Jump to content

Search the Community

Showing results for tags 'HELP'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Help! My machine running Windows 7 Home Premium 64-bit (if that helps) has caught some nasty bug called Backdoor.bot! I have tried to delete it on multiple occasions using Malwarebytes Anti-Malware, and it says threat removed, and sometimes when I scan it comes up clean, but when I insert thumb drives or SD cards the computer puts in 3 files immediately, and all the files become .exe files and 468kb large. When I scan them, it shows Backdoor.bot as a threat. When I try to remove them with Malwarebytes, the files dissapear, then a few seconds later appear again. What do I do? Please help! All help is greatly appreciated. Below is the log of MBAM: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.07.31.02 Windows 7 x64 NTFSInternet Explorer 9.0.8112.16421User :: USER-PC [administrator] 31/7/2013 6:09:57 PMMBAM-log-2013-07-31 (18-51-13).txt Scan type: Full scan (C:\|D:\|Q:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 345255Time elapsed: 40 minute(s), 40 second(s) Memory Processes Detected: 3C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe (Backdoor.Bot) -> 3360 -> No action taken.C:\Program Files\Windows Alerter\WinAlert.exe (Backdoor.Bot) -> 3448 -> No action taken.C:\Program Files\Windows Common Files\Commgr.exe (Backdoor.Bot) -> 4012 -> No action taken. Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 2HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken. Registry Values Detected: 6HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WindowMessenger (Backdoor.Bot) -> Data: C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WindowMessenger (Backdoor.Bot) -> Data: C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Alerter (Backdoor.Bot) -> Data: C:\Program Files\Windows Alerter\WinAlert.exe -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Alerter (Backdoor.Bot) -> Data: C:\Program Files\Windows Alerter\WinAlert.exe -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Common Files Manager (Backdoor.Bot) -> Data: C:\Program Files\Windows Common Files\Commgr.exe -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Common Files Manager (Backdoor.Bot) -> Data: C:\Program Files\Windows Common Files\Commgr.exe -> No action taken. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 3C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe (Backdoor.Bot) -> No action taken.C:\Program Files\Windows Alerter\WinAlert.exe (Backdoor.Bot) -> No action taken.C:\Program Files\Windows Common Files\Commgr.exe (Backdoor.Bot) -> No action taken. (end)
  2. Hello, While I was checking my email, I got a large pop-up on my screen. It said something about it was the government and i had to pay a fine or something. I got something like this earlier so I knew it was a virus. I shut off my laptop and now it logs me off anytime I try to start in any kind of safe-mode. However, when I log in normally, my screen goes completely white. Can anyone help me remove this? Thanks!
  3. Hello friends, I open this thread because I have the Malwarebytes Anti-Malware program trial version for "15 days" (I think). Well, on the main screen of scan, I get down an option called "Buy It Now", which sends me to the sales page of this Anti-Malware program, which is: http://www.malwarebytes.org / lp / Inproduct /. Now, hit the "upgrade now", I get the purchase screen shows me in my case in Mexican currency, which would be $ 335.03 MXN = 30 USD (approximately). Now ... I see the following methods of payment: VISA, MASTERCARD, AMEX, JCB, and finally transfer Paypal. Actually my doubt is, will implement the Bitcoin as a payment method ever? Since I usually buy this type of currency, since transfers are completely anonymous and easy to use. Would be very useful for me and for many users who want to buy with this type of currency. I hope your answers, greetings!
  4. Hello, I would first off like to say Malware Bytes has helped me a lot, I have removed multiple viruses and I really like the software. However, MalwareBytes has detected a virus called PUP.Datamngr in my registry. The thing is, when I remove it from quarantine (delete it), it will show up again next time I scan. I have no clue how I got it or how long it's been on my computer, it doesn't seem to be causing a lot of damage that I know of as of now. But it just keeps showing up and maybe if I can get it off my system will be faster. Please, I ask of you to help me remove this for good off my PC. I will include the log below. Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.23.05 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16635dawson :: DAWSON-PC [administrator] Protection: Enabled 23/07/2013 9:33:30 PMMBAM-log-2013-07-23 (21-50-00).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 227297Time elapsed: 8 minute(s), 30 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> No action taken. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  5. I'm infected with malware and I have no idea how to remove it. One day I tried going to gmtower.org, but I accidentally went to gmtower.com (typosquatter). The website installed a fake version of SUPERantispyware which placed "Gay Fetish Porn.url" on my desktop every time I started my computer. Malwarebytes hardly ever opens now, because the malware keeps blocking it. And when it does, malwarebytes doesn't detect anything because I believe the malware has made it void. My other antivirus doesn't start and is taking up 79% of my computer's CPU. I then installed and ran a fresh copy of Spybot S&D, which detected the malware, but refused to remove it. I really have no idea what the file is called, but I do know that it has a .vbs extension and that it is located in a .rar archive. If anyone has any removal tips, please don't hesitate to post them. As soon as I can find the malware in its folder, I will provide a sample.
  6. Hello, Today I decided to check my computer over as I usially do after so long. I opened the command prompt and tryed netstat -a found that I had a weird connection so I tryed netstat -a -b and found it was from svchost.exe I downloaded "CurrPorts" and ran the file as an administrator and found somthing quite interesting. I took the IP i was connected to and traced it. and found it was registered to the United Kingdoms MOD (Ministry of Defence) yet... heres the turn of events. It was showing me the ips location was located at a CHURCH... Ok so now I'm totally unaware of whats going on am I being tapped by the UK's MOD? Well I went to there website there REAL website and apon loading it. My screen turned totally black. I tryed several things like Start keys, Ctrl+Alt+Delte.. Nothing I had to restart my pc now to be sure I tryed this two more times and its confirmed this site is what causes the screen to go black. Right now i'm running a full scan with malewarebytes PRO and I have installed comodo firewall and am using it to monitor any suspicious connections but so far absolutely none Please help me if you can becuase I do not know what to do.
  7. Seems Yontoo has been downloaded onto my comuter. After looking into it a bit online I found out that it is malware(and has been causing that annoying drop down deals that has appeared a few days ago). Anyone know a program that can kill it off?
  8. I could use some help, for the past couple of days I've seen Malware blocking svchost.exe with a numerous amount of IP's, I didn't bothered saving/typing them somewhere. Then I decided to google the issue to find out that isn't alright, unfortunately I do not know what to do, so I could use a hand. Though I have to mention the fact that a few days ago I fought againt System Care Antivirus thingy, removed it hopefully since I can use the computer normally ( with the use of Combofix, Rkill, Malware Anti-Malware).
  9. The computer runs slow, has spybot telling me there are MBR physical drives 0,1,2,3,4 but I only have drive "C". Sophos won't even open. Said Adobe was hacked, etc. Could use some help. Win 7. Dell. Oh by the way the Intel Extreme Graphics Driver showed up as somthing like 37giggabytes. attach.txt dds.txt
  10. Hi D-Fred Brown. This thread is for my infected XP desktop. Thank you for helping. I intend to make a big fat donation just as soon as I get my wife's credit card.
