Jump to content

Search the Community

Showing results for tags 'HELP'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Help, please! My other labtop was infected with this virus just now. I tried running the computer in safe mode and ran a quickscan, found 3 threats and removed them, but Smart Fortress was still there when I rebooted to Normal mode! Now I've got it back in safe mode with networking (does that make a difference?) and am running a full scan. But what do I need to do now? I don't know how to post logs and stuff so if you need them, please tell me how!
  2. Hello folks, Yesterday (Tue. 4/24/12) I was infected with the Smart Fortress 2012 virus. This is one of the standard fake anti-virus programs. It stopped me from running most programs, blocked my internet and even basic network access. Little did I know, but it also stopped my System Restore from working properly. I did some searching and found instructions on how to remove the virus by registering with its fixed registration code, which let me run programs again, then ran Malwarebytes which was supposed to remove Smart Fortress 2012. Well, it seemed to work, BUT, I still have no network connections, and of course can't access the internet. I cannot "Repair" my network connections, as when I try I get the message "Windows could not finish repairing the problem because the following action cannot be completed: Failed to query TCP/IP settings of the connection. Cannot Proceed." This happens with my Local Area Connection and Wireless connections. After a day of searching around, I've tried a few things and have exhausted my options, so I come to you for help. What I've tried: netsh int ip reset reset.log netsh int ipv6 reset reset.log netsh winsock reset catalog ipconfig /flushdns Also, when I run "ipconfig /all", I only get this message: "An internal error occurred: The request is not supported." So then after more research, I tried running a system restore going back to a restore point of a day before the infection (Mon. 4/23/12) and even last week. No success. It lets me choose a date to restore to/from, then goes through its process, reboots, etc. then tells me that no changes were made. It does NOT re-install the Smart Fortress 2012 virus, however, thankfully. It just seems like the virus has somehow disabled system restore from working properly. As it stands, I seem to have two issues. I think Smart Fortress 2012 is removed, but some of the changes it made seem to be left-over. Issue #1: No network connectivity Issue #2: System restore not working properly (but not disabled) I've followed the instructions to download and run dss.com. I am including the DSS.txt and Attach.txt logs below, generated by running dss.com. I will truly appreciate any assistance you can offer. THANK YOU! Here's DDS.TXT: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24 Run by greerste at 23:19:11 on 2012-04-25 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2972.1951 [GMT -5:00] . AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} FW: McAfee Host Intrusion Prevention Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\WINDOWS\System32\svchost.exe -k netsvcs c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe C:\Program Files\ActivIdentity\ActivClient\acautoup.exe C:\Program Files\ActivIdentity\ActivClient\accoca.exe C:\WINDOWS\system32\agrsmsvc.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\oracle\ora92\bin\omtsreco.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radalert.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\RA2HP\HPRAService.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\Microsoft Office Communicator\communicator.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\GetITIcon\GetITShell.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ActivIdentity\ActivClient\acsagent.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\zabkat\xplorer2_lite\xplorer2_lite.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Microsoft\BingBar\7.1.382.0\SeaPort.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://pwb.tenncare.nash.tenn/tennessee/ uWindow Title = Internet Explorer, optimized for Bing and MSN BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\office14\GROOVEEX.DLL BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.382.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.382.0\BingExt.dll" TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [COEMsgDisplay] c:\program files\hewlett-packard\pc coe\COEMsgDisplay.exe mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe" mRun: [<NO NAME>] mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe" mRun: [iDA] c:\program files\hewlett-packard\pc coe\IDA.EXE mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [GetIT] "c:\program files\hewlett-packard\getit\GetIT.exe" mRun: [safeBootTrayManager] "c:\program files\safeboot tray manager\SbTrayManager.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [PasswordRegistration] c:\windows\system32\MsPwdRegistration.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [HPRAService] c:\program files\ra2hp\HPRAService.exe mRun: [eepc_SmartClient] c:\program files\smartclient\Smart.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [GetITIcon] c:\program files\hewlett-packard\getiticon\GetITShell.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [XPOff2003Excempt] c:\program files\hewlett-packard\ast\XPOff2003Excempt.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{d25122bc-a60e-4663-b602-b01718f12044}\Icon3E5562ED7.ico uPolicies-explorer: NoWindowsUpdate = 0 (0x0) mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1) mPolicies-system: HideFastUserSwitching = 1 (0x1) mPolicies-system: DisableNT4Policy = 1 (0x1) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {E270AB82-96D5-45DB-ABE3-0BC038B92334} - c:\program files\hewlett-packard\ietoolbar\HP IE Fix.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: compaq.com Trusted Zone: compaq.com.ar Trusted Zone: compaq.com.br Trusted Zone: compaq.com.co Trusted Zone: compaq.com.mx Trusted Zone: compaq.com.sg Trusted Zone: compaq.com.ve Trusted Zone: cpqcorp.net Trusted Zone: dcu.org Trusted Zone: eds.com Trusted Zone: hp.com Trusted Zone: hpqcorp.net DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} - hxxp://10.172.117.45/qcbin/capicom.dll DPF: {857ABA85-8AB2-4C9E-8FAA-D2A963739859} - hxxps://digitalbadge.external.hp.com/hp/HPPKI.cab DPF: {87A7D186-27E6-11D3-A4CB-00C04F72C232} - hxxp://pve.corp.hp.com/APP/VIEWER/appl/sagraphicview.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://digitalbadge.external.hp.com/hp/capicom.cab DPF: {AB01FF2E-A848-410C-B47B-CB467C476AD9} - hxxps://digitalbadge.external.hp.com/hp/HPPKI.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D5B680E5-9C5F-45E0-A97C-521D4F281173} - hxxp://msps.tenncare.nash.tenn/PWA/_layouts/pwa/objects/1033/pjcintl.cab DPF: {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} - hxxp://msps.tenncare.nash.tenn/PWA/_layouts/pwa/objects/pjclient.cab DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://10.172.117.45/qcbin/Spider10.cab TCP: DhcpNameServer = 10.170.0.2 10.170.1.2 TCP: Interfaces\{6717FA1B-0E1C-4890-AF23-69A72DE7112C} : DhcpNameServer = 10.170.0.2 10.170.1.2 Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL Notify: ackpbsc - c:\windows\system32\ackpbsc.dll Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\office14\GROOVEEX.DLL LSA: Notification Packages = SbNp scecli mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" mASetup: {922E8525-AC7E-4294-ACAA-43712D4423C0} - "c:\program files\common files\hewlett-packard\actset\HpActSet.exe" mASetup: {9AC2D554-AC12-4F1F-AAB9-E6363ADE5381} - "c:\program files\common files\hewlett-packard\actset\HpActSet.exe" mASetup: {AC194855-F7AC-4D04-B4C9-07BA46FCB697} - "c:\program files\common files\hewlett-packard\actset\HpActSet.exe" mASetup: {E5BA0430-919F-46DD-B656-0796F8A5ADFF} - msiexec /fu {E5BA0430-919F-46DD-B656-0796F8A5ADFF} /qn . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\greerste\application data\mozilla\firefox\profiles\5os093az.default\ FF - prefs.js: browser.search.defaulturl - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=MOZO FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?form=MOZPLB&pc=MOZO&q= FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\progra~1\office14\NPAUTHZ.DLL FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-14 344304] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-3-11 56208] R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2009-3-25 103760] R0 SBAlg;SBAlg;c:\windows\system32\drivers\SbAlg.sys [2008-8-13 44976] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2009-3-25 6496] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-5-1 24064] R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208] R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-3-11 71440] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-3-11 164112] R1 RsvLock;RsvLock;c:\windows\system32\drivers\RsvLock.sys [2009-3-25 33328] R1 SbFlop;SbFlop;c:\windows\system32\drivers\SbFlop.sys [2009-3-25 34480] R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\SbPrcCtl.sys [2009-3-25 15248] R2 acautoup;ActivClient Auto-Update Service;c:\program files\actividentity\activclient\acautoup.exe [2009-9-14 46120] R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2009-9-14 198184] R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2010-6-15 1498224] R2 FIMPasswordReset;Forefront Identity Manager Password Reset Client Service;c:\program files\microsoft forefront identity manager\2010\password reset client service\PwdMgmtProxy.exe [2012-1-28 75608] R2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2011-4-25 35696] R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2009-12-16 222528] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-1-6 22816] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-5-19 120128] R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-1-6 147472] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-1-6 66896] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-9-14 69192] R2 radsched;HPCA Scheduler Daemon;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radsched.exe [2010-4-21 190184] R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-3-11 931640] R2 SafeBootClientManager;SafeBoot Client Manager;c:\program files\mcafee\endpoint encryption for pc\SbClientManager.exe [2009-3-25 380988] R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960] R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [2007-4-6 13619] R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [2009-9-14 9493] R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [2007-4-6 13647] R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [2009-9-14 10161] R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.382.0\SeaPort.EXE [2012-4-16 240208] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-5-24 193840] R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2009-9-14 44680] R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2009-9-14 107960] R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2009-9-14 38680] R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2009-9-14 35552] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-17 41216] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-4-25 32072] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-25 40776] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-14 91832] R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-8 21520] S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.382.0\BBSvc.EXE [2012-4-16 193616] S2 radexecd;HPCA Notify Daemon;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radexecd.exe [2010-4-21 300776] S2 Radstgms;HPCA MSI Redirector;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\Radstgms.exe [2010-4-21 333544] S3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [2007-12-11 27008] S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2009-9-14 44680] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-14 43288] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-9-14 66600] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\office14\GROOVE.EXE [2011-6-12 31125880] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 RadiaMsi;RadiaMsi;c:\windows\system32\drivers\radiamsi.sys [2009-9-10 29072] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2009-9-14 14336] S3 WISOVD;WISOVD;\??