows\System32\drivers\iaStor.sys 2012-02-20 15:54:28 -------- d-----w- C:\Users\Richard\AppData\Roaming\Simply Super Software 2012-02-20 15:54:28 -------- d-----w- C:\ProgramData\Simply Super Software 2012-02-20 15:54:28 -------- d-----w- C:\Program Files (x86)\Trojan Remover 2012-02-20 15:22:18 -------- d-----w- C:\Program Files (x86)\CheckPoint 2012-02-20 14:40:43 -------- d-----w- C:\Users\Richard\AppData\Local\CrashDumps 2012-02-20 03:01:25 -------- d-----w- C:\AutoMacroRecorder 2012-02-20 00:29:33 -------- d-----r- C:\Program Files (x86)\Skype 2012-02-19 23:30:03 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared 2012-02-19 22:35:08 -------- d-----w- C:\Program Files (x86)\NortonInstaller 2012-02-19 22:17:44 -------- d-----w- C:\Users\Richard\AppData\Roaming\SpeedMaxPc 2012-02-19 22:17:44 -------- d-----w- C:\Users\Richard\AppData\Roaming\DriverCure 2012-02-19 22:17:16 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedMaxPc 2012-02-19 22:17:15 -------- d-----w- C:\ProgramData\SpeedMaxPc 2012-02-19 22:17:15 -------- d-----w- C:\Program Files (x86)\SpeedMaxPc 2012-02-19 13:37:48 -------- d-----w- C:\c 2012-02-19 04:48:31 -------- d-----w- C:\rei 2012-02-19 04:48:23 -------- d-----w- C:\Program Files\Reimage 2012-02-19 04:48:15 -------- d-----w- C:\Program Files (x86)\ReImageCompanion 2012-02-19 04:28:15 -------- d-----w- C:\Users\Richard\AppData\Roaming\Malwarebytes 2012-02-19 04:01:11 -------- d--h--w- C:\ProgramData\Common Files 2012-02-19 03:56:35 -------- d-----w- C:\ProgramData\MFAData 2012-02-18 14:42:53 28672 ----a-w- C:\windows\SysWow64\vbWebDownload.dll 2012-02-18 14:42:53 1081616 ----a-w- C:\windows\SysWow64\mscomctl.ocx 2012-02-18 14:42:52 -------- d-----w- C:\Program Files (x86)\Wireless Wizard 2012-02-18 14:01:31 -------- d-----w- C:\ProgramData\WeFi 2012-02-18 14:00:13 -------- d-----w- C:\Program Files (x86)\WeFi 2012-02-18 13:14:15 -------- d-----w- C:\Program Files (x86)\NirSoft 2012-02-18 05:55:49 -------- d-----w- C:\Program Files (x86)\Ask.com 2012-02-18 05:55:43 -------- d-----w- C:\Users\Richard\AppData\Local\APN 2012-02-18 05:46:31 -------- d-----w- C:\Program Files (x86)\Common Files\System-G 2012-02-18 05:46:29 -------- d-----w- C:\Program Files (x86)\Connection Keeper 2012-02-18 05:22:45 -------- d-----w- C:\Users\Richard\AppData\Local\DownloadManager 2012-02-18 05:22:43 -------- d-----w- C:\Program Files (x86)\Download Manager 2012-02-17 18:19:31 56496 ----a-w- C:\windows\SysWow64\wbhelp2.dll 2012-02-17 18:19:31 544768 ----a-w- C:\windows\SysWow64\wbocx.ocx 2012-02-17 18:19:31 4608 ----a-w- C:\windows\SysWow64\W95INF32.DLL 2012-02-17 18:19:31 33968 ----a-w- C:\windows\SysWow64\anim.dll 2012-02-17 18:19:31 258352 ----a-w- C:\windows\SysWow64\unicows.dll 2012-02-17 18:19:31 2272 ----a-w- C:\windows\SysWow64\W95INF16.DLL 2012-02-17 18:19:31 1706800 ----a-w- C:\windows\SysWow64\gdiplus.dll 2012-02-17 18:19:30 -------- d-----w- C:\Program Files (x86)\WinUtilities 2012-02-17 17:03:47 -------- d-----w- C:\Program Files (x86)\Glary Utilities 2012-02-17 05:23:27 -------- d-----w- C:\Users\Richard\AppData\Local\KSafe 2012-02-16 16:36:00 -------- d--h--w- C:\SafeRecycle 2012-02-16 16:32:54 -------- d-----w- C:\Users\Richard\AppData\Roaming\kingsoft 2012-02-16 16:28:16 -------- d-sh--w- C:\KRSHistory 2012-02-16 16:27:46 -------- d-sh--w- C:\ProgramData\KRSHistory 2012-02-16 16:27:46 -------- d-----w- C:\ProgramData\Safe 2012-02-16 16:26:46 -------- d-----w- C:\ProgramData\kingsoft 2012-02-16 16:26:31 -------- d-----w- C:\Program Files (x86)\Kingsoft 2012-02-16 04:38:05 509952 ----a-w- C:\windows\System32\ntshrui.dll 2012-02-16 04:38:05 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll 2012-02-16 04:29:26 515584 ----a-w- C:\windows\System32\timedate.cpl 2012-02-16 04:29:26 478720 ----a-w- C:\windows\SysWow64\timedate.cpl 2012-02-16 04:05:45 3145728 ----a-w- C:\windows\System32\win32k.sys 2012-02-16 02:07:58 498688 ----a-w- C:\windows\System32\drivers\afd.sys 2012-02-16 02:07:36 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll 2012-02-16 02:07:36 634880 ----a-w- C:\windows\System32\msvcrt.dll 2012-02-15 22:30:09 -------- d-----w- C:\ProgramData\richardy Lab 2012-02-14 15:56:49 -------- d-----w- C:\Users\Richard\AppData\Local\{B87FEE52-0B37-44C7-B7BF-03FD22D334AE} 2012-02-14 03:38:44 -------- d-----w- C:\Users\Richard\files_files 2012-02-11 05:48:40 -------- d-----w- C:\Users\Richard\ftp 2012-02-11 04:15:14 -------- d-----w- C:\Users\Richard\AppData\Local\I Want This 2012-02-11 04:15:13 -------- d-----w- C:\Program Files (x86)\I Want This 2012-02-11 03:41:37 -------- d-----w- C:\Users\Richard\AppData\Roaming\ooVoo Details 2012-02-09 19:21:46 -------- d-----w- C:\Users\Richard\AppData\Local\jZip 2012-02-09 19:20:29 -------- d-----w- C:\Program Files (x86)\jZip 2012-02-09 16:12:06 -------- d-----w- C:\Users\Richard\AppData\Local\Microsoft Help 2012-02-09 14:13:37 -------- d-----w- C:\Users\Richard\AppData\Roaming\FinalTorrent 2012-02-09 14:12:24 -------- d-----w- C:\Program Files (x86)\FinalTorrent 2012-02-09 05:21:42 -------- d-----w- C:\Users\Richard\AppData\Local\DeskShare Data 2012-02-09 05:21:40 -------- d-----w- C:\ProgramData\firebird 2012-02-09 05:21:34 -------- d-----w- C:\Users\Richard\AppData\Local\Spoon 2012-02-09 05:21:31 -------- d-----w- C:\Program Files (x86)\Deskshare 2012-02-09 05:19:10 -------- d-----w- C:\Program Files (x86)\Microsoft 2012-02-08 01:50:15 -------- d-----w- C:\Fraps 2012-02-06 14:19:31 -------- d-----w- C:\Users\Richard\AppData\Roaming\qualys 2012-02-01 17:47:57 -------- d-----w- C:\Users\Richard\AppData\Local\MediaServer 2012-02-01 17:47:55 -------- d-----w- C:\ProgramData\PDVD 2012-02-01 17:44:59 -------- d-----w- C:\ProgramData\install_clap 2012-01-31 19:44:06 -------- d-----w- C:\Program Files (x86)\DictionaryBoss 2012-01-31 06:05:20 -------- d-s---w- C:\windows\SysWow64\Microsoft 2012-01-30 16:15:21 -------- d-----w- C:\windows\SysWow64\BestPractices 2012-01-30 16:15:18 -------- d-----w- C:\windows\System32\BestPractices 2012-01-30 16:15:17 -------- d-----w- C:\inetpub 2012-01-30 16:07:22 0 ---ha-w- C:\Users\Richard\AppData\Local\BITCA62.tmp . ==================== Find3M ==================== . 2012-02-21 05:52:13 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-20 02:24:00 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-01-29 13:10:42 279656 ------w- C:\windows\System32\MpSigStub.exe 2012-01-27 02:45:08 15672 ----a-w- C:\windows\System32\drivers\SWDUMon.sys 2012-01-19 03:11:11 0 ----a-w- C:\windows\SysWow64\sho3894.tmp 2012-01-13 06:58:07 0 ----a-w- C:\windows\SysWow64\sho478F.tmp 2012-01-12 23:01:55 0 ----a-w- C:\windows\SysWow64\sho55DC.tmp 2011-12-14 07:11:03 2308096 ----a-w- C:\windows\System32\jscript9.dll 2011-12-14 07:04:30 1390080 ----a-w- C:\windows\System32\wininet.dll 2011-12-14 07:03:38 1493504 ----a-w- C:\windows\System32\inetcpl.cpl 2011-12-14 06:57:28 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2011-12-14 03:04:54 1798656 ----a-w- C:\windows\SysWow64\jscript9.dll 2011-12-14 02:57:18 1127424 ----a-w- C:\windows\SysWow64\wininet.dll 2011-12-14 02:56:58 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2011-12-14 02:50:04 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb . ============= FINISH: 23:03:46.15 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 1/6/2012 2:02:14 PM System Uptime: 2/28/2012 7:05:11 PM (4 hours ago) . Motherboard: LENOVO | | Base Board Product Name Processor: Intel® Pentium® CPU B960 @ 2.20GHz | CPU1 | 2200/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 422 GiB total, 365.584 GiB free. D: is FIXED (NTFS) - 29 GiB total, 26.818 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP92: 2/24/2012 5:40:55 AM - avast! Free Antivirus Setup RP93: 2/24/2012 5:43:44 AM - avast! Free Antivirus Setup RP94: 2/24/2012 1:56:37 PM - Windows Update RP95: 2/24/2012 7:44:49 PM - Installed TuneUp Utilities 2012 RP96: 2/24/2012 8:43:14 PM - Removed TuneUp Utilities 2012 RP97: 2/24/2012 8:43:46 PM - Removed TuneUp Utilities Language Pack (en-US) RP98: 2/25/2012 8:10:22 PM - Restore Operation RP99: 2/26/2012 7:00:52 PM - Windows Backup RP100: 2/27/2012 1:28:08 PM - OTL Restore Point - 2/27/2012 1:28:05 PM RP101: 2/27/2012 1:28:39 PM - OTL Restore Point - 2/27/2012 1:28:39 PM RP102: 2/28/2012 5:44:13 PM - Restore Operation . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 Plugin Adobe Reader X (10.1.2) Ask Toolbar Atheros Client Installation Program Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver avast! Free Antivirus Connection Keeper Connection Monitor Connectivity Fixer Download Manager DriverUpdate ElephantDrive Desktop Energy Management Glary Utilities 2.42.0.1389 Google Chrome Google Update Helper InstallIQ Updater Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Itibiti RTC Java Auto Updater Java 6 Update 31 Junk Mail filter update Kaspersky Anti-Virus 2012 Knctr Lenovo Driver Download Manager Lenovo EasyCamera Lenovo Games Console Lenovo OneKey Recovery Lenovo YouCam Mesh Runtime Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 10.0.2 (x86 en-US) Mozilla Thunderbird 10.0.2 (x86 en-US) MSRedx64 MSVCRT MSVCRT_amd64 NETGEAR RangeMax Wireless USB 2.0 Adapter WPN111 NirSoft WirelessNetView Norton AntiVirus Norton Management Norton Online Norton Safety Minder ooVoo ooVoo toolbar, powered by Ask.com Updater Pando Media Booster Power Tab Editor 1.7 Power2Go Realtek USB 2.0 Reader Driver ReImageCompanion Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) SendSpace Wizard Skype™ 5.8 Star Trek Online Super Speed Internet & Browser Assistant SySpeed TransferBigFiles Desktop Client Trojan Remover 6.8.2 TuneUp Utilities Language Pack (en-US) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) UserGuide Webcam 1-2-3 WeFi 4.0.1.0 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series WinUtilities 10.41 Professional Edition Wireless Wizard ver 5.2 . ==== Event Viewer Messages From Past Week ======== . 2/28/2012 7:09:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the seclogon service. 2/28/2012 7:09:34 PM, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/28/2012 7:09:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 2/28/2012 7:08:07 PM, Error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). 2/28/2012 7:05:44 PM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. 2/28/2012 5:54:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SSDP Discovery service to connect. 2/28/2012 5:54:35 PM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/28/2012 5:54:35 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x8007041d'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 2/28/2012 5:44:46 PM, Error: Service Control Manager [7034] - The ElephantDrive-MappedDrive service terminated unexpectedly. It has done this 1 time(s). 2/27/2012 9:51:42 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 2/27/2012 9:51:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 2/27/2012 9:51:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 2/27/2012 9:51:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 2/27/2012 9:51:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 2/27/2012 9:51:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 2/27/2012 9:51:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 2/27/2012 9:40:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi BHDrvx64 BPntDrv ccSet_NAV DfsC discache eeCtrl IDSVia64 kl2 KLIF KLIM6 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf 2/27/2012 9:40:49 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 2/27/2012 9:40:49 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 2/27/2012 9:40:49 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 2/27/2012 9:40:49 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 