  11. Unable to download on Windows Vista computer. Gets most of the way through download and then comes back with (filename) .exe contained a virus and was deleted. Virus programs and firewalls are not working properly. Submitted files to HiJack This Support four days ago - no response. Have submitted files to McAffee (response at end) using Susp file tool downloaded to unaffected system and transferred on disk. Susp file program ran in safe mode detected 85 files submitted to McAfee as logs it would not submit as samples but only detected around 4 suspicious files in regular mode. First instance of Stinger ran and or the analysis of Suspicious files found the following but did not necessarily Quarantine Trojan/PSW.VKont.bb2; (vrobot) Trojan Win32.Agent.44168; (TrendMicro Home-Call) TROJ_GEN.F47V0816; Artemis!F5CD45497111. Instances of Stinger ran afterward detected nothing. Believe Stinger and other previously clean files now are infected. Link for HiJack this http://sourceforge.net/p/hjt/support-requests/30/ support request that contains the log files etc. . . . Have ran the following programs from a clean computer burned disk but had trouble initializing most at first and took several attempts to run them. Trend Micro Anti Threat Toolkit HiJack This Get Susp Rootkit Buster Stinger32 Rootkit Remover SuperDAT 7107xdat removeklez removebugbear Unable to run or virus would not allow Mydoomscanner Nightdragon McAfee TechCheck Security Scan McAfee Setup Have several directories detected in DOS that I do not recognize from around the time of infection can provide names if necessary. Response from McAfee: Thank you for using the GetSusp tool and submitting your suspicious file(s). You will find detailed below, the status of each file in the submission after an initial analysis. SR Number Creation Date WorkItem ID Machine Name ========= ============== =========== =========== None specified 6/24/2013 8:45:53 AM 958748 SHEILA-PC File Name Findings Detection Type --------- -------- --------- ---- appcore.ex_ clean analysed_clean appcore.resources.dl_ not_detected assumed_clean classicstarter.dl_ clean analysed_clean assistcustomer.dl_ clean analysed_clean audaemon.bi_ not_detected ccme_base.dl_ clean known_clean hphc_service.ex_ clean analysed_clean libcurl.dl_ not_detected Unknown cryptocme2.dl_ clean known_clean finderhelper.dl_ not_detected assumed_clean kbdstub.ex_ clean known_clean hpsysdrv.ex_ clean analysed_clean iau_sdk.ex_ clean known_clean helperstarter.dl_ clean analysed_clean sqlite3.dl_ clean known_clean remengine.ex_ clean analysed_clean runprofiler.ex_ clean analysed_clean regutils.dl_ clean analysed_clean ssleay32.dl_ not_detected Unknown osd.ex_ clean known_clean libeay32.dl_ not_detected Unknown libexpatw.dl_ clean known_clean In the event that the files are not listed as known threats, the submission will be forwarded to a McAfee Labs Researcher for further analysis. You will be contacted by McAfee Labs through email with the results of that analysis. Support - Thank you for using the GetSusp tool and submitting your suspicious file(s). You will find detailed below, the status of each file in the submission after an initial analysis. SR Number Creation Date WorkItem ID Machine Name ========= ============== =========== =========== None specified 6/24/2013 1:03:41 PM 959871 SHEILA-PC File Name Findings Detection Type --------- -------- --------- ---- audaemon.bi_ not_detected Unknown In the event that the files are not listed as known threats, the submission will be forwarded to a McAfee Labs Researcher for further analysis. You will be contacted by McAfee Labs through email with the results of that analysis. Similar response as follows to all other submissions to the same Thank you for using the GetSusp tool and submitting your suspicious file(s). Upon analysis (details listed below), we found that the submitted zip file contained only the logs generated during the GetSusp scan. The data in the logs will be used for prevalence purposes. Filename Failure Reason Machine Name ======== ============== ======== gsusp_9FE7B4CB0BD9_061913_172326.zip The submitted zip file has no viable samples for analysis SHEILA-PC There will be no further communication with respect to this submission. RootKitBusterDebug20130619_00.loghijackthis.loghijackthis.loghijackthis1.txthijackthis2.txthijackthis4.txt Stinger_22062013_021416.html STUFF PRINTED FROM ABOVE LINK IF UNABLE TO VIEW Milestone: v1.0_(example) Status: openOwner: nobodyLabels: Trojan/PsW VKont Trojan.Win32.Agent & a.Black TROJ_GEN. (1) Priority: 5 Updated: 4 days ago Created: 4 days ago Creator:SheilaPrivate: No
  12. Hello, I have the FBI Moneypack virus on my computer. I am running 64bit Windows on a Dell Studio 1458. I have attached the frst logs to this post. Please help me with what to do next. Your help is greatly appreciated. Thank you! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013 02 Ran by SYSTEM on 22-06-2013 23:05:22 Running from F:\ Windows 7 Ultimate (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-09-03] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8095776 2009-08-31] (Realtek Semiconductor) HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] () HKLM\...\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.) HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) HKLM-x32\...\RunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer [194912 2013-02-07] (DivX, LLC) HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.) HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [840768 2013-05-10] (Adobe Systems Inc.) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [38984 2013-05-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [358336 2011-08-11] (Citrix Systems, Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-12] () HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-29] (DivX, LLC) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-04-30] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.) HKU\Rita Nicole\...\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [1272912 2013-05-10] (Adobe Systems Incorporated) HKU\Rita Nicole\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) HKU\Rita Nicole\...\Run: [Akamai NetSession Interface] "C:\Users\Rita Nicole\AppData\Local\Akamai\netsession_win.exe" [x] HKU\Rita Nicole\...\Run: [HideMyIP] C:\Program Files (x86)\Hide My IP\HideMyIP.exe [951952 2012-10-23] (www.hidemyip.com) HKU\Rita Nicole\...\Run: [Google Update] "C:\Users\Rita Nicole\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-02-18] (Google Inc.) HKU\Rita Nicole\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.) HKU\Rita Nicole\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.) HKU\Rita Nicole\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File) ==================== Services (Whitelisted) ================= S2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-21] (Akamai Technologies, Inc.) S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-02-06] (Research In Motion Limited) S3 HideMyIpSRV; C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe [3572880 2012-10-23] (Hide My IP) S2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-06-23] () S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [36352 2011-07-13] () S2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [411136 2011-10-19] () S2 Tether; C:\Program Files (x86)\Tether\TBService.exe [49080 2010-05-14] () S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE [48128 2010-02-02] (Dell Inc.) S2 0032611335484094mcinstcleanup; C:\Users\RITANI~1\AppData\Local\Temp\003261~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [x] S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [x] ==================== Drivers (Whitelisted) ==================== S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16384 2011-04-15] () S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-15] (Marvell Semiconductor, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S3 rtlss; C:\Windows\System32\Drivers\rtlss.sys [27240 2010-06-21] (Realtek Semiconductor Corporation) S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-22 23:05 - 2013-06-22 23:05 - 00000000 ____D C:\FRST 2013-06-19 23:33 - 2013-06-19 23:33 - 02019324 ____A C:\ProgramData\Application Data\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 02019324 ____A C:\ProgramData\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 02019278 ____A C:\Users\Rita Nicole\Application Data\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 02019278 ____A C:\Users\Rita Nicole\AppData\Roaming\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\Local Settings\Application Data\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\Local Settings\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\AppData\Local\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 00014624 ____A C:\Users\Rita Nicole\Desktop\hs_err_pid6656.log 2013-06-08 10:38 - 2013-06-08 10:38 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-06-08 10:38 - 2013-06-08 10:38 - 00001785 ____A C:\ProgramData\Desktop\iTunes.lnk 2013-06-08 10:37 - 2013-06-22 02:05 - 00000000 ____D C:\ProgramData\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-08 10:37 - 2013-06-22 02:05 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-08 10:37 - 2013-06-22 02:05 - 00000000 ____D C:\Program Files\iTunes 2013-06-08 10:37 - 2013-06-22 02:05 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-08 10:37 - 2013-06-22 01:59 - 00000000 ____D C:\Program Files\iPod 2013-06-08 10:33 - 2013-06-22 02:05 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-06-05 20:04 - 2013-06-05 20:04 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-05 20:04 - 2013-06-05 20:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-05 20:04 - 2013-06-05 20:04 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-05 20:04 - 2013-06-05 20:04 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-05 20:04 - 2013-06-05 20:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-05 20:04 - 2013-06-05 20:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-06-05 20:04 - 2013-06-05 20:04 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-06-05 