\c:\program files\winiso computing\winiso\bin\driver\wisovd_xp.sys --> c:\program files\winiso computing\winiso\bin\driver\WISOVD_xp.sys [?] . =============== Created Last 30 ================ . 2012-04-26 04:04:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-04-26 04:04:49 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-04-26 03:11:24 -------- d-----w- c:\program files\VS Revo Group 2012-04-26 02:00:34 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2012-04-26 00:26:14 40328 ----a-w- c:\windows\system32\HIPIS0e011b5.dll 2012-04-25 19:01:44 -------- d-----w- C:\REGISTRY BACKUP 2012-04-24 21:12:34 -------- d-----w- c:\documents and settings\greerste\application data\Malwarebytes 2012-04-24 21:11:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-04-24 21:11:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-24 21:11:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-24 20:56:39 389120 ----a-w- c:\windows\system32\explorer.exe 2012-04-24 18:47:58 -------- d-----w- c:\documents and settings\greerste\local settings\application data\{F7C06562-8E3D-11E1-826D-B8AC6F996F26} 2012-04-24 18:47:33 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-04-24 18:46:54 -------- d-----w- c:\documents and settings\all users\application data\F4D55F3B002F77DD0003FDA7D151FC4E 2012-04-23 14:42:33 8071760 ----a-w- c:\documents and settings\all users\application data\microsoft\bingbar\bbsvc\7.1.382.0oemBingBarSetup-Partner.EXE 2012-04-20 14:33:44 -------- d-----w- c:\documents and settings\greerste\application data\HpUpdate 2012-04-20 14:33:35 -------- d-----w- c:\windows\Hewlett-Packard 2012-04-13 08:24:22 -------- d-----w- c:\program files\FastStone Image Viewer 2012-04-13 07:17:11 -------- d-----w- c:\documents and settings\greerste\local settings\application data\photoOptimizeHistoryDataBase 2012-04-13 07:17:10 -------- d-----w- c:\documents and settings\greerste\local settings\application data\Ashampoo Photo Optimizer 3 2012-04-13 07:14:06 -------- d-----w- c:\documents and settings\all users\Documents 2012-04-13 07:13:55 -------- d-----w- c:\program files\Ashampoo 2012-04-13 07:08:01 -------- d-----w- c:\documents and settings\greerste\application data\XnView 2012-04-13 07:04:44 -------- d-----w- c:\program files\XnView 2012-04-13 07:03:19 -------- d-----w- c:\program files\IrfanView 2012-04-01 05:20:56 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-04-01 05:20:56 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2012-04-01 05:19:46 -------- d-----w- c:\program files\iPod 2012-04-01 05:19:42 -------- d-----w- c:\program files\iTunes 2012-04-01 05:19:42 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2012-04-01 05:18:37 -------- d-----w- c:\program files\Bonjour . ==================== Find3M ==================== . 2012-04-13 03:47:32 143008 ----a-w- c:\windows\system32\KevlarSigs.dll 2012-03-11 18:48:50 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2012-03-09 17:09:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec 2012-02-14 17:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-29 02:01:10 29528 ----a-w- c:\windows\system32\MsPwdGina.dll 2012-01-29 02:01:10 26984 ----a-w- c:\windows\system32\MsPwdRegistration.exe 2012-01-29 02:01:09 1242464 ----a-w- c:\windows\system32\GateFramework.dll . ============= FINISH: 23:22:04.42 =============== Here's Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 5/24/2010 9:37:18 PM System Uptime: 4/25/2012 7:23:01 PM (4 hours ago) . Motherboard: Hewlett-Packard | | 30DD Processor: Intel® Core2 Duo CPU T9600 @ 2.80GHz | Intel® Genuine processor | 2793/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 30.908 GiB free. D: is Removable H: is FIXED (NTFS) - 932 GiB total, 792.708 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318} Description: Communications Port Device ID: ACPI\PNP0501\5&2239DA31&0 Manufacturer: (Standard port types) Name: Communications Port (COM1) PNP Device ID: ACPI\PNP0501\5&2239DA31&0 Service: Serial . Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318} Description: CD-ROM Drive Device ID: IDE\CDROMHP_DVDRAM_GT30L_________________________MP04____\4&6FF1A8C&0&0.1.0 Manufacturer: (Standard CD-ROM drives) Name: hp DVDRAM GT30L PNP Device ID: IDE\CDROMHP_DVDRAM_GT30L_________________________MP04____\4&6FF1A8C&0&0.1.0 Service: cdrom . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . RP450: 3/7/2012 12:27:20 PM - System Checkpoint RP451: 3/8/2012 2:31:14 PM - System Checkpoint RP452: 3/8/2012 4:14:50 PM - Installed Windows Internet Explorer 8. RP453: 3/8/2012 4:16:11 PM - Software Distribution Service 3.0 RP454: 3/9/2012 4:56:04 PM - System Checkpoint RP455: 3/10/2012 7:52:49 PM - System Checkpoint RP456: 3/11/2012 11:12:32 PM - Software Distribution Service 3.0 RP457: 3/12/2012 11:41:49 PM - System Checkpoint RP458: 3/13/2012 9:07:26 AM - Installed Rapport RP459: 3/14/2012 11:05:57 AM - System Checkpoint RP460: 3/14/2012 5:44:52 PM - Software Distribution Service 3.0 RP461: 3/16/2012 1:21:50 PM - System Checkpoint RP462: 3/19/2012 11:52:50 AM - System Checkpoint RP463: 3/19/2012 4:52:13 PM - Installed Windows XP KB2621440. RP464: 3/20/2012 5:12:38 PM - System Checkpoint RP465: 3/21/2012 7:34:30 PM - System Checkpoint RP466: 3/22/2012 10:55:10 AM - Installed SAP BusinessObjects Enterprise XI 3.1 Client Tools SP3 RP467: 3/23/2012 12:17:19 PM - System Checkpoint RP468: 3/26/2012 1:01:26 PM - System Checkpoint RP469: 3/27/2012 1:17:13 PM - System Checkpoint RP470: 3/28/2012 2:45:31 PM - System Checkpoint RP471: 3/29/2012 8:07:26 PM - System Checkpoint RP472: 3/31/2012 2:28:52 PM - System Checkpoint RP473: 4/1/2012 12:19:31 AM - Installed iTunes RP474: 4/5/2012 2:10:20 AM - System Checkpoint RP475: 4/11/2012 8:30:39 PM - System Checkpoint RP476: 4/12/2012 8:36:08 PM - System Checkpoint RP477: 4/15/2012 10:05:46 PM - System Checkpoint RP478: 4/17/2012 1:09:40 PM - System Checkpoint RP479: 4/17/2012 10:12:25 PM - Software Distribution Service 3.0 RP480: 4/18/2012 11:12:25 PM - System Checkpoint RP481: 4/20/2012 3:31:40 PM - System Checkpoint RP482: 4/23/2012 11:17:11 AM - System Checkpoint RP483: 4/24/2012 3:47:06 PM - Installed Rapport RP484: 4/25/2012 10:32:03 AM - Post 'Smart-Fortress 2012' malware removal RP485: 4/25/2012 2:31:40 PM - Restore Operation RP486: 4/25/2012 3:51:38 PM - Restore Operation RP487: 4/25/2012 5:22:29 PM - Restore Operation RP488: 4/25/2012 5:36:38 PM - Restore Operation . ==== Installed Programs ====================== . . 32 Bit HP CIO Components Installer 7-Zip 9.15 beta AC3Filter 1.63b Acrobat Professional Acrobat.com ActivClient ActivIdentity Device Installer Adobe Acrobat 9.2.0 - CPSID_50026 Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Agere Systems HDA Modem ALTools Update Anti-Twin (Installation 10/5/2010) Apple Application Support Apple Mobile Device Support Apple Software Update Ashampoo Photo Optimizer 3 v.3.13 Audacity 1.3.13 (Unicode) AudioShell 1.3.5 Auslogics Disk Defrag Avaya CMS Supervisor R15 Belarc Advisor 8.2 Bing Bar Bonjour BufferChm C4400 C4400_Help Cards_Calendar_OrderGift_DoMorePlugout CCleaner Cisco Systems VPN Client 4.8.01.0300 Copy CustomerResearchQFolder Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destination Component DeviceDiscovery DeviceManagementQFolder DocProc DocProcQFolder DVD Shrink 3.2 ECL Viewer eSupportQFolder Everything 1.2.1.371 Exact Audio Copy 1.0beta3 Fast Duplicate File Finder 3.0.0.1 FastStone Image Viewer 4.6 FastStone Photo Resizer 3.1 ffdshow v1.1.3562 [2010-09-07] FFmpeg v0.6.2 for Audacity File Shredder 2.0 FileNet IDM Viewer 3.3 FLAC 1.2.1b (remove only) foobar2000 v1.1.10 Forefront Identity Manager Add-ins and Extensions FreeCommander 2009.02a Get IT Icon GetDiz GPBaseService GroupWise GroupWise Desktop Migrator GUIPDFTK Hawking Technologies HWUG1 Wireless-G USB Adapter Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB944043-v3) Hotfix for Windows XP (KB949764) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB953955) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB955567) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB961853-v2) Hotfix for Windows XP (KB969262) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB971421) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP 3D DriveGuard HP Client Automation Application Manager Agent HP Client Management Interface 1.00 D8 HP Customer Participation Program 10.0 HP Fonts HP Imaging Device Functions 10.0 HP Integrated Module with Bluetooth wireless technology HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3 HP Photosmart Essential 2.5 HP Quick Launch Buttons 6.40 D3 HP Smart Web Printing HP Solution Center 10.0 HP Update HP Virtual Rooms 8.0 HP Wireless Assistant HPPhotoSmartPhotobookWebPack1 HPProductAssistant HPSSupply ID3-TagIT 3 ImgBurn Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager Internet Explorer Self Help Tool InterVideo DVD Check InterVideo Register Manager InterVideo WinDVD IrfanView (remove only) ISO Workshop 2.0 iTunes Japanese Fonts Support For Adobe Reader 9 JDownloader 0.9 Kat CD Ripper Korean Fonts Support For Adobe Reader 9 LADSPA_plugins-win-0.4.15 Lexmark Printer Software Uninstall LightScribe System Software 1.12.37.1 Malwarebytes Anti-Malware version 1.61.0.1400 MarketResearch McAfee Agent McAfee AntiSpyware Enterprise Module McAfee Host Intrusion Prevention McAfee SiteAdvisor Enterprise Plus McAfee VirusScan Enterprise MediaMonkey 4.0 Medieval CUE Splitter Messaging API and Collaboration Data Objects 1.2.1 Microsoft .NET Framework (English) Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.0 Hotfix (KB928367) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2007 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote 2003 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Edition 2003 Microsoft Office Professional Plus 2007 Microsoft Office Professional Plus 2010 Microsoft Office Project 2007 Service Pack 3 (SP3) Microsoft Office Project MUI (English) 2007 Microsoft Office Project Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Visio 2007 Service Pack 3 (SP3) Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2003 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office Word MUI (English) 2010 Microsoft redistributable runtime DLLs VS2008 SP1(x86) Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft Software Update for Web Folders (English) 14 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft VC90 CRT + OMP Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Runtime