2/27/2012 9:40:49 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 2/27/2012 9:40:48 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 2/27/2012 9:40:48 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 2/27/2012 9:40:48 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 2/27/2012 9:40:48 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 2/27/2012 9:36:08 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer JOSE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{73B8F4AE-6469-4024-9029-8469BCCB146F}. The master browser is stopping or an election is being forced. 2/27/2012 6:17:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect. 2/27/2012 6:17:17 AM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 2/26/2012 9:03:17 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NAV SymIRON SymNetS 2/26/2012 5:04:57 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. 2/26/2012 3:31:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service. 2/26/2012 12:11:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. 2/26/2012 12:11:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service. 2/26/2012 12:10:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP service. 2/25/2012 8:58:17 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 2/25/2012 8:39:09 PM, Error: IPRIP [29053] - IPRIP could not join the multicast group 224.0.0.9 on the local interface with IP address 169.254.228.96. The data is the error code. 2/25/2012 8:39:09 PM, Error: IPRIP [29052] - IPRIP could not request multicasting on the local interface with IP address 169.254.228.96. The data is the error code. 2/25/2012 8:22:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 2/25/2012 8:19:35 PM, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully.. 2/23/2012 12:09:21 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s). 2/23/2012 11:25:08 AM, Error: IPRIP [29053] - IPRIP could not join the multicast group 224.0.0.9 on the local interface with IP address 192.168.1.113. The data is the error code. 2/22/2012 3:18:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NAV KLIM6 SymIRON SymNetS 2/21/2012 11:40:43 AM, Error: Microsoft Antimalware [3002] - 2/21/2012 10:21:56 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NAV KLIM6 SymIRON 2/21/2012 1:37:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 BPntDrv ccSet_NAV DfsC discache eeCtrl IDSVia64 KLIM6 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf . ==== End Of File =========================== From RichJacoby , additional info: I have a set of png's from various screen captures of differnet warnings etc.such as NPFS32.dll is infected; Norton:trojan.adh.2 has been removed... On my first run of Malwarebytes: Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.19.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Richard :: FRED [administrator] Protection: Enabled 2/18/2012 8:39:02 PM mbam-log-2012-02-18 (20-39-02).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 284132 Time elapsed: 9 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 2 C:\Program Files (x86)\DictionaryBoss\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\DictionaryBoss\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Detected: 7 C:\Users\Richard\Downloads\DownloadManager_Setup.exe (PUP.Bundle.Installer.OI) -> No action taken. C:\Users\Richard\Downloads\jenkatarcade.exe (PUP.BundleOffers.IIQ) -> No action taken. C:\Users\Richard\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files (x86)\DictionaryBoss\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\DictionaryBoss\bar\1.bin\installKeys.js (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\DictionaryBoss\bar\1.bin\LOGO.BMP (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\DictionaryBoss\bar\1.bin\chrome\v4ffxtbr.jar (Adware.MyWebSearch) -> Quarantined and deleted successfully. (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.