20:04 - 2013-06-05 20:04 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-05 20:04 - 2013-06-05 20:04 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-06-05 20:04 - 2013-06-05 20:04 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-05 20:04 - 2013-06-05 20:04 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-06-05 20:03 - 2013-06-05 20:03 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-05 20:01 - 2013-06-05 20:10 - 00011161 ____A C:\Windows\IE10_main.log 2013-06-05 08:54 - 2013-06-16 19:46 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\Application Data\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod 2013-06-05 08:54 - 2013-06-16 19:46 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod 2013-06-05 08:54 - 2013-06-16 19:46 - 00000000 ____D C:\Users\Rita Nicole\AppData\Local\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod 2013-05-25 04:05 - 2013-05-25 04:27 - 00000000 ____D C:\Users\Rita Nicole\My Documents\Vodafone DE 2013-05-25 04:05 - 2013-05-25 04:27 - 00000000 ____D C:\Users\Rita Nicole\Documents\Vodafone DE ==================== One Month Modified Files and Folders ======= 2013-06-22 23:05 - 2013-06-22 23:05 - 00000000 ____D C:\FRST 2013-06-22 16:00 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-22 16:00 - 2009-07-13 23:51 - 00103476 ____A C:\Windows\setupact.log 2013-06-22 02:06 - 2010-08-26 12:08 - 00000000 ____D C:\users\Rita Nicole 2013-06-22 02:06 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Offline Web Pages 2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK 2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR 2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK 2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR 2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF 2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2013-06-22 02:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-06-22 02:05 - 2013-06-08 10:37 - 00000000 ____D C:\ProgramData\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-22 02:05 - 2013-06-08 10:37 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-22 02:05 - 2013-06-08 10:37 - 00000000 ____D C:\Program Files\iTunes 2013-06-22 02:05 - 2013-06-08 10:37 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-22 02:05 - 2013-06-08 10:33 - 00000000 ____D C:\Program Files (x86)\QuickTime 2013-06-22 02:05 - 2010-08-29 22:37 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\Microsoft Help 2013-06-22 02:05 - 2010-08-29 22:37 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\Application Data\Microsoft Help 2013-06-22 02:05 - 2010-08-29 22:37 - 00000000 ____D C:\Users\Rita Nicole\AppData\Local\Microsoft Help 2013-06-22 02:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration 2013-06-22 02:03 - 2011-04-14 12:19 - 00000000 ____D C:\Windows\System32\Macromed 2013-06-22 02:02 - 2010-08-26 16:56 - 00000000 ____D C:\Users\Rita Nicole\Application Data\Skype 2013-06-22 02:02 - 2010-08-26 16:56 - 00000000 ____D C:\Users\Rita Nicole\AppData\Roaming\Skype 2013-06-22 02:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat 2013-06-22 01:59 - 2013-06-08 10:37 - 00000000 ____D C:\Program Files\iPod 2013-06-22 01:59 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-06-21 19:56 - 2012-07-19 22:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-19 23:33 - 2013-06-19 23:33 - 02019324 ____A C:\ProgramData\Application Data\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 02019324 ____A C:\ProgramData\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 02019278 ____A C:\Users\Rita Nicole\Application Data\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 02019278 ____A C:\Users\Rita Nicole\AppData\Roaming\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\Local Settings\Application Data\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\Local Settings\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 02019263 ____A C:\Users\Rita Nicole\AppData\Local\2433f433 2013-06-19 23:33 - 2013-06-19 23:33 - 00014624 ____A C:\Users\Rita Nicole\Desktop\hs_err_pid6656.log 2013-06-16 20:00 - 2009-07-14 00:10 - 01125280 ____A C:\Windows\WindowsUpdate.log 2013-06-16 19:48 - 2009-04-20 02:05 - 00000000 ____D C:\Users\Rita Nicole\My Documents\Outlook Files 2013-06-16 19:48 - 2009-04-20 02:05 - 00000000 ____D C:\Users\Rita Nicole\Documents\Outlook Files 2013-06-16 19:46 - 2013-06-05 08:54 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\Application Data\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod 2013-06-16 19:46 - 2013-06-05 08:54 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod 2013-06-16 19:46 - 2013-06-05 08:54 - 00000000 ____D C:\Users\Rita Nicole\AppData\Local\8D60C146-23F5-4458-89C5-7C1EC844C946.aplzod 2013-06-16 19:39 - 2009-07-13 23:45 - 00019376 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-16 19:39 - 2009-07-13 23:45 - 00019376 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-16 19:38 - 2012-12-11 18:38 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-06-16 19:38 - 2012-04-02 14:16 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-16 19:38 - 2011-06-06 11:21 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-16 19:36 - 2011-08-27 14:04 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-16 19:35 - 2013-04-19 11:03 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-121882709-412351183-818571276-1000UA.job 2013-06-16 19:32 - 2011-08-27 14:04 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-16 08:52 - 2013-04-19 11:03 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-121882709-412351183-818571276-1000Core.job 2013-06-08 10:38 - 2013-06-08 10:38 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-06-08 10:38 - 2013-06-08 10:38 - 00001785 ____A C:\ProgramData\Desktop\iTunes.lnk 2013-06-05 20:10 - 2013-06-05 20:01 - 00011161 ____A C:\Windows\IE10_main.log 2013-06-05 20:04 - 2013-06-05 20:04 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-05 20:04 - 2013-06-05 20:04 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-05 20:04 - 2013-06-05 20:04 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-05 20:04 - 2013-06-05 20:04 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-05 20:04 - 2013-06-05 20:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-05 20:04 - 2013-06-05 20:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-06-05 20:04 - 2013-06-05 20:04 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-06-05 20:04 - 2013-06-05 20:04 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-05 20:04 - 2013-06-05 20:04 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-06-05 20:04 - 2013-06-05 20:04 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-05 20:04 - 2013-06-05 20:04 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-05 20:04 - 2013-06-05 20:04 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-06-05 20:04 - 2013-06-05 20:04 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-06-05 20:03 - 2013-06-05 20:03 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-05 20:03 - 2013-06-05 20:03 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-05 09:00 - 2010-11-15 19:34 - 00000000 ____D C:\Users\Rita Nicole\Application Data\Apple Computer 2013-06-05 09:00 - 2010-11-15 19:34 - 00000000 ____D C:\Users\Rita Nicole\AppData\Roaming\Apple Computer 2013-06-05 08:48 - 2010-08-30 00:03 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\Application Data\Apple Computer 2013-06-05 08:48 - 2010-08-30 00:03 - 00000000 ____D C:\Users\Rita Nicole\Local Settings\Apple Computer 2013-06-05 08:48 - 2010-08-30 00:03 - 00000000 ____D C:\Users\Rita Nicole\AppData\Local\Apple Computer 2013-05-28 02:53 - 2010-07-13 10:56 - 00000000 ____D C:\Users\Rita Nicole\My Documents\Recipes 2013-05-28 02:53 - 2010-07-13 10:56 - 00000000 ____D C:\Users\Rita Nicole\Documents\Recipes 2013-05-25 04:27 - 2013-05-25 04:05 - 00000000 ____D C:\Users\Rita Nicole\My Documents\Vodafone DE 2013-05-25 04:27 - 2013-05-25 04:05 - 00000000 ____D C:\Users\Rita Nicole\Documents\Vodafone DE ZeroAccess: C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5 C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\@ C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\L C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\U C:\$Recycle.Bin\S-1-5-21-121882709-412351183-818571276-1000\$b3e08003e8107cf7184dc005ab9859c5\L\00000004.@ Files to move or delete: ==================== C:\Users\Rita Nicole\GoToAssistDownloadHelper.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-28 02:34:21 Restore point made on: 2013-06-05 00:18:06 Restore point made on: 2013-06-05 20:00:36 Restore point made on: 2013-06-16 08:53:44 Restore point made on: 2013-06-16 20:00:50 Restore point made on: 2013-06-19 22:30:49 ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 6004.52 MB Available physical RAM: 5273.75 MB Total Pagefile: 6002.67 MB Available Pagefile: 5266.51 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:231.55 GB) NTFS (Disk=0 Partition=3) Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.76 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)] Drive f: () (Removable) (Total:0.94 GB) (Free:0.83 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: C5D66832) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 964 MB) (Disk ID: 69737369) Partition 1: (Not Active) - (Size=80 GB) - (Type=69) Partition 2: (Not Active) - (Size=892 GB) - (Type=73) Partition 3: (Not Active) - (Size=0) - (Type=74) Partition 4: (Not Active) - (Size=-440245157888) - (Type=00) LastRegBack: 2013-06-16 09:12 ==================== End Of Log ============================ Farbar Recovery Scan Tool (x64) Version: 22-06-2013 02 Ran by SYSTEM at 2013-06-22 23:08:48 Running from F:\ Boot Mode: Recovery ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\ERDNT\cache64\services.exe [2012-04-26 18:43] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ====== FRST.txt Search.txt
  13. This sounds like quite a bargain, but not so sure about how to sign up for moneypad. Can anyone help? I get this on my XP pc and my W7 laptop. Actually, instead can you tell me where I can download the FRST or Farbar. I decide to fight and not fall victim to their extortion techniques.