Microsoft WSE 3.0 Runtime Monkey's Audio Mozilla Firefox 11.0 (x86 en-US) Mp3tag v2.49 MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6.0 Parser MSXML4.0 redistributable MWSnap 3 NirSoft SysExporter Notepad++ OCR Software by I.R.I.S. 10.0 Office Communicator 2007 R2 PanoStandAlone Password Safe PC COE PC COE Required Settings PC Hard Drive Maintenance PDFCreator PIXresizer 2.0.4 PS_AIO_03_C4400_ProductContext PS_AIO_03_C4400_Software PS_AIO_03_C4400_Software_Min PSSWCORE PuTTY version 0.60 QuickTime Rapport RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Remote Access to HP Network 6.2 Revo Uninstaller 1.93 Revo Uninstaller Pro 2.5.8 Roxio Activation Module Roxio Creator Audio Roxio Creator Business Roxio Creator Business v10 Roxio Creator Copy Roxio Creator Data Roxio Creator Tools Roxio Express Labeler 3 SAP Business Explorer SAP BusinessObjects Enterprise XI 3.1 Client Tools SP3 SAP GUI for Windows 7.20 SAP JNet SAP Netweaver Business Client SapInstSelectorv2 Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB2647516) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Shop for HP Supplies SmartWebPrintingOC Snagit 10 SolutionCenter StartNow Toolbar Status Sun JRE 1.6.0 Synaptics Pointing Device Driver Toolbox Trader's Little Helper 2.6.0 TrayApp UnloadSupport Unlocker 1.9.0 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2641690) Update for Windows XP (KB898461) Update for Windows XP (KB943729) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB978207) Update for Windows XP (KB980182) vcredist_x86 VideoToolkit01 VirtualDJ Home FREE VLC media player 1.1.11 WebFldrs XP WebReg Winamp Winamp Detector Plug-in Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Enterprise Deployment Windows Search 4.0 WMP Tag Plus 1.2 Xcelsius 2008 Xiph.Org Open Codecs 0.84.17359 XnView 1.98.8 XnView Shell Extension 3.2.0 XP Netlogon Service Restarter xplorer² lite 32 bit . ==== Event Viewer Messages From Past Week ======== . 4/25/2012 5:06:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/25/2012 5:06:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BANTExt Cdrom Fips Imapi intelppm IPSec mfehidk RapportKELL redbook RsvLock SbPrcCtl Tcpip 4/25/2012 5:00:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt Cdrom Fips FireTDI Imapi intelppm IPSec mfehidk mfetdik MRxSmb NetBIOS NetBT RapportKELL RasAcd Rdbss redbook RsvLock SbPrcCtl Tcpip 4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning. 4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:51:45 PM, error: Service Control Manager [7001] - The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error: The specified driver is invalid. 4/24/2012 4:51:45 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service or group failed to start. 4/24/2012 4:51:45 PM, error: Service Control Manager [7000] - The IPSEC driver service failed to start due to the following error: The specified driver is invalid. 4/24/2012 4:51:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi IPSec redbook Tcpip 4/24/2012 4:50:37 PM, error: System Error [1003] - Error code 1000000a, parameter1 000000b0, parameter2 00000002, parameter3 00000000, parameter4 804ef42a. 4/24/2012 4:48:42 PM, error: Service Control Manager [7024] - The HPCA MSI Redirector service terminated with service-specific error 0 (0x0). 4/24/2012 4:48:42 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified. 4/24/2012 4:48:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Intel® Matrix Storage Event Monitor service to connect. 4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:48:42 PM, error: Service Control Manager [7000] - The Intel® Matrix Storage Event Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/24/2012 4:48:41 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:44:30 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created. 4/24/2012 4:07:34 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/24/2012 4:07:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect. 4/24/2012 3:46:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi redbook 4/24/2012 1:52:59 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:51:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect. 4/24/2012 1:51:30 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/24/2012 1:51:00 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Enterprise Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:56 PM, error: Service Control Manager [7000] - The Forefront Identity Manager Password Reset Client Service service failed to start due to the following error: Access is denied. 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The HPCA Scheduler Daemon service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The HPCA MSI Redirector service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The Com4QLBEx service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The BingBar Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The SafeBoot Client Manager service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The OracleMTSRecoveryService service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The McAfee Task Manager service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The McAfee Engine Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Indexing Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The HPCA Notify Daemon service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The ActivClient Middleware Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The ActivClient Auto-Update Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7031] - The Forefront Identity Manager Password Reset Client Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service. 4/24/2012 1:50:30 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/24/2012 1:48:26 PM, error: Service Control Manager [7023] - The SISNICXP service terminated with the following error: The specified module could not be found. 4/23/2012 9:14:49 AM, error: Dhcp [1002] - The IP address lease 10.1.10.33 for the Network Card with network address D8D3852B4014 has been denied by the DHCP server 10.170.0.2 (The DHCP Server sent a DHCPNACK message). 4/21/2012 11:25:19 AM, error: Dhcp [1002] - The IP address lease 10.171.124.72 for the Network Card with network address D8D3852B4014 has been denied by the DHCP server 10.1.10.1 (The DHCP Server sent a DHCPNACK message). 4/21/2012 10:52:02 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code. 4/20/2012 10:23:09 AM, error: NETLOGON [5783] - The session setup to the Windows NT or Windows 2000 Domain Controller \\g4w0040.americas.hpqcorp.net for the domain AMERICAS is not responsive. The current RPC call from Netlogon on \\SGREER1 to \\g4w0040.americas.hpqcorp.net has been cancelled. 4/19/2012 9:35:00 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'BootCode.ini' on the volume 'Disk0'. It has stopped monitoring the volume. 4/19/2012 9:29:25 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/19/2012 9:11:54 AM, error: Dhcp [1002] - The IP address lease 192.168.1.6 for the Network Card with network address D8D3852B4014 has been denied by the DHCP server 10.170.0.2 (The DHCP Server sent a DHCPNACK message). 4/18/2012 10:10:31 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting. 4/18/2012 10:10:31 AM, error: NETLOGON [5719] - No Domain Controller is available for domain AMERICAS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. 4/18/2012 10:09:12 AM, error: Service Control Manager [7001] - The Windows Search service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . ==== End Of File ===========================
  3. help . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by bill at 10:37:05 on 2012-05-18 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.24 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uWindow Title = Internet Explorer, optimized for Bing and MSN uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File uRun: [Dream Aquarium] rundll32.exe "c:\documents and settings\bill\application data\garagegames\dream aquarium\kqvmhsnik.dll",DllRegisterServer uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [pAflJBODLBxfsV.exe] c:\documents and settings\all users\application data\pAflJBODLBxfsV.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey dRun: [Dream Aquarium] rundll32.exe "c:\documents and settings\bill\application data\garagegames\dream aquarium\kqvmhsnik.dll",DllRegisterServer uPolicies-explorer: ForceClassicControlPanel = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: tenderfoot.com DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{E5074258-9E30-449D-AE7B-CA86047EA775} : DhcpNameServer = 192.168.1.1 Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 03409702;03409702 Boot Guard Driver;c:\windows\system32\drivers\03409702.sys [2011-4-25 37392] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064] R1 03409701;03409701;c:\windows\system32\drivers\03409701.sys [2011-4-25 128016] S2 gupdate1c9b3fb9e9e1736;Google Update Service (gupdate1c9b3fb9e9e1736);c:\program files\google\update\GoogleUpdate.exe [2009-4-2 133104] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 257696] S3 cpudrv;cpudrv; [x] S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-2 133104] S3 Radialpoint Security Services;Verizon PC Security Checkup Service;c:\program files\verizon\pc security checkup\RpsSecurityAwareR.exe [2010-6-12 170736] S4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service; [x] . =============== Created Last 30 ================ . 2012-05-18 16:47:30 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-18 14:25:27 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9a3ca95c-694e-4568-99c6-c65235fb52f7}\offreg.dll 2012-05-18 13:46:38 6737808 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9a3ca95c-694e-4568-99c6-c65235fb52f7}\mpengine.dll 2012-05-18 13:46:38 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-18 13:42:30 -------- d-----w- c:\program files\Microsoft Security Client 2012-05-13 03:15:47 1409 ----a-w- c:\windows\system32\tmpF6ED1.FOT 2012-05-12 16:00:44 -------- d-----w- C:\fda0b42efdcfeb5f7db793275b04 . ==================== Find3M ==================== . 2012-05-05 01:51:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 01:51:09 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-21 03:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec . ============= FINISH: 10:40:12.95 =============== attach.txt dds.txt