  14. Knights of M.Bytes, I humbly request your consideration as I secure the machines that have until recently been under the exiguous care of my predecessor; Every device was running bare bones internet explorer(although I have heard many proclaim the redemption of MS's competence in the browser realm) and an inconsistent smattering of redundant antivirus', with no two machines running the same brand. As I assuage the chaos and foment a new zen in my jurisdiction I will post my inital malwarebytes .txt dymp here. I found this forum via google queries in the past month pertaining to specific species of malware. The user "Gringo" has proven to be a suitable search term since I have benefitted from his expertise several times with issues on my non-work projects. ____________________________________________________ It would appear that this first computer http://i.imgur.com/kpCcmud.jpg was host to at least two malicious objects (which is an improvement from 30+ last time around) and as soon as malwarebytes:anti-malware(fullscan) detected these two elements I recieved a pop up notification from my antivirus (Comodo Antivirus) indicating that it too had coincidentally noticed two malicious objects. I didn't really hesitate to select the "take care of it" button on the Comodo alert. Out of habit I was concurrently running an instance of Malwarebytes:Anti-Rootkit. It completed its scan shortly after I instructed Comodo to purge the offending objects and announced that there was no malware detected. at any rate here is the Malwarebytes log _____________________________________________________ Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.20.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Apex :: APEX-I3-02 [administrator] 6/20/2013 2:41:00 PM MBAM-log-2013-06-20 (15-29-34).txt Scan type: Full scan (C:\|Q:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 347355 Time elapsed: 48 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PDFPerformer (PUP.BundleInstaller.IB) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Program Files (x86)\Uninstall Information\Ib\34\3701\ib_uninstall.exe (PUP.BundleInstaller.IB) -> No action taken. (end) __________________________________________________________________________________ Following this scan I opted to strike the "Remove Selected" button (MalwareBytes:Anit-Malware), and I shall agree to restart my computer remove the active threats as soon as I have succesfully posted this message. Although I appear to have removed everything that is what I thought the first time around, hence; this thread. Thank you for your time -R.E.M.
  15. Hi, I was redirected from this forum: http://forums.malwarebytes.org/index.php?showtopic=127629&hl=&fromsearch=1 I'm pretty positive my computer has a virus. Also, it might say I have two or more antivirus programs, and that may or may not be true. At one point I downloaded Norton for a free trial, and something caused it to never work (for example, I would click on it to open, and it never would, or it would open for a split second and close before I can try to scan anything. I've tried everything to remove it from my laptop, but it will not uninstall.), and then I was told to download Malwarebites, so there's the second one. Here are my logs: DDS DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16611 Run by Vanessa at 1:46:17 on 2013-06-17 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.1174 [GMT -7:00] . AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exe C:\windows\SysWOW64\PnkBstrA.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\System32\WUDFHost.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\igfxext.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\windows\system32\wuauclt.exe C:\windows\system32\svchost.exe -k SDRSVC C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\AlwaysUseProtection\mbam.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://xfinity.comcast.net/?cid=cgps06112013 uDefault_Page_URL = hxxp://start.toshiba.com/g/ uProxyOverride = <local> mWinlogon: Userinit = userinit.exe, BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.0.36\IPS\IPSBHO.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\AlwaysUseProtection\mbamgui.exe /install /silent mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{AF0FD1F9-DD25-49DF-883A-289A7CB0978A} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{AF0FD1F9-DD25-49DF-883A-289A7CB0978A}\3547574656E647 : DHCPNameServer = 172.21.1.1 TCP: Interfaces\{AF0FD1F9-DD25-49DF-883A-289A7CB0978A}\4455C455E65647 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{AF0FD1F9-DD25-49DF-883A-289A7CB0978A}\6484233473 : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{AF0FD1F9-DD25-49DF-883A-289A7CB0978A}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\trhcjnpy.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-06-08 00:38; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\trhcjnpy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-06-08 12:28; xkit@studioxenix.com; C:\Users\Vanessa\AppData\Roaming\Mozilla\Firefox\Profiles\trhcjnpy.default\extensions\xkit@studioxenix.com.xpi . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NAVx64\1403010.016\symds64.sys [2013-6-4 493656] R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NAVx64\1403010.016\symefa64.sys [2013-6-4 1139800] R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\windows\System32\drivers\NAVx64\1403010.016\ccsetx64.sys [2013-6-4 168096] R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\windows\System32\drivers\NSTx64\7DD03030.013\ccsetx64.sys [2013-6-4 168096] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\IPSDefs\20130604.001\IDSviA64.sys [2013-6-4 513184] R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NAVx64\1403010.016\ironx64.sys [2013-6-4 224416] R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccsvchst.exe [2013-6-4 144520] R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccsvchst.exe [2013-6-4 144520] R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-6-18 9216] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-6-18 38096] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [2013-5-31 1393240] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408] S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-3-20 21712] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NAVx64\1403000.024\symnets.sys [2013-6-4 432800] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-6-18 51512] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-8-25 1255736] . =============== Created Last 30 ================ . 2013-06-17 07:28:04 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-06-17 07:28:04 -------- d-----w- C:\Program Files (x86)\AlwaysUseProtection 2013-06-13 08:10:35 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll 2013-06-12 17:23:15 1054720 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe 2013-06-12 17:21:55 481280 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2013-06-12 17:21:50 327680 ----a-w- C:\Program Files\Internet Explorer\iediagcmd.exe 2013-06-12 01:42:59 -------- d-----w- C:\Users\Vanessa\AppData\Roaming\ID Vault 2013-06-12 01:41:41 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite 2013-06-12 01:41:23 -------- d-----w- C:\ProgramData\White Sky, Inc 2013-06-11 23:32:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-11 22:44:38 -------- d-----w- C:\Users\Vanessa\AppData\Local\White_Sky,_Inc 2013-06-11 22:44:38 -------- d-----w- C:\ProgramData\IsolatedStorage 2013-06-11 22:44:34 -------- d-----w- C:\Users\Vanessa\AppData\Local\ID Vault 2013-06-05 05:07:20 168096 ----a-w- C:\windows\System32\drivers\NSTx64\7DD03030.013\ccsetx64.sys 2013-06-05 05:07:14 -------- d-----w- C:\windows\System32\drivers\NSTx64\7DD03030.013 2013-06-05 04:44:42 432800 ----a-w- C:\windows\System32\drivers\NAVx64\1403010.016\symnets.sys 2013-06-05 04:44:42 23448 ----a-r- C:\windows\System32\drivers\NAVx64\1403010.016\symelam.sys 2013-06-05 04:44:42 1139800 ----a-w- C:\windows\System32\drivers\NAVx64\1403010.016\symefa64.sys 2013-06-05 04:44:41 796248 ----a-w- C:\windows\System32\drivers\NAVx64\1403010.016\srtsp64.sys 2013-06-05 04:44:41 493656 ----a-w- C:\windows\System32\drivers\NAVx64\1403010.016\symds64.sys 2013-06-05 04:44:41 36952 ----a-w- C:\windows\System32\drivers\NAVx64\1403010.016\srtspx64.sys 2013-06-05 04:44:41 224416 ----a-w- C:\windows\System32\drivers\NAVx64\1403010.016\ironx64.sys 