  4. Ok so my friend has been infected with a virus that I cannot remove and from what I know, keeps duplicating itself. There is also a file that cannot be removed and says it is innaccessable, I am using teamviewer on his computer to try and help him but I cannot solve it. I also do not want to risk getting anything so I have pasted the notepads that the DDS has come up with. I am really confused at the moment, please help me fix this problem! First Notepad - DDS, as instructed I have only put this one on. If needed I will post the second one. Thank you for helping me! . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31 Run by Ariya at 16:00:14 on 2012-05-06 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2047.449 [GMT 1:00] . SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\TEMP\cqsaht\setup.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\AVG\AVG2012\avgidsagent.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Windows\system32\taskeng.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\TeamViewer\Version7\TeamViewer.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\TeamViewer\Version7\tv_w32.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\SearchProtocolHost.exe c:\program files\teamviewer\version7\TeamViewer_Desktop.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\AVG\AVG2012\avgui.exe C:\Program Files\AVG\AVG2012\avgscanx.exe C:\Windows\system32\conhost.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\conhost.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\conhost.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://uk.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110938,16939,0,8,0 mStart Page = hxxp://www.bigseekpro.com/hypercam/{DFA73CFD-DF38-4CD5-899E-CA10D0AAA329} uInternet Settings,ProxyOverride = *.local uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll uURLSearchHooks: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\hyperionics db toolbar\tbhelper.dll uURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll mURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: Fast Search: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - c:\program files\surf canyon\surfcanyon.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\hyperionics db toolbar\tbcore3.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: Hyperionics DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\hyperionics db toolbar\tbcore3.dll TB: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Facebook Update] "c:\users\ariya\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE" uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [steam] "c:\program files\steam\Steam.exe" -silent mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [<NO NAME>] mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{802EF500-5784-4DA0-9324-96140E0408C9} : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: ecojink - c:\windows\system32\config\systemprofile\appdata\local\ecojink.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\ariya\appdata\roaming\mozilla\firefox\profiles\lb07dvv8.default\ FF - prefs.js: browser.startup.homepage - hxxp://uk.foxstart.com/?rls=en:uk:zb FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3d17da72-03e7-4e12-a292-f031bbc784e8%7D&mid=713d8f2f898547d0b036bd2b2ba6d2e1-24bd564ae48e0af08340caeed311517bc1dfc63f&ds=AVG&v=11.0.0.9〈=en&pr=fr&d=2012-05-06%2014%3A27%3A50&sap=ku&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.0.2\npsitesafety.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\ariya\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll . ---- FIREFOX POLICIES ---- . . FF - user.js: extentions.y2layers.installId - 9d506fab-4967-46ed-867b-83020c78f632 FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal, . ============= SERVICES / DRIVERS =============== . R?2 AMService;AMService;c:\windows\temp\cqsaht\setup.exe run --> c:\windows\temp\cqsaht\setup.exe run [?] R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-26 176128] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288] R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-6 654408] R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-5-6 2666880] R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-5-6 932736] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-8-26 6380032] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-8-26 221696] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-8-15 101904] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-6 22344] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-15 136176] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-8-18 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-15 136176] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-6 129976] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-05-06 14:35:19 -------- d-----w- c:\users\ariya\appdata\local\{AE2CC03D-4AC1-43CF-9561-E8A6F5DE3E0B} 2012-05-06 14:34:58 -------- d-----w- c:\users\ariya\appdata\local\{F49C6BE8-D3E7-4677-A27C-0279D2E3C45E} 2012-05-06 13:29:13 -------- d-----w- c:\users\ariya\appdata\roaming\AVG2012 2012-05-06 13:28:27 -------- d-----w- c:\users\ariya\appdata\local\AVG Secure Search 2012-05-06 13:27:49 -------- d-----w- c:\programdata\AVG Secure Search 2012-05-06 13:27:43 -------- d-----w- c:\program files\common files\AVG Secure Search 2012-05-06 13:27:42 -------- d-----w- c:\program files\AVG Secure Search 2012-05-06 13:26:49 -------- d--h--w- c:\programdata\Common Files 2012-05-06 13:24:01 -------- d--h--w- C:\$AVG 2012-05-06 13:23:59 -------- d-----w- c:\windows\system32\drivers\AVG 2012-05-06 13:23:59 -------- d-----w- c:\programdata\AVG2012 2012-05-06 13:22:54 -------- d-----w- c:\program files\AVG 2012-05-06 13:19:24 -------- d-----w- c:\programdata\MFAData 2012-05-06 13:13:21 -------- d-----w- c:\program files\CCleaner 2012-05-06 13:09:34 -------- d-----w- c:\users\ariya\appdata\roaming\Malwarebytes 2012-05-06 13:09:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-06 13:09:24 -------- d-----w- c:\programdata\Malwarebytes 2012-05-06 13:09:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-06 10:37:31 -------- d-----w- c:\program files\TeamViewer 2012-05-06 08:30:00 -------- d-----w- c:\users\ariya\appdata\local\{013C2E10-695B-4A43-9878-80109372A96E} 2012-05-06 08:29:46 -------- d-----w- c:\users\ariya\appdata\local\{D9651F86-7A68-4D29-AD86-EDA0C3DB8CAC} 2012-05-05 23:28:31 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-05-05 23:28:26 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 21:58:05 -------- d-----w- c:\users\ariya\appdata\local\{F1208264-1248-4679-9FA9-AE063CE3F95A} 2012-05-05 21:57:53 -------- d-----w- c:\users\ariya\appdata\local\{A3F1BC28-D34E-4003-B376-C2F57D57662E} 2012-05-05 10:07:57 -------- d-----w- c:\users\ariya\appdata\local\{E850923D-B67C-4B02-8388-67009D2C68B8} 2012-05-05 10:07:41 -------- d-----w- c:\users\ariya\appdata\local\{AF521640-C121-44DE-BFBA-AE8D9DED5D5C} 2012-05-04 15:49:17 -------- d-----w- c:\users\ariya\appdata\local\{0CF04481-1AC8-418C-9C4B-244B8349B598} 2012-05-04 15:49:00 -------- d-----w- c:\users\ariya\appdata\local\{A793C59B-E656-4B86-9975-0DD84C98DCE1} 2012-05-03 15:33:33 -------- d-----w- c:\users\ariya\appdata\local\{CB756D30-D079-4AE1-AA69-E1512AC36B0D} 2012-05-03 15:33:20 -------- d-----w- c:\users\ariya\appdata\local\{2D28E324-9CAF-41EB-8E5E-3DBB0CABDFED} 2012-05-02 18:47:17 -------- d-----w- c:\users\ariya\appdata\local\{5619EDD7-562E-47DD-9250-63B6A93A6CA4} 2012-05-02 18:47:06 -------- d-----w- c:\users\ariya\appdata\local\{D769BD59-BF8F-4610-A1D0-919A8FDA830C} 2012-05-01 16:24:49 -------- d-----w- c:\users\ariya\appdata\roaming\LolClient 2012-05-01 15:13:05 -------- d-----w- c:\users\ariya\appdata\local\{14AECAC7-4434-4D64-A6C4-8211D14D260F} 2012-05-01 15:12:51 -------- d-----w- c:\users\ariya\appdata\local\{4A98DA7F-3669-4148-81F1-41C1FE7B5072} 2012-04-30 21:53:24 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll 2012-04-30 21:53:24 509448 ----a-w- c:\windows\system32\XAudio2_2.dll 2012-04-30 21:53:24 467984 ----a-w- c:\windows\system32\d3dx10_39.dll 2012-04-30 21:53:24 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2012-04-30 21:53:24 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2012-04-30 21:50:19 -------- d-----w- C:\Riot Games 2012-04-30 21:05:30 -------- d-----w- c:\users\ariya\appdata\local\PMB Files 2012-04-30 21:05:29 -------- d-----w- c:\programdata\PMB Files 2012-04-30 21:05:17 -------- d-----w- c:\program files\Pando Networks 2012-04-30 20:49:57 -------- d-----w- c:\users\ariya\appdata\local\{1DCB7A99-5FC7-46CA-9417-1AECA9F2C602} 2012-04-30 20:49:39 -------- d-----w- c:\users\ariya\appdata\local\{DA64DFE1-5F32-4C3C-9285-E33E89F6845F} 2012-04-29 10:19:46 -------- d-----w- c:\users\ariya\appdata\local\{78579D77-DA73-4369-81E9-8F037AC619B3} 2012-04-29 10:19:32 -------- d-----w- c:\users\ariya\appdata\local\{BAD46870-F7EE-4550-917A-3AE412514140} 2012-04-28 17:07:40 -------- d-----w- c:\users\ariya\appdata\local\{66A26ADC-A33F-4328-9247-6EFF46CFD3D5} 2012-04-28 17:07:17 -------- d-----w- c:\users\ariya\appdata\local\{2F32907E-C7A8-472E-BB3B-5FD09FAF499E} 2012-04-27 19:20:52 -------- d-----w- c:\users\ariya\appdata\local\{E4DC4BC2-EEF3-4725-9660-29C5D6F650C5} 2012-04-27 19:20:39 -------- d-----w- c:\users\ariya\appdata\local\{E70989F3-D23A-4411-8BC2-185046B953E3} 2012-04-26 17:59:19 -------- d-----w- c:\users\ariya\appdata\local\{66551C86-D07B-4372-B619-8FD6CDF5B433} 2012-04-26 17:59:06 -------- d-----w- c:\users\ariya\appdata\local\{DA3C227C-ED97-457E-9BDB-638FBF0A923A} 2012-04-25 16:16:18 -------- d-----w- c:\users\ariya\appdata\local\{2C40B425-2E08-4C58-81CB-D6372E8F2D31} 2012-04-25 16:16:01 -------- d-----w- c:\users\ariya\appdata\local\{5193273A-E37F-4CEB-90AB-D149A6D49576} 2012-04-24 19:58:50 -------- d-----w- c:\users\ariya\appdata\local\{678866A6-C6B8-44EF-BF9F-98F0F39A7A7A} 2012-04-24 19:58:35 -------- d-----w- c:\users\ariya\appdata\local\{65C30C1C-72B7-4CB4-9F32-6A181F915FB3} 2012-04-23 14:51:37 -------- d-----w- c:\users\ariya\appdata\local\{D3EA5405-C14D-48D5-993D-77B31E3E2503} 2012-04-23 14:51:24 -------- d-----w- c:\users\ariya\appdata\local\{A904C416-6BB1-45FE-AE54-58DF7C029F64} 2012-04-22 15:35:55 -------- d-----w- c:\users\ariya\appdata\local\{5E06A41B-57E1-4CA1-86B1-D8B04401860D} 2012-04-22 15:35:37 -------- d-----w- c:\users\ariya\appdata\local\{0EF008EA-92FC-4D78-9F64-83556CDAB6D4} 2012-04-21 10:06:09 -------- d-----w- c:\users\ariya\appdata\local\{9A1737FD-007A-49E7-A9B5-F268F3D295D3} 2012-04-21 10:05:56 -------- d-----w- c:\users\ariya\appdata\local\{A663394F-5F1F-4738-AD60-74C25DC587D4} 2012-04-20 20:07:05 -------- d-----w- c:\users\ariya\appdata\local\{569AD7BE-6DAB-47B3-B129-1D977BBB7E53} 2012-04-20 20:06:51 -------- d-----w- c:\users\ariya\appdata\local\{C08B9172-4AB6-4A95-A621-D03E7502090F} 2012-04-20 19:34:26 -------- d-----w- c:\users\ariya\appdata\local\{A74DC77F-54BC-438F-BE7D-93D5B3900F3F} 2012-04-20 19:34:14 -------- d-----w- c:\users\ariya\appdata\local\{C28B479A-8396-4916-B8B4-F9ADA39E395A} 2012-04-19 15:34:09 -------- d-----w- c:\users\ariya\appdata\local\{D0308067-965B-46F4-BA0D-CC1A3DA40FB8} 2012-04-19 15:33:50 -------- d-----w- c:\users\ariya\appdata\local\{C5A7D9E8-981D-487F-9250-D94B7D1502C4} 2012-04-19 03:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-04-18 17:58:47 -------- d-----w- c:\users\ariya\appdata\local\{A0ABF289-76DB-4E0B-A2A6-19F9417970CE} 2012-04-18 17:58:29 -------- d-----w- c:\users\ariya\appdata\local\{1B63D34E-4219-4BFB-BB44-0DA3E7E933AA} 2012-04-17 14:43:01 -------- d-----w- c:\users\ariya\appdata\local\{456F586D-91C4-4C1A-806B-3A7A3A500731} 2012-04-17 14:42:49 -------- d-----w- c:\users\ariya\appdata\local\{CAF030CE-56AA-4328-95CE-D52C9C6DAB84} 2012-04-16 19:45:52 -------- d-----w- c:\users\ariya\appdata\local\{88A16200-463C-491B-9555-258031D6D8BA} 2012-04-16 19:45:40 -------- d-----w- c:\users\ariya\appdata\local\{F20AF46B-BE86-4117-BD26-19746177E777} 2012-04-15 12:57:46 -------- d-----w- c:\users\ariya\appdata\local\{1E46989A-C42B-4F77-B3CE-79DEF9938711} 2012-04-15 12:57:34 -------- d-----w- c:\users\ariya\appdata\local\{AA34E097-F0B4-4284-BB29-476105E75659} 2012-04-14 22:23:16 -------- d-----w- c:\users\ariya\appdata\local\{EDCE1BC3-4CC5-4604-AA9C-0FD78BE9FAF3} 2012-04-14 22:23:03 -------- d-----w- c:\users\ariya\appdata\local\{2F91A007-1FDD-4AF1-8A8D-A6F6192F9090} 2012-04-14 15:06:33 -------- d-----w- c:\users\ariya\appdata\local\{FCB99D93-4400-477C-8388-3B1A9D7FF99B} 2012-04-14 15:06:17 -------- d-----w- c:\users\ariya\appdata\local\{870CB96D-E90D-4191-A60A-371F8148F302} 2012-04-14 13:32:27 -------- d-----w- c:\users\ariya\PwnXileHD 2012-04-14 13:13:03 -------- d-----w- c:\users\ariya\appdata\local\{F4EEC25A-F677-48EB-B626-41B3AA7F6DCD} 2012-04-14 13:12:47 -------- d-----w- c:\users\ariya\appdata\local\{8521045B-891C-4411-9181-586A8A98BE86} 2012-04-14 02:24:52 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} 2012-04-14 02:24:01 -------- d-----w- c:\windows\system32\appmgmt 2012-04-13 14:35:32 -------- d-----w- c:\users\ariya\appdata\local\{32DF2CE5-6084-4E98-99DE-053B980DEE38} 2012-04-13 14:35:18 -------- d-----w- c:\users\ariya\appdata\local\{E63597E5-3223-40B0-8813-45D87F152900} 2012-04-13 02:08:01 -------- d-----w- c:\users\ariya\appdata\local\{AD2E601A-39F3-41D4-95C2-961D92638936} 2012-04-13 02:07:25 -------- d-----w- c:\users\ariya\appdata\local\{16EE44AB-CDEB-4992-9C0E-6603B772CEC8} 2012-04-12 15:32:25 -------- d-----w- c:\users\ariya\appdata\local\{C1621D9B-8779-42A5-84D0-DCD73B5ECCA5} 2012-04-12 15:32:12 -------- d-----w- c:\users\ariya\appdata\local\{0BE73C1A-9967-4194-8749-C40D4A065E2C} 2012-04-11 16:19:32 -------- d-----w- c:\users\ariya\appdata\local\{B66D043C-424B-4944-A4C3-E53E04089935} 2012-04-11 16:19:21 -------- d-----w- c:\users\ariya\appdata\local\{F1ADB503-FE11-4800-85DC-D3E4A6A7567A} 2012-04-11 16:16:40 -------- d-----w- c:\users\ariya\appdata\local\{6BCD0C81-3CA1-42BD-A604-FE61ECCC1847} 2012-04-11 11:27:28 -------- d-----w- c:\users\ariya\appdata\local\{2E718E14-E385-4A4F-8891-C70E7B1C0F1A} 2012-04-11 11:27:16 -------- d-----w- c:\users\ariya\appdata\local\{E1C97042-D154-4714-BC12-1DCFF9175426} 2012-04-10 15:53:31 -------- d-----w- c:\users\ariya\appdata\local\{CF92AE4A-3664-4175-962E-B6851DAA943C} 2012-04-10 15:53:19 -------- d-----w- c:\users\ariya\appdata\local\{50C6711D-C833-4BC8-BFD3-F08F78D68399} 2012-04-10 15:51:35 -------- d-----w- c:\users\ariya\appdata\local\{18A88A12-3B04-4F07-BF0B-9DAE566468FB} 2012-04-10 15:51:23 -------- d-----w- c:\users\ariya\appdata\local\{F246B0BA-AE09-4B07-80F5-EFC52EAAB154} 2012-04-10 13:35:52 -------- d-----w- c:\users\ariya\appdata\local\{D9E9A2B9-C4A1-43CF-B3D3-3D732BFA9BBF} 2012-04-10 13:35:40 -------- d-----w- c:\users\ariya\appdata\local\{48B7DA48-C77E-4CFB-8900-D48338FBC17C} 2012-04-09 20:15:19 -------- d-----w- c:\users\ariya\appdata\local\{29EB0134-A781-4393-BF78-EBA9EFB03931} 2012-04-09 20:15:07 -------- d-----w- c:\users\ariya\appdata\local\{B40E6705-2ECA-4269-9719-F92F8FB55F0C} 2012-04-09 19:28:28 -------- d-----w- c:\users\ariya\appdata\local\{C68D5361-B5E5-4C81-9B69-C5057C97818F} 2012-04-09 19:28:14 -------- d-----w- c:\users\ariya\appdata\local\{84C66F07-8E17-48D8-9414-8AF4D571D93A} 2012-04-08 10:59:53 -------- d-----w- c:\users\ariya\appdata\local\{C33C9AD7-1DCD-44FA-9883-439C8141D83D} 2012-04-08 10:59:39 -------- d-----w- c:\users\ariya\appdata\local\{0E7AA9AB-9F0A-4597-8658-52D6491C8987} 2012-04-07 11:08:12 -------- d-----w- c:\users\ariya\appdata\local\{1F1EE7E5-3E28-4C0F-9B12-9C9D2867AE29} 2012-04-07 11:07:51 -------- d-----w- c:\users\ariya\appdata\local\{24E75807-D61A-4103-943A-A4739A687A9C} . ==================== Find3M ==================== . 2012-05-05 23:28:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-02 19:35:30 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-19 04:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-02-22 04:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys . ============= FINISH: 16:01:10.74 ===============
  5. DDS.txt This is my first time posting and hope that I can be helped. My son's laptop has been infected by SMART HDD. All of the files are hidden. I do not know if he deleted any temp files before asking me for help. I tried, RKill, TDS rootkiller, and tried to use MBAMvirus removal. I ran RKill about 10 times while leaving the "warnings" open as I kept running it. I followed all the directions. Also, should I have my son stop using the laptop to go online until SMART HDD is still on it? He plays WOW and I am assuming this is why he keeps getting adware...Is that safe to say? Thank you for your assistance! . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by FIXED at 12:27:43 on 2012-04-21 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.1571 [GMT -7:00] . AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\Windows\System32\GFNEXSrv.exe C:\windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\sysWOW64\svchost.exe -k netsvc C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\AVG\AVG10\avgnsa.exe C:\Program Files (x86)\AVG\AVG10\avgemca.exe C:\windows\system32\conhost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\SearchIndexer.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\ProgramData\RgWtsvfNRFiS.exe C:\windows\system32\igfxext.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\ProgramData\ct4yZIq59QHAej.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\wuauclt.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\SysWOW64\ping.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\SysWOW64\ping.exe C:\windows\system32\conhost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\DllHost.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.toshiba.com/g/ uDefault_Page_URL = hxxp://start.toshiba.com/g/ uInternet Settings,ProxyOverride = <local>;*.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [fdafebbfcbbecdct] "C:\ProgramData\fdafebbfcbbecdct.exe" mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe mRun: [RgWtsvfNRFiS.exe] C:\ProgramData\RgWtsvfNRFiS.exe dRun: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe dRun: [fdafebbfcbbecdct] "C:\ProgramData\fdafebbfcbbecdct.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll LSP: mswsock.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2EDDEF0C-9ABE-47C2-A4E7-23EF9B1ABB6B} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2EDDEF0C-9ABE-47C2-A4E7-23EF9B1ABB6B}\0556163656026202C4F66756 : DhcpNameServer = 192.168.7.254 TCP: Interfaces\{2EDDEF0C-9ABE-47C2-A4E7-23EF9B1ABB6B}\2375942554032313 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2EDDEF0C-9ABE-47C2-A4E7-23EF9B1ABB6B}\2375942554734393 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2EDDEF0C-9ABE-47C2-A4E7-23EF9B1ABB6B}\8686F6E6F62737 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10 TCP: Interfaces\{AEA65422-7736-4FA7-A989-0935EC6BCD79} : DhcpNameServer = 192.168.1.254 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll BHO-X64: Symantec NCO BHO - No File BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe mRun-x64: [RgWtsvfNRFiS.exe] C:\ProgramData\RgWtsvfNRFiS.exe Hosts: 94.63.147.16 www.google.com Hosts: 94.63.147.17 www.bing.com . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?] R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [?] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [2011-12-17 1156216] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111216.001\IDSviA64.sys [2011-12-17 488568] R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664] R2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe --> C:\Windows\System32\GFNEXSrv.exe [?] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008] R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2011-6-24 135608] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-6-24 126392] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688] R2 SPService;SPService;C:\windows\sysWOW64\svchost.exe -k netsvc --> C:\windows\sysWOW64\svchost.exe -k netsvc [?] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-24 2656280] R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-18 138360] R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?] R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-6-24 54136] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-8-18 7390560] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-24 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 253088] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-24 136176] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-04-19 02:32:56 -------- d--h--w- C:\TDSSKiller_Quarantine 2012-04-19 01:55:35 744590 ---ha-w- C:\windows\System32\PerfStringBackup.TMP 2012-04-17 01:18:12 220672 ---ha-w- C:\ProgramData\ct4yZIq59QHAej.exe 2012-04-17 01:06:00 -------- d--h--w- C:\Users\FIXED\AppData\Roaming\Tific 2012-04-17 01:05:48 -------- d--h--w- C:\Users\FIXED\AppData\Local\Symantec 2012-04-16 20:14:46 0 --sha-w- C:\windows\System32\dds_trash_log.cmd 2012-04-16 14:14:28 -------- d-----we C:\windows\system64 2012-04-16 14:10:00 300032 ---ha-w- C:\ProgramData\RgWtsvfNRFiS.exe 2012-04-16 14:07:59 86016 ---ha-w- C:\ProgramData\fdafebbfcbbecdct.exe 2012-04-16 07:27:38 20480 ---ha-w- C:\windows\svchost.exe 2012-04-14 13:59:46 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-04-14 13:59:45 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-04-14 13:59:45 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-04-12 13:13:18 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys 2012-04-12 13:13:17 81408 ----a-w- C:\windows\System32\imagehlp.dll 2012-04-12 13:13:17 5120 ----a-w- C:\windows\SysWow64\wmi.dll 2012-04-12 13:13:17 5120 ----a-w- C:\windows\System32\wmi.dll 2012-04-12 13:13:17 220672 ----a-w- C:\windows\System32\wintrust.dll 2012-04-12 13:13:17 172544 ----a-w- C:\windows\SysWow64\wintrust.dll 2012-04-12 13:13:17 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll 2012-04-08 15:47:19 -------- d--h--w- C:\Program Files (x86)\AT&T WorldNet Setup 2012-04-08 15:42:26 -------- d--h--w- C:\Sierra 2012-04-08 15:41:15 225280 ---h--w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll 2012-04-08 15:41:14 77824 ---ha-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2012-04-08 15:41:14 32768 ---h--w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2012-04-08 15:41:14 176128 ---h--w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2012-04-08 15:41:13 21840 ---hatw- C:\windows\SysWow64\SIntfNT.dll 2012-04-08 15:41:13 17212 ---hatw- C:\windows\SysWow64\SIntf32.dll 2012-04-08 15:41:13 12067 ---hatw- C:\windows\SysWow64\SIntf16.dll 2012-04-05 07:54:38 -------- d--h--w- C:\Program Files\iTunes 2012-04-05 07:54:38 -------- d--h--w- C:\Program Files\iPod 2012-04-05 07:54:38 -------- d--h--w- C:\Program Files (x86)\iTunes 2012-04-05 07:52:43 -------- d--h--w- C:\Program Files\Bonjour 2012-04-05 07:52:43 -------- d--h--w- C:\Program Files (x86)\Bonjour 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-04-05 07:50:31 159744 ---ha-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-04-05 03:36:15 -------- d--h--w- C:\Users\FIXED\AppData\Roaming\WildTangent 2012-04-05 03:33:21 -------- d--h--w- C:\Program Files (x86)\WildGames 2012-04-05 02:54:57 86528 ---ha-w- C:\windows\bnetunin.exe 2012-04-05 02:54:57 61440 ---ha-w- C:\windows\diabunin.exe 2012-04-05 02:54:52 -------- d--h--w- C:\Diablo 2012-04-03 22:19:33 912504 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\symefa64.sys 2012-04-03 22:19:33 744568 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\srtsp64.sys 2012-04-03 22:19:33 450680 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\symds64.sys 2012-04-03 22:19:33 40568 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\srtspx64.sys 2012-04-03 22:19:33 386168 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\symnets.sys 2012-04-03 22:19:33 171128 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\ironx64.sys 2012-04-03 22:19:24 -------- d-----w- C:\windows\System32\drivers\NISx64\1207010.003 2012-03-29 14:05:05 8741536 ---ha-w- C:\windows\SysWow64\FlashPlayerInstaller.exe 2012-03-29 13:56:14 418464 ---ha-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-03-28 00:40:39 -------- d--h--w- C:\Users\FIXED\AppData\Local\Apple Computer 2012-03-28 00:40:29 34152 ---ha-w- C:\windows\System32\drivers\GEARAspiWDM.sys 2012-03-28 00:40:29 126312 ---ha-w- C:\windows\System32\GEARAspi64.dll 2012-03-28 00:40:29 107368 ---ha-w- C:\windows\SysWow64\GEARAspi.dll 2012-03-28 00:40:03 -------- d--h--w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-03-28 00:38:46 -------- d--h--w- C:\Users\FIXED\AppData\Local\Apple . ==================== Find3M ==================== . 2012-04-14 04:00:52 70304 ---ha-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-04 22:56:40 24904 ---ha-w- C:\windows\System32\drivers\mbam.sys 2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys 2012-02-15 18:01:50 52736 ---ha-w- C:\windows\System32\drivers\usbaapl64.sys 2012-02-15 18:01:50 4547944 ---ha-w- C:\windows\System32\usbaaplrc.dll 2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll 2012-02-07 02:30:21 525544 ---ha-w- C:\windows\System32\deployJava1.dll 2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys 2012-01-25 06:38:39 77312 ----a-w- C:\windows\System32\rdpwsx.dll 2012-01-25 06:38:38 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll 2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe . ============= FINISH: 12:28:18.20 ===============
  6. I've been in front of computer screen many many hours in the past few days and I am in a state of confusion now. Wife computer just showed 47MB quarantined.... 2012-01-17 18:54:16 . 2012-01-17 18:54:16 2,182 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{D31B16D3-CD08-49D8-996C-C356FE810848}.reg.dat 2012-01-17 18:54:03 . 2012-01-17 18:54:03 638 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-QuickTime Task.reg.dat 2012-01-17 18:54:02 . 2012-01-17 18:54:02 700 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-InstallIQUpdater.reg.dat 2012-01-17 18:54:02 . 2012-01-17 18:54:02 756 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-chromium.reg.dat 2012-01-17 18:54:02 . 2012-01-17 18:54:02 766 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Akamai NetSession Interface.reg.dat 2012-01-17 18:40:24 . 2012-01-17 18:40:24 13,692 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2012-01-17 18:34:02 . 2012-01-17 18:34:02 51 ----a-w- C:\Qoobox\Quarantine\catchme.log 2012-01-12 22:03:57 . 2008-08-01 22:44:50 10,730 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\hol_ball_crd_fh_4p_inside_a_lo_res.jpg.vir 2010-12-13 16:12:33 . 2010-12-13 16:12:33 1,454 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\setup.ini.vir 2010-12-13 16:12:32 . 2009-09-30 23:45:42 492,629 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\miniavi.avg.vir 2010-12-13 16:12:32 . 2010-01-19 23:43:47 142,495 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\microavi.avg.vir 2010-12-13 16:12:24 . 2009-07-26 01:28:34 6,061,540 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\avi7.avg.vir 2010-12-13 16:12:24 . 2010-10-12 05:31:28 431,944 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\setup.exe.vir 2010-12-13 16:12:24 . 2010-10-06 15:24:24 285,024 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\avgntdumpx.exe.vir 2010-12-13 16:12:24 . 2010-09-24 18:40:54 237,408 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\avgrunasx.exe.vir 2010-12-13 16:12:24 . 2010-10-21 00:40:42 3,156,320 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\avgmfapx.exe.vir 2010-12-13 16:12:24 . 2010-05-11 14:35:32 865,280 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\htmlayout.dll.vir 2010-12-13 16:12:24 . 2010-10-21 00:40:43 675,168 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\avgmfarx.dll.vir 2010-12-13 16:12:23 . 2010-10-21 03:56:29 62 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfavera.txt.vir 2010-12-13 16:12:23 . 2010-10-21 03:56:29 62 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfaverx.txt.vir 2010-12-13 16:12:23 . 2010-12-13 16:12:48 668 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfaconf.txt.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 121,658 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfazt.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 125,928 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfaus.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 121,250 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfazh.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 138,023 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfasp.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 135,392 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfatr.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 181,616 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfaru.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 134,545 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfasc.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 138,909 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfask.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 137,417 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfapl.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 138,345 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfapt.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 135,659 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfanl.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 134,955 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfapb.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 130,818 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfams.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 142,352 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfako.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 154,630 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfajp.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 139,104 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfait.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 138,275 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfahu.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 129,351 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfaid.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 125,932 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfain.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 141,783 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfage.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 142,121 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfafr.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 130,169 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfada.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 138,735 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfaes.lns.vir 2010-12-13 16:12:23 . 2010-10-21 00:27:09 132,594 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfacz.lns.vir 2010-12-13 16:12:23 . 2010-09-14 07:48:20 22,462 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_zt.htm.vir 2010-12-13 16:12:23 . 2010-09-14 07:48:20 21,970 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_zh.htm.vir 2010-12-13 16:12:23 . 2010-09-13 06:34:34 26,118 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_us.htm.vir 2010-12-13 16:12:23 . 2010-09-14 07:48:20 32,355 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_tr.htm.vir 2010-12-13 16:12:23 . 2010-09-13 06:34:34 30,997 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_sp.htm.vir 2010-12-13 16:12:23 . 2010-09-13 06:34:34 37,302 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_sk.htm.vir 2010-12-13 16:12:23 . 2010-09-13 06:34:34 53,177 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_ru.htm.vir 2010-12-13 16:12:23 . 2010-09-13 06:34:34 27,604 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_sc.htm.vir 2010-12-13 16:12:23 . 2010-09-13 06:34:34 33,353 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_pt.htm.vir 2010-12-13 16:12:22 . 2010-09-13 06:34:34 31,512 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_pl.htm.vir 2010-12-13 16:12:22 . 2010-09-13 06:34:34 29,766 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_nl.htm.vir 2010-12-13 16:12:22 . 2010-09-13 06:34:34 33,146 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_pb.htm.vir 2010-12-13 16:12:22 . 2010-09-14 07:48:20 29,245 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_ms.htm.vir 2010-12-13 16:12:22 . 2010-09-14 07:48:20 32,601 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_jp.htm.vir 2010-12-13 16:12:22 . 2010-09-14 07:48:20 28,458 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_ko.htm.vir 2010-12-13 16:12:22 . 2010-09-13 06:34:34 31,500 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_it.htm.vir 2010-12-13 16:12:22 . 2010-09-13 06:34:34 26,118 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_in.htm.vir 2010-12-13 16:12:22 . 2010-09-14 07:48:20 29,375 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_id.htm.vir 2010-12-13 16:12:22 . 2010-09-13 06:34:34 42,572 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_hu.htm.vir 2010-12-13 16:12:22 . 2010-09-13 06:34:34 30,196 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_ge.htm.vir 2010-12-13 16:12:22 . 2010-09-13 06:34:34 34,309 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_fr.htm.vir 2010-12-13 16:12:22 . 2010-09-13 06:34:34 31,241 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_es.htm.vir 2010-12-13 16:12:22 . 2010-09-17 09:05:40 28,062 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_cz.htm.vir 2010-12-13 16:12:22 . 2010-09-13 06:34:34 29,994 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_da.htm.vir 2006-10-19 03:47:22 . 2006-10-19 03:47:22 2,450,944 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7B.tmp.vir 2006-10-19 03:47:20 . 2006-10-19 03:47:20 937,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET74.tmp.vir 2006-10-19 03:47:18 . 2006-10-19 03:47:18 757,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6D.tmp.vir 2006-10-19 03:47:18 . 2006-10-19 03:47:18 222,208 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6F.tmp.vir 2006-10-19 03:47:18 . 2006-10-19 03:47:18 37,376 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET86.tmp.vir 2006-10-19 03:47:16 . 2006-10-19 03:47:16 321,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET84.tmp.vir 2006-10-19 03:47:16 . 2006-10-19 03:47:16 175,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET89.tmp.vir From what I can tell it looks like "they" are using my computer to edit jpg files and WHOKNOWZ what else. Some kind of "shim engine" to work on a tablet with arabic & european form shape setting. GPO being edited remotely and remote request lines to upload NT AUTHORITY user profile into cach...but noted it would take long time.. the netmsg.dll strings has 4 "system not secure" messages then a help paragraph to go to the netlogon.log to get the 2 identities and ip. Also references the file location for netlogon.bak. Well the log was empty and I went to the registry to find the bak file and increase the log size parameters and I could not edit the registry even though I am logged in as Administrator...plus there was no bak entry in the registry or it had been deleted. I am posting from chromeboook and I do not want to hook up computer to internet. I need opinions on how to proceed.