2013-06-05 04:44:41 168096 ----a-w- C:\windows\System32\drivers\NAVx64\1403010.016\ccsetx64.sys 2013-06-05 03:18:14 -------- d-----w- C:\windows\System32\drivers\NAVx64\1403010.016 2013-06-04 21:40:12 168096 ----a-r- C:\windows\System32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys 2013-06-04 21:40:08 -------- d-----w- C:\windows\System32\drivers\NSTx64\7DD03000.01A 2013-06-04 21:40:08 -------- d-----w- C:\windows\System32\drivers\NSTx64 2013-06-04 21:40:08 -------- d-----w- C:\Program Files (x86)\Norton Identity Safe 2013-06-04 21:39:28 177312 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS 2013-06-04 21:39:27 -------- d-----w- C:\Program Files\Common Files\Symantec Shared 2013-06-04 21:37:51 796248 ----a-r- C:\windows\System32\drivers\NAVx64\1403000.024\srtsp64.sys 2013-06-04 21:37:51 493656 ----a-r- C:\windows\System32\drivers\NAVx64\1403000.024\SymDS64.sys 2013-06-04 21:37:51 432800 ----a-r- C:\windows\System32\drivers\NAVx64\1403000.024\symnets.sys 2013-06-04 21:37:51 36952 ----a-r- C:\windows\System32\drivers\NAVx64\1403000.024\srtspx64.sys 2013-06-04 21:37:51 23448 ----a-r- C:\windows\System32\drivers\NAVx64\1403000.024\SymELAM.sys 2013-06-04 21:37:51 224416 ----a-r- C:\windows\System32\drivers\NAVx64\1403000.024\Ironx64.sys 2013-06-04 21:37:51 168096 ----a-r- C:\windows\System32\drivers\NAVx64\1403000.024\ccSetx64.sys 2013-06-04 21:37:51 1139800 ----a-r- C:\windows\System32\drivers\NAVx64\1403000.024\SymEFA64.sys 2013-06-04 21:36:48 -------- d-----w- C:\windows\System32\drivers\NAVx64\1403000.024 2013-06-04 21:36:48 -------- d-----w- C:\windows\System32\drivers\NAVx64 2013-06-04 21:36:44 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus 2013-06-04 21:34:10 -------- d-----w- C:\Program Files (x86)\NortonInstaller 2013-06-04 17:24:35 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{06698115-670B-4135-A0B6-1B46C1A99B57}\mpengine.dll 2013-06-04 04:51:36 -------- d-----w- C:\Users\Vanessa\AppData\Local\{2ECA0655-9D84-451E-B7F6-9EBD8B952DB2} 2013-05-31 07:09:26 -------- d-----w- C:\Users\Vanessa\AppData\Roaming\Malwarebytes 2013-05-31 07:09:05 -------- d-----w- C:\ProgramData\Malwarebytes 2013-05-22 00:43:17 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe 2013-05-22 00:43:17 209472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll 2013-05-21 02:15:01 -------- d-----w- C:\Users\Vanessa\AppData\Local\{6DFFB322-3CBD-42ED-9A0F-F9D18F3C7D06} . ==================== Find3M ==================== . 2013-06-17 06:45:36 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-06-17 06:45:35 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-12 17:23:14 185344 ----a-w- C:\windows\SysWow64\elshyph.dll 2013-06-12 17:23:13 226304 ----a-w- C:\windows\System32\elshyph.dll 2013-06-12 17:23:12 158720 ----a-w- C:\windows\SysWow64\msls31.dll 2013-06-12 17:23:10 719360 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll 2013-06-12 17:23:10 150528 ----a-w- C:\windows\SysWow64\iexpress.exe 2013-06-12 17:23:10 138752 ----a-w- C:\windows\SysWow64\wextract.exe 2013-06-12 17:23:09 523264 ----a-w- C:\windows\SysWow64\vbscript.dll 2013-06-12 17:23:00 38400 ----a-w- C:\windows\SysWow64\imgutil.dll 2013-06-12 17:23:00 137216 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2013-06-12 17:23:00 12800 ----a-w- C:\windows\SysWow64\mshta.exe 2013-06-08 12:28:46 2706432 ----a-w- C:\windows\System32\mshtml.tlb 2013-06-08 11:13:19 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-05-17 01:25:57 1767936 ----a-w- C:\windows\SysWow64\wininet.dll 2013-05-17 01:25:27 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-05-17 01:25:26 61440 ----a-w- C:\windows\SysWow64\iesetup.dll 2013-05-17 01:25:26 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll 2013-05-17 00:59:03 2241024 ----a-w- C:\windows\System32\wininet.dll 2013-05-17 00:58:10 3958784 ----a-w- C:\windows\System32\jscript9.dll 2013-05-17 00:58:08 67072 ----a-w- C:\windows\System32\iesetup.dll 2013-05-17 00:58:08 136704 ----a-w- C:\windows\System32\iesysprep.dll 2013-05-14 12:23:25 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe 2013-05-14 08:40:13 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe 2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll 2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll 2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-05-02 15:29:56 278800 ------w- C:\windows\System32\MpSigStub.exe 2013-04-26 05:51:36 751104 ----a-w- C:\windows\System32\win32spl.dll 2013-04-26 04:55:21 492544 ----a-w- C:\windows\SysWow64\win32spl.dll 2013-04-25 23:30:32 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll 2013-04-17 07:02:06 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll 2013-04-17 06:24:46 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll 2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys 2013-04-10 06:01:54 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys 2013-04-10 06:01:53 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\windows\System32\win32k.sys 2013-03-31 22:52:16 1887232 ----a-w- C:\windows\System32\d3d11.dll 2013-03-20 19:32:09 21712 ----a-w- C:\windows\SysWow64\drivers\DrvAgent64.SYS 2013-03-20 04:35:08 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2013-03-20 04:35:08 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll . ============= FINISH: 2:01:52.05 =============== ATTACH . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 8/16/2011 9:26:04 PM System Uptime: 6/17/2013 12:09:31 AM (2 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | CPU | 1196/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 285 GiB total, 195.427 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: BHDrvx64 Device ID: ROOT\LEGACY_BHDRVX64\0000 Manufacturer: Name: BHDrvx64 PNP Device ID: ROOT\LEGACY_BHDRVX64\0000 Service: BHDrvx64 . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Virtual WiFi Miniport Adapter Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&E456F50&1&02 Manufacturer: Microsoft Name: Microsoft Virtual WiFi Miniport Adapter #2 PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&E456F50&1&02 Service: vwifimp . Class GUID: Description: Ethernet Controller Device ID: PCI\VEN_1969&DEV_2060&SUBSYS_FF1E1179&REV_C1\4&2FDD9018&0&00E0 Manufacturer: Name: Ethernet Controller PNP Device ID: PCI\VEN_1969&DEV_2060&SUBSYS_FF1E1179&REV_C1\4&2FDD9018&0&00E0 Service: . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: AntiLog32 Device ID: ROOT\LEGACY_ANTILOG32\0000 Manufacturer: Name: AntiLog32 PNP Device ID: ROOT\LEGACY_ANTILOG32\0000 Service: AntiLog32 . ==== System Restore Points =================== . RP306: 6/8/2013 12:39:45 AM - Installed Simple Adblock RP307: 6/9/2013 7:00:30 PM - Windows Backup RP309: 6/11/2013 4:09:38 PM - Windows Backup RP308: 6/11/2013 6:26:09 PM - Restore Operation RP310: 6/11/2013 9:35:06 PM - Windows Update RP312: 6/12/2013 9:57:28 AM - Windows Update RP313: 6/13/2013 1:09:25 AM - Windows Update RP314: 6/14/2013 6:08:26 PM - Removed Mumble 1.2.3 RP315: 6/16/2013 2:18:29 AM - Windows Update RP316: 6/16/2013 3:00:13 AM - Windows Update RP317: 6/16/2013 10:07:10 PM - Windows Backup . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) Best Buy pc app Conexant HD Audio D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Intel® Graphics Media Accelerator Driver Label@Once 1.0 League of Legends Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 Mozilla Firefox 21.0 (x86 en-US) Mozilla Maintenance Service MSVCRT Norton AntiVirus Norton Identity Safe PlayReady PC Runtime x86 Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition Skype™ 6.5 swMSM Synaptics Pointing Device Driver System Requirements Lab CYRI System Requirements Lab for Intel TOSHIBA Application Installer TOSHIBA Assist TOSHIBA Disc Creator TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application ToshibaRegistration Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack . ==== Event Viewer Messages From Past Week ======== . 6/17/2013 12:10:30 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 6/16/2013 2:13:18 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. 6/16/2013 2:11:18 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/16/2013 2:11:18 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/16/2013 10:08:46 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 6/16/2013 10:08:46 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running. 6/16/2013 10:07:48 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 6/16/2013 10:06:46 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s). 6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/16/2013 10:06:46 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/16/2013 10:06:46 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The pipe has been ended. 6/15/2013 6:05:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80052fb610, 0x0000000000000000, 0x000007fffffa8000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 061513-23618-01. 6/15/2013 3:16:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 6/14/2013 2:02:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f87bba, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 061413-86362-01. 6/13/2013 7:00:25 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MICHELLE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF0FD1F9-DD25-49DF-883A-289A7CB0978A}. The master browser is stopping or an election is being forced. 6/13/2013 10:57:57 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough storage is available to complete this operation. 6/12/2013 7:16:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NAV service. 6/12/2013 2:22:30 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 6/11/2013 9:56:05 PM, Error: Service Control Manager [7023] - The IKE and AuthIP IPsec Keying Modules service terminated with the following error: Load failed 6/11/2013 9:22:26 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s). 6/11/2013 6:43:25 PM, Error: Service Control Manager [7030] - The CGPS Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 6/11/2013 4:37:43 PM, Error: Service Control Manager [7034] - The Problem Reports and Solutions Control Panel Support service terminated unexpectedly. It has done this 1 time(s). 6/11/2013 3:06:26 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 6/11/2013 2:46:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 6/11/2013 2:30:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 6/11/2013 2:29:11 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 6/11/2013 2:29:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 6/11/2013 2:29:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 6/11/2013 2:28:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/11/2013 2:28:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 6/11/2013 2:28:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NAV ccSet_NST discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6 6/11/2013 2:28:15 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800021b9bba, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 061113-25240-01. 6/11/2013 2:21:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8004cf33ef, 0x0000000000000000, 0x000000007efa003c). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 061113-22276-01. . ==== End Of File ===========================
  16. Hi There, I desperately need help. My computer gets many popups (including something called "chitka") but no malware or virus is detected on my computer. The computer is occasionally redirected to other websites as well. I have Webroot and they ran some diagnostics and are stating the computer is clean. The popup blocker is also on. Can anyone please help? Thank you.
  17. My Computer is infected with Magnipic. Computer is windows xp home. Scanned with adwcleaner but lost file and used revouninstaller to delete magnipic. I can only start computer at safe mode. I can download stuff. Magnipic doesen't show up in windows task manager.
  18. Hi! I've had several of my friends try to help me fix my little problem. I was on Deviantart when a (I'm guessing) fake java update popped up. On the phone and only half paying attention, I clicked something like "remind me later" or whatever (I wasn't really paying attention), and about an hour later I start hearing these Ads, but there's nothing there for me to exit out of them. They do not redirect me to anything. It's been about two weeks, and I've literally tried everything I could! Please help, I can't play any computer games because it lags, or the Ads overpower the sound!
  19. My computer has been slower than usual lately when it comes to my internet connection. Frequent latency spikes and when i ran speed tests, upload were around 1-4mbs when my usual is 10mbs. Ventrilo would constantly freeze due to lag and I'd have todisconnect and reconnect constantly. Also experienced lag spikes while gaming. I had planned to run a scan in safe mode but realized i couldnt get into safe mode through normal means....though i might have just been hitting f8 at the wrong time because i can get in safe mode easily now....but i ended up following a guide to find whatever might have been stop me from getting in safe mode. I can't remember most of them but it included Malwarebytes, HitmanPro, and combofix. Malwarebyte found nothing but others detected things and removed things. I dont have the original log from ComboFix either because the guide told me to uninstall it after. After realizing i could access safe mode i ran a few different scans in safe mode. Main one i'm concerned about now was one i did with ViperRescue. ViperRescue came up with 3 trojans in 3 game files. "trojan.win32.generic bt" was the trojan in each file. ViperRescue said it cured it...i think by quarantining the file..but i looked the trojan up anyway. The first few sites on google about the trojan say it alters things in my computer though they all had different methods of removing it through regedit and other things. I later found a thread on here about someone with the same trojan and the person on there suggested ComboFix and posting the logs so i did that, in safe mode(not sure if that matters) and now here i am writing this post. Not sure if this matters but i did the dds after already running th combofix. Also, i noticed in all of these Window Defender is there...but i never installed it and it isn't in my control panel like it is on my Windows 8 laptop. Any help would be greatly appreciated DDS BELOW DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16483 Run by Stefan at 21:42:09 on 2013-05-28 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6142.4506 [GMT -4:00] . AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\HitmanPro\hmpsched.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Windows\SysWOW64\XSrvSetup.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\msiexec.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\alg.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: ATLAS Toolbar: {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: ATLAS Toolbar: {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:60 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\Atlscript.html IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://tera.hangame.com/common/activex/HanSetup1040.cab DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab TCP: Interfaces\{01A80F9A-3591-479F-926E-078D948B6B9A} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{4944E631-A946-47F0-9BB6-97F1867BBA78} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{F079B80C-782F-407C-91DC-B8FAD14490DC} : NameServer = 192.168.1.1 TCP: Interfaces\{F079B80C-782F-407C-91DC-B8FAD14490DC}\B4962796E6F6 : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-mStart Page = about:blank x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [Linksys Wireless Manager] "C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033 x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\1kc28apw.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q= FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-05-22 21:55; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF - ExtSQL: 2013-05-22 21:55; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF - ExtSQL: 2013-05-22 21:55; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF - ExtSQL: 2013-05-22 21:55; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF - ExtSQL: 2013-05-22 21:55; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF - ExtSQL: !HIDDEN! 