  7. Hello everyone! I'm new to this site but I have a problem with this malware. Ill give the details of what I know that has been happening so far and any help is greatly appreciated. When in internet exploer or google chrome, I use google search and click on a link it brings me to a malicious website on the first try and when I back out and click on link again it takes me to the site. Also my msn hotmail was recently hacked and was sending out random emails with links in it, I managed to get my email account back but worried about key logging. I ran avast anti malware and I heard great things about malwarebytes, so I downloaded that but the problem still persists.
  8. so i turned my computer on and started updating my anti virus and it failed repeatedly was going on about a internet connection which i had access i was able to browse the web. so i checked another computer in the house which has windows xp and same issue. malwarebytes pro on both computers and they updated fine anyway i went into the modem and rebooted it and the issue is working but does anyone have an idea WHY it started doing this or the cause maybe and why rebooting the modem helped because it was working fine last night
  9. Hi everyone, I have been struggling to get rid of a virus that seems to be affecting my internet as well as the speed of my computer. I ran a malware quick scan and got 2 hits. trojan.agent file C:\Windows\svchost.exe trojan.agent memory process c:\Windows\svchost.exe 5876 I tried to ask malware to remove it but it was unsuccessful so I followd the next step and here is what the dds and attach files are. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Chelsea at 11:19:44 on 2012-03-03 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8180.5651 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\AESTSr64.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files\Alienware\Command Center\AlienFusionService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Bonjour\mDNSResponder.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\OSD\OSD_Service.exe C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files (x86)\AlienRespawn\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\AlienRespawn\Toaster.exe C:\Windows\system32\UI0Detect.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Alienware\Command Center\AlienFusionController.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Chelsea\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Users\Chelsea\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Windows Media Player\wmpnetwk.exe c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\OSD\OSD.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\mcafee.com\agent\mcagent.exe C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe C:\Windows\system32\conhost.exe C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskmgr.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\wuauclt.exe -netsvcs C:\Windows\system32\conhost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.alienware.com/ uDefault_Page_URL = hxxp://www.alienware.com/ uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421; mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120302065857.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [Akamai NetSession Interface] "C:\Users\Chelsea\AppData\Local\Akamai\netsession_win.exe" uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe mRun: [FAStartup] mRun: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch_OSD.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun: [integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2 mRun: [<NO NAME>] mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D}\24142524 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D}\35F646F6D697 : DhcpNameServer = 10.0.0.99 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D}\751405021343 : DhcpNameServer = 63.162.197.99 71.2.28.14 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D}\96E63796768647F577966696F503939323 : DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D}\C4F66756548707C6F63796F6E6 : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{5639D2F7-0991-42DC-BFAA-33D114249D8D}\E4544574541425 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{897C26D5-C169-4C0C-8F17-92C39A4BAD81} : DhcpNameServer = 192.168.0.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll LSA: Notification Packages = scecli FAPassSync BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120302065857.dll BHO-X64: scriptproxy - No File BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll BHO-X64: SSOIEAddonBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe mRun-x64: [FAStartup] mRun-x64: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch_OSD.exe mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun-x64: [integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2 mRun-x64: [(Default)] mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce-x64: [Launcher] C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ============= SERVICES / DRIVERS =============== . R0 ioatdma;Intel® QuickData Technology device;C:\Windows\system32\Drivers\ioatdma.sys --> C:\Windows\system32\Drivers\ioatdma.sys [?] R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?] S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?] S3 IAMTVE;Driver for Intel® Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTVE.sys --> C:\Windows\system32\DRIVERS\IAMTVE.sys [?] S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;C:\Windows\system32\DRIVERS\IAMTXPE.sys --> C:\Windows\system32\DRIVERS\IAMTXPE.sys [?] S3 ioatdma1;ioatdma1;C:\Windows\system32\Drivers\qd162x64.sys --> C:\Windows\system32\Drivers\qd162x64.sys [?] . =============== Created Last 30 ================ . 2012-03-03 16:03:57 20480 ----a-w- C:\Windows\svchost.exe 2012-03-03 15:49:50 -------- d-----w- C:\Users\Chelsea\AppData\Roaming\Malwarebytes 2012-03-03 15:49:04 -------- d-----w- C:\ProgramData\Malwarebytes 2012-03-03 15:48:56 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-03 15:48:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-02 11:59:13 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-03-02 11:59:12 1572864 ----a-w- C:\Windows\System32\quartz.dll 2012-03-02 11:59:07 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-03-02 11:59:06 460296 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-03-02 11:59:06 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-03-02 11:59:06 1446912 ----a-w- C:\Windows\System32\lsasrv.dll 2012-03-02 11:59:05 314368 ----a-w- C:\Windows\SysWow64\webio.dll 2012-03-02 11:59:04 395776 ----a-w- C:\Windows\System32\webio.dll 2012-03-02 11:59:04 136192 ----a-w- C:\Windows\System32\sspicli.dll 2012-03-02 11:59:03 28160 ----a-w- C:\Windows\System32\secur32.dll 2012-03-02 11:59:03 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-03-02 11:58:57 28760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll 2012-03-02 11:56:35 1739160 ----a-w- C:\Windows\System32\ntdll.dll 2012-03-02 11:56:33 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-03-02 02:05:09 -------- d-----w- C:\Program Files\WiseFixer 2012-03-02 01:04:10 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-03-02 01:04:10 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-02-04 16:33:40 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-02-04 16:33:38 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-02-04 16:30:18 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-02-04 16:30:18 224768 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-02-04 16:30:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-02-04 16:30:17 31232 ----a-w- C:\Windows\System32\lsass.exe 2012-02-04 16:30:17 28672 ----a-w- C:\Windows\System32\sspisrv.dll . ==================== Find3M ==================== . . ============= FINISH: 11:22:49.30 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 3/1/2011 6:36:55 PM System Uptime: 3/3/2012 11:02:27 AM (0 hours ago) . Motherboard: Alienware | | Processor: Intel® Core i7 CPU Q 740 @ 1.73GHz | CPU 1 | 1730/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 917 GiB total, 816.404 GiB free. D: is CDROM () Y: is FIXED (NTFS) - 15 GiB total, 8.199 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: facap, FastAccess Video Capture Device ID: ROOT\IMAGE\0000 Manufacturer: Sensible Vision Name: facap, FastAccess Video Capture PNP Device ID: ROOT\IMAGE\0000 Service: FACAP . ==== System Restore Points =================== . RP70: 1/25/2012 7:39:06 PM - Windows Modules Installer RP71: 1/25/2012 7:39:55 PM - Windows Modules Installer RP72: 2/4/2012 12:08:34 PM - Windows Update RP73: 2/27/2012 7:37:18 AM - Windows Update RP74: 3/1/2012 7:38:54 PM - Windows Update RP75: 3/2/2012 6:52:23 AM - Windows Update RP76: 3/3/2012 8:05:04 AM - Windows Update . ==== Installed Programs ====================== . µTorrent Accelerometer Add or Remove Adobe Creative Suite 3 Production Premium Adobe After Effects CS3 Adobe After Effects CS3 Presets Adobe After Effects CS3 Template Projects & Footage Adobe After Effects CS3 Third Party Content Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Creative Suite 3 Production Premium Adobe Default Language CS3 Adobe Device Central CS3 Adobe Encore CS3 Adobe Encore CS3 Codecs Adobe Encore CS3 Library Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash CS3 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Flash Video Encoder Adobe Fonts All Adobe Glyphlet Creation Tool CS3 Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Premiere Pro CS3 Adobe Premiere Pro CS3 Functional Content Adobe Premiere Pro CS3 Third Party Content Adobe Reader 9.1.2 Adobe Setup Adobe Soundbooth CS3 Adobe Soundbooth CS3 Codecs Adobe Soundbooth CS3 Scores Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Video Profiles Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP DVA Panels CS3 Adobe XMP Panels CS3 Advanced Audio FX Engine AHV content for Acrobat and Flash AIM 7 Akamai NetSession Interface Akamai NetSession Interface Service AlienRespawn AlienRespawn - Support Software Apple Application Support Apple Software Update Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Command Center CyberLink PowerDVD 9.5 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell InHome Service Agreement DirectX 9 Runtime Download Updater (AOL LLC) Integrated Webcam Live! Central Intel® Control Center Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 22 LoJack Factory Installer Malwarebytes Anti-Malware version 1.60.1.1000 McAfee SecurityCenter Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) OSD Setup PDF Settings PhotoShowExpress QuickTime Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Skype Toolbars Skype™ 5.3 Sonic CinePlayer Decoder Pack Spybot - Search & Destroy Steam Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) . ==== Event Viewer Messages From Past Week ======== . 3/2/2012 7:11:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2640148). 3/2/2012 7:02:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2660075). 3/2/2012 6:58:21 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2660465). 3/2/2012 6:58:00 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2645640). 3/2/2012 6:57:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2654428). 3/2/2012 6:57:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2633879). 3/2/2012 6:57:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2647516). 3/2/2012 6:51:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 for x64-based Systems (KB2632503). 3/2/2012 6:51:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2644615). 3/2/2012 6:51:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2631813). 3/2/2012 6:51:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2585542). 3/2/2012 6:51:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2656355). 3/2/2012 6:48:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Alienware Fusion Service service to connect. 3/2/2012 6:48:23 AM, Error: Service Control Manager [7000] - The Alienware Fusion Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/1/2012 10:30:39 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. . ==== End Of File =========================== Please help!! My computer is only 1 years old and should not be so slow and sad. Thank you soo much in advance!!