2011-03-10 16:46; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . ============= SERVICES / DRIVERS =============== . R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-2-5 21544] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504] R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-1-14 55056] R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448] R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2012-2-20 57976] R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-5-15 2467664] R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-5-27 109352] R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2011-2-5 72304] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264] R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-1-14 29016] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-1-14 29528] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-11-20 75776] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-11-20 177152] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2013-1-14 356376] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 JRSKD24;JRSKD24;C:\Windows\System32\JRSKD24.SYS [2011-6-20 12824] S3 JRSUKD25;JRSUKD25;C:\Windows\System32\JRSUKD25.SYS [2011-6-20 15768] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2013-2-25 2426672] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-19 19456] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-5 346144] S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2011-8-19 30720] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-19 57856] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-24 1255736] . =============== Created Last 30 ================ . 2013-05-29 01:06:25 -------- d-sh--w- C:\$RECYCLE.BIN 2013-05-29 00:51:50 98816 ----a-w- C:\Windows\sed.exe 2013-05-29 00:51:50 256000 ----a-w- C:\Windows\PEV.exe 2013-05-29 00:51:50 208896 ----a-w- C:\Windows\MBR.exe 2013-05-28 05:41:48 -------- d-----w- C:\Users\Stefan\AppData\Roaming\Auslogics 2013-05-28 05:41:43 -------- d-----w- C:\Program Files (x86)\Auslogics 2013-05-28 05:32:49 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat 2013-05-28 05:32:49 -------- d-----w- C:\ProgramData\iolo 2013-05-28 04:54:40 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2013-05-28 04:04:50 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-05-28 04:04:49 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-28 03:46:03 12872 ----a-w- C:\Windows\System32\bootdelete.exe 2013-05-28 03:26:07 -------- d-----w- C:\Program Files\HitmanPro 2013-05-28 03:25:14 -------- d-----w- C:\ProgramData\HitmanPro 2013-05-28 00:34:19 -------- d-----w- C:\Program Files\Ventrilo 2013-05-27 16:45:10 -------- d-----w- C:\Users\Stefan\AppData\Roaming\ParetoLogic 2013-05-27 16:45:10 -------- d-----w- C:\Users\Stefan\AppData\Roaming\DriverCure 2013-05-27 16:45:03 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic 2013-05-27 16:45:01 -------- d-----w- C:\ProgramData\ParetoLogic 2013-05-27 16:45:01 -------- d-----w- C:\Program Files (x86)\ParetoLogic 2013-05-27 16:36:00 -------- d-----w- C:\TDSSKiller_Quarantine 2013-05-27 12:28:35 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3FCAF943-633A-4AE5-91F3-205612751269}\mpengine.dll 2013-05-23 01:37:57 64856 ----a-w- C:\Windows\System32\klfphc.dll 2013-05-23 01:36:35 -------- d-----w- C:\Windows\ELAMBKUP 2013-05-23 01:36:33 -------- d-----w- C:\ProgramData\Kaspersky Lab 2013-05-23 01:36:33 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab 2013-05-23 01:36:26 90208 ----a-w- C:\Windows\System32\drivers\klflt.sys 2013-05-22 18:05:11 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2013-05-21 12:14:37 49152 ----a-r- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{C109AF5B-69D0-4C93-B360-F28D9FAB6084}\NewShortcut1_C109AF5B69D04C93B360F28D9FAB6084.exe 2013-05-21 12:11:18 49152 ----a-r- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}\NewShortcut1_502499DC2EDB45A28F7C83E6E5DE067E.exe 2013-05-21 12:10:50 -------- d-----w- C:\illusion 2013-05-16 23:24:18 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll 2013-05-11 23:38:14 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-05-11 23:38:09 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-05-10 07:57:26 187456 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2013-05-10 07:57:26 187456 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll 2013-05-03 23:52:54 -------- d-----w- C:\gravity . ==================== Find3M ==================== . 2013-05-23 01:55:46 55056 ----a-w- C:\Windows\System32\drivers\kltdi.sys 2013-05-23 01:55:46 178448 ----a-w- C:\Windows\System32\drivers\kneps.sys 2013-05-21 21:27:44 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-21 21:27:44 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-05-11 23:37:56 971680 ----a-w- C:\Windows\System32\deployJava1.dll 2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe . ============= FINISH: 21:42:56.78 =============== ATTACH BELOW attach.txt LOG FROM THE SECOND COMBOFIX I RAN ComboFix 13-05-28.02 - Stefan 05/28/2013 20:53:17.2.8 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6142.4803 [GMT -4:00] Running from: c:\users\Stefan\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\wininit.ini F:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-29 ))))))))))))))))))))))))))))))) . . 2013-05-28 05:41 . 2013-05-28 05:43 -------- d-----w- c:\users\Stefan\AppData\Roaming\Auslogics 2013-05-28 05:41 . 2013-05-28 05:41 -------- d-----w- c:\program files (x86)\Auslogics 2013-05-28 05:32 . 2013-05-28 05:39 -------- d-----w- c:\programdata\iolo 2013-05-28 05:32 . 2013-05-28 05:32 74703 ----a-w- c:\windows\SysWow64\mfc45.dat 2013-05-28 04:54 . 2013-05-28 04:55 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2013-05-28 04:04 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll 2013-05-28 04:04 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-28 04:04 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-05-28 04:02 . 2013-05-28 04:02 -------- d-----w- c:\program files\Microsoft Silverlight 2013-05-28 04:02 . 2013-05-28 04:02 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2013-05-28 03:46 . 2013-05-28 03:46 12872 ----a-w- c:\windows\system32\bootdelete.exe 2013-05-28 03:26 . 2013-05-28 03:26 -------- d-----w- c:\program files\HitmanPro 2013-05-28 03:25 . 2013-05-28 03:35 -------- d-----w- c:\programdata\HitmanPro 2013-05-28 00:34 . 2013-05-28 00:34 -------- d-----w- c:\program files\Ventrilo 2013-05-27 16:45 . 2013-05-27 16:45 -------- d-----w- c:\users\Stefan\AppData\Roaming\ParetoLogic 2013-05-27 16:45 . 2013-05-27 16:45 -------- d-----w- c:\users\Stefan\AppData\Roaming\DriverCure 2013-05-27 16:45 . 2013-05-27 16:45 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic 2013-05-27 16:45 . 2013-05-27 16:45 -------- d-----w- c:\programdata\ParetoLogic 2013-05-27 16:45 . 2013-05-27 16:45 -------- d-----w- c:\program files (x86)\ParetoLogic 2013-05-27 16:36 . 2013-05-27 16:36 -------- d-----w- C:\TDSSKiller_Quarantine 2013-05-27 12:28 . 2013-05-14 05:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FCAF943-633A-4AE5-91F3-205612751269}\mpengine.dll 2013-05-23 01:37 . 2013-01-14 18:55 64856 ----a-w- c:\windows\system32\klfphc.dll 2013-05-23 01:36 . 2013-05-23 01:36 -------- d-----w- c:\windows\ELAMBKUP 2013-05-23 01:36 . 2013-05-29 00:48 -------- d-----w- c:\programdata\Kaspersky Lab 2013-05-23 01:36 . 2013-05-23 01:36 -------- d-----w- c:\program files (x86)\Kaspersky Lab 2013-05-23 01:36 . 2013-05-23 01:55 620128 ----a-w- c:\windows\system32\drivers\klif.sys 2013-05-23 01:36 . 2013-05-23 01:55 90208 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-05-22 18:05 . 2013-05-22 18:05 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2013-05-21 12:14 . 2013-05-21 12:14 49152 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{C109AF5B-69D0-4C93-B360-F28D9FAB6084}\NewShortcut1_C109AF5B69D04C93B360F28D9FAB6084.exe 2013-05-21 12:11 . 2013-05-21 12:11 49152 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}\NewShortcut1_502499DC2EDB45A28F7C83E6E5DE067E.exe 2013-05-21 12:10 . 2013-05-21 12:11 -------- d-----w- C:\illusion 2013-05-11 23:38 . 2013-05-11 23:37 311200 ----a-w- c:\windows\system32\javaws.exe 2013-05-11 23:38 . 2013-05-11 23:37 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-05-11 23:38 . 2013-05-11 23:38 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-05-11 23:38 . 2013-05-11 23:37 188832 ----a-w- c:\windows\system32\javaw.exe 2013-05-11 23:38 . 2013-05-11 23:37 188320 ----a-w- c:\windows\system32\java.exe 2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2013-05-03 23:52 . 2013-05-03 23:52 -------- d-----w- C:\gravity . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-23 01:55 . 2013-01-14 18:55 55056 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-05-23 01:55 . 2012-08-13 20:49 178448 ----a-w- c:\windows\system32\drivers\kneps.sys 2013-05-21 21:27 . 2012-03-30 16:31 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-21 21:27 . 2011-05-19 17:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-11 23:37 . 2011-09-17 02:37 971680 ----a-w- c:\windows\system32\deployJava1.dll 2013-05-09 10:17 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-03 20:15 . 2010-05-24 21:32 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-02 06:06 . 2010-05-24 21:23 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-05-28 04:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-28 04:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-28 04:00 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-28 04:00 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-28 04:00 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-28 04:00 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-04 18:50 . 2011-11-09 11:53 25928 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-01-14 356376] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2013-3-13 3458968] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-22 21544] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504] R1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-05-23 55056] R1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-05-23 178448] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-05-25 57976] R2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-05-15 2467664] R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-05-28 109352] R2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304] R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-07 31272] R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2011-06-20 12824] R3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2011-06-20 15768] R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-01-14 29016] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-01-14 29528] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2013-02-25 2426672] R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-05 50800] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144] R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1255736] R3 X6va005;X6va005;c:\users\Stefan\AppData\Local\Temp\0052CA5.tmp [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3652652649-1025549001-1711070373-1000Core.job - c:\users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 20:32] . 2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3652652649-1025549001-1711070373-1000UA.job - c:\users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 20:32] . 2013-05-27 c:\windows\Tasks\ParetoLogic Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2013-05-28 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job - c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-05-07 22:47] . 2013-05-28 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-05-07 22:47] . 2013-05-27 c:\windows\Tasks\RegCure Pro.job - c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2013-05-07 22:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584] "Linksys Wireless Manager"="c:\program files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;<local> IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{4944E631-A946-47F0-9BB6-97F1867BBA78}: DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{F079B80C-782F-407C-91DC-B8FAD14490DC}: NameServer = 192.168.1.1 DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://tera.hangame.com/common/activex/HanSetup1040.cab FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\1kc28apw.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q= FF - ExtSQL: 2013-05-22 21:55; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF - ExtSQL: 2013-05-22 21:55; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF - ExtSQL: 2013-05-22 21:55; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF - ExtSQL: 2013-05-22 21:55; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF - ExtSQL: 2013-05-22 21:55; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF - ExtSQL: !HIDDEN! 2011-03-10 16:46; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005] "ImagePath"="\??\c:\users\Stefan\AppData\Local\Temp\0052CA5.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3652652649-1025549001-1711070373-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3652652649-1025549001-1711070373-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-3652652649-1025549001-1711070373-1000\Software\SecuROM\License information*] "datasecu"=hex:fa,f1,62,c8,ea,cc,2a,4b,5f,a0,8c,cf,a7,53,22,4f,4d,01,37,de,8c, 0f,58,ee,c9,57,03,1b,42,dd,ba,8c,0c,f5,e7,db,19,ab,cf,17,fd,d9,c3,b1,37,d4,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-05-28 21:01:18 ComboFix-quarantined-files.txt 2013-05-29 01:01 . Pre-Run: 291,398,799,360 bytes free Post-Run: 291,320,528,896 bytes free . - - End Of File - - 2CA50A5F345856AE02C4A790B2A9A1B3
  20. RUNDLL _WHNSKE.init problem. The specified module could not be found. This is happening when I connect flash drive to my system. A shortcut is getting created and when I double click it to open, above mentioned error occurs. Can you help?
  21. Hey, I'm pretty new to dealing with Viruses, and this is the first time I've posted on a forum about it. This morning, I got infected with this Privitize VPN crap, but I only noticed it after I found that the processes in the task manager were filled to the brim with something called Magnipic, and after some research, I've found it was because of this Privitize I accidentally downloaded. Now, I'm running a full scan with MWB as we speak, but after looking through some old threads on other sites, I've come to the conclusion that I'll have to do a bit more than just that if I'm to be free of this thing. Seeing as I'm new to this, I don't know how to post those computer logs or anything, so if anyone could tell me how to do that, it'd be much appreciated.
  22. Hi, Malwarebytes Pro user here for a few months. I have to say, it's been worth the investment. Especially after this started happening around midnight. So... Many Times? Well, 25 times since midnight CST to be exact. I tried both Firefox and Chrome and got the block on both programs. Only other program I've had open today was Steam. 2013/04/16 16:09:36 -0500 IP-BLOCK 157.238.74.128 (Type: outgoing, Port: 65310, Process: chrome.exe) 2013/04/16 16:09:36 -0500 IP-BLOCK 157.238.74.128 (Type: outgoing, Port: 65311, Process: chrome.exe) 2013/04/16 16:32:09 -0500 IP-BLOCK 157.238.74.128 (Type: outgoing, Port: 49741, Process: firefox.exe) 2013/04/16 16:32:09 -0500 IP-BLOCK 157.238.74.128 (Type: outgoing, Port: 49753, Process: firefox.exe) I've seen it block a few over the last few months... But never so many times from the same IP. Trace says it's supposedly from Engelwood Colorado? Is my computer at risk here? What do I need to do? Here's the step's I've taken so far. 1. Ran CCleaner 2. Ran Updated MSE Full Scan 3. Ran MalwareBytes Flash Scan, then Quick, then Full. Everything came back clean. I am not an IT professional. I know my way around the computer in a consumer way only; however, I can follow instructions well. Help me out here, please. Thanks in advance
  23. I have a copy of both Norton 360 and Malwarebytes Pro. Why is Norton telling me to remove Malwarebytes as it might show a conflict? How do I tell Norton to stop bugging me about this. This is Windows 7 64 bit -Rob
  24. Alrighty, so a few days ago when i booted my pc it crahed. I started trying to fix it and it worked (disabled some services) after that i saw my antivirusses and firewall, everything was off. Now when i wanted it to turn on it didnt work. I downloaded like 10 diff. Antivirusses including malwarebytes. They all had the same problem. After scanning with malwarebytes i finally found something, removed it and rebooted. Guesse what..... still cant turn on any antivirus! I really need help cuz i use this laptop for school. (Sorry for bad english im dutch) Ps. I have to sleep now.
  25. I saw a topic similar to my situation but did not know if it was the exact same. AOL is forcing me to make them my homepage and will not exit out unless I comply. Random advertisements pop up saying my computer is under serious threat, also. Please help I read the "I'm infected - What do I do now?" page and am attaching "DDS" and "Attach". dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.