  10. Help Please ! This has been going on for weeks . I always make sure to leave my laptop on scanning while I go to sleep just to feel safe and to see if I have any viruses or if I got infected. I Always have to wake up to MBAM PRO Still scanning Sometimes I just let it scan even after I wake up but it gets to 18+ hours and only has scanned 180thousand files (That's the farthest I got) This is ridiculous. I need to fully check my computer with it not taking 2 days or even a week to fully scan it . I yet have not been able to scan my whole computer . I am running on Win.7 , 2009 Toshiba , Intel® Celeron® CPU 900@ 2.20GHz 2.19GHZ , 2.00 GB RAM and a 32-bit .. This isn't good but not the worst specs either . I have a older PC with same GB and don't know what else but have A LOT more file than my laptop and the scan on that takes 1hour 30mins Max .. It does have a PRO MBAM Licence and so does this laptop and I can't even finish the scan . My computer keeps getting worse its gotten Soo much slower it freezes on me It takes 15-20mins just to boot up . It crazy I'm pretty sure I am infected and their is nothing I can do about it because I am not able to scan my computer daily . I have MBAM PRO I don't understand why this is happening its supposed to be better and faster and it is on my other computer witch again like I said its older and has more files but on this one I can't even have a successful and complete full pc scan. I really need help with this . It is now serious I am infected and can't do nothing about it I need someone to help me as soon as possible because I don't think my PC would be able to take it any longer ... If anyone would like to help me through MSN Leave your email in your post or just PM me . Or if anyone wants to just post ways I can get this fixed on the thread that will be great . I just need any type of help * I will stay on this forum so I am active* Thanks in advance , I really appreciate it !
  11. Hello, this is my first post Ok, the Malwarebytes trial won't end. (gladly). It normally counted down in the beginning until 0. It stayed at 0 for about 3 days and went back up to 13 days left. It's acting like WinRAR and is stuck on 13 days, won't go down. Why is this? I am using 1.6. This is good! Ha ha. I downloaded it because someone was using a RAT to access my computer. I just want to hear your thoughts!
  12. Hello, I recently have been infected with the isearch.whitesmoke virus and I really need help removing it. I had IE, Google Chrome, and Firefox and all three of them had their homepages switched to isearch.whitesmoke. I have tried changing the homepages, but it just reverts back to the whitesmoke browser. I have tried uninstalling and reinstalling Chrome and so far it does not seem to be switching back to whitesmoke; however I am pretty sure my system is still infected with whitesmoke because my IE still has it as its browser. I have also run a quick scan with the Malwarebytes Anti-Malware program and nothing appeared. I have also run a quick and full scan with Microsoft Security Essentials and again nothing shows up. So if someone could walk me through on how to remove this isearch.whitesmoke virus, I would greatly apreciate it!
  13. Can we catch these hackers? Am I crazy? Any chance of repair? . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Administrator at 17:13:07 on 2012-01-17 AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: AVG Firewall *Disabled* . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.dell.com BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\16.0.912.75\npchrome_frame.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [spybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck /autofix /autoclose dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\privoxy.lnk - c:\program files\privoxy\privoxy.exe mPolicies-explorer: NoWelcomeScreen = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\npjpi150_06.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL LSP: c:\windows\system32\biolsp.dll DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.08/uploader2.cab DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/55.16/uploader2.cab DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://aaserver/ConnectComputer/nshelp.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219157540244 DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxp://aaserver/tsweb/msrdp.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\16.0.912.75\npchrome_frame.dll Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 wvauth . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2012-01-17 18:57:29 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eab44dbb-68a8-4746-bc08-3e95153efbfb}\offreg.dll 2012-01-17 18:57:23 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eab44dbb-68a8-4746-bc08-3e95153efbfb}\mpengine.dll 2012-01-17 18:36:33 -------- d-sha-r- C:\cmdcons 2012-01-17 18:34:14 98816 ----a-w- c:\windows\sed.exe 2012-01-17 18:34:14 518144 ----a-w- c:\windows\SWREG.exe 2012-01-17 18:34:14 256000 ----a-w- c:\windows\PEV.exe 2012-01-17 18:34:14 208896 ----a-w- c:\windows\MBR.exe 2012-01-17 09:10:20 -------- d-----w- C:\bd_logs 2012-01-17 02:07:41 98224 ----a-w- c:\windows\system32\drivers\05562270.sys 2012-01-16 23:13:38 18432 ----a-w- c:\windows\system32\drivers\TClass2k.sys 2012-01-16 23:13:37 14848 ----a-w- c:\windows\system32\drivers\UCTblHid.sys 2012-01-16 05:06:07 -------- d-----w- c:\documents and settings\administrator\SecurityScans 2012-01-16 04:26:58 -------- d--h--w- c:\windows\$hf_mig$ 2012-01-16 02:15:34 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE 2012-01-16 02:08:25 98224 ----a-w- c:\windows\system32\drivers\46067842.sys 2012-01-15 10:36:31 98224 ----a-w- c:\windows\system32\drivers\41550288.sys 2012-01-15 10:27:06 -------- d-----w- C:\TDSSKiller_Quarantine 2012-01-15 10:09:34 54016 ----a-w- c:\windows\system32\drivers\uwco.sys 2012-01-15 09:24:33 98224 ----a-w- c:\windows\system32\drivers\44765034.sys 2012-01-15 09:18:33 2864 ----a-w- c:\windows\ctrl2cap.nt4.sys 2012-01-15 09:18:33 2832 ----a-w- c:\windows\ctrl2cap.nt5.sys 2012-01-15 09:18:33 10104 ----a-w- c:\windows\ctrl2cap.amd.sys 2012-01-15 09:18:26 6098944 ----a-w- c:\windows\dd-wrt.v24_mega_atheros_generic.bin 2012-01-15 09:18:26 3760160 ----a-w- c:\windows\dd-wrt.v24_std_wrt600n.bin 2012-01-15 09:18:26 3760128 ----a-w- c:\windows\dd-wrt.v24_std_generic.bin 2012-01-15 09:18:26 3698688 ----a-w- c:\windows\dd-wrt.v24_vpn_generic.bin 2012-01-15 09:18:25 3477562 ----a-w- c:\windows\f5d8231-4 v2000 ww v2.01.27.bin 2012-01-15 09:14:26 118132 ----a-w- c:\windows\580009.kmz 2012-01-15 09:14:06 3739423 ----a-w- c:\windows\f5d8232-4 ww v1.00.15.bin 2012-01-15 09:14:06 2675587 ----a-w- c:\windows\f5d8232-4 ww v2.00.04.bin 2012-01-15 09:12:20 2133 ----a-w- c:\windows\WatsonAlertHelp.htm 2012-01-15 09:12:01 5078 ----a-w- c:\windows\imagedata_rotate.pmp 2012-01-15 09:07:05 24 ----a-w- c:\windows\JobRecs.bin 2012-01-15 09:07:05 1848 ----a-w- c:\windows\FaxRecs.bin 2012-01-15 09:06:27 67584 ----a-w- c:\windows\swadcmpr.x32 2012-01-15 09:06:27 40960 ----a-w- c:\windows\Sound Control.x32 2012-01-15 09:05:14 58700 ----a-w- c:\windows\UserCache.bin 2012-01-15 09:00:48 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes 2012-01-15 09:00:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-01-15 09:00:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-15 09:00:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-15 08:47:02 -------- d-----w- c:\documents and settings\administrator\local settings\application data\PCHealth 2012-01-15 08:20:32 8192 ----a-w- c:\windows\system32\wshirda.dll 2012-01-15 08:20:32 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll 2012-01-15 08:20:32 28160 ----a-w- c:\windows\system32\irmon.dll 2012-01-15 08:20:32 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll 2012-01-15 08:20:31 151552 ----a-w- c:\windows\system32\irftp.exe 2012-01-15 08:20:31 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe 2012-01-15 05:34:33 49265 ----a-w- c:\windows\system32\jpicpl32.cpl 2012-01-12 22:19:46 13114 ----a-w- c:\windows\khTemp_45.kmz 2012-01-07 05:24:44 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-01-07 05:24:44 -------- d-----w- c:\windows\system32\wbem\Repository 2012-01-04 14:34:02 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp 2011-12-23 01:39:38 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2 . ==================== Find3M ==================== . 2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec 2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe . ============= FINISH: 17:13:40.54 =============== attach.zip
  14. I have a google redirect problem: Mydomainadvisor DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.11 Run by User at 2:18:31 on 2012-01-12 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3325.1982 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\acs.exe svchost.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe svchost.exe C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll mURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.22\AVG Secure Search_toolbar.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.22\AVG Secure Search_toolbar.dll TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [steam] "c:\program files\steam\Steam.exe" -silent uRun: [Facebook Update] "c:\documents and settings\user\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [bCU] "c:\program files\devicevm\browser configuration utility\BCU.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\user\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\user\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100\WNDA3100.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{41AA0B29-36CE-43F4-8FA1-5E5C07DAB864} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32592] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-8 64512] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2011-8-5 219360] R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2011-8-5 68136] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-3 652872] R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacomd\x86\novacomd.exe [2011-6-24 61440] R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-19 869216] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720] R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2011-10-24 61096] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-3 20464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-8-5 1684736] S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2009-5-5 632576] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wnda3100\jswpsapi.exe [2008-2-27 360547] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-01-11 23:10:26 -------- d-----w- c:\program files\Ventrilo 2012-01-11 23:10:05 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2011-12-25 03:20:03 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2011-12-25 03:18:14 -------- d-----w- c:\documents and settings\user\application data\Jason Robitaille 2011-12-25 03:17:36 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll 2011-12-25 03:17:36 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2011-12-25 03:17:34 -------- d-----w- c:\program files\Palm, Inc 2011-12-25 03:16:45 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-12-25 03:16:45 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-12-20 01:42:11 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search . ==================== Find3M ==================== . 2012-01-10 20:14:08 17488 ----a-w- c:\windows\gdrv.sys 2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-08 20:41:55 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-11-08 20:41:55 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-11-03 17:06:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-10-25 01:18:26 61096 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys . ============= FINISH: 2:19:02.83